SonicWall’s end-of-life SMA 100 series appliances are again on the front line after investigators unearthed a covert campaign that couples a suspected zero-day remote-code-execution flaw with a sophisticated backdoor called OVERSTEP.
The operation, attributed to the financially motivated group UNC6148, first steals administrator credentials and one-time-password seeds, then pivots to full device compromise before exfiltrating data and preparing for ransomware deployment.
https://cybersecuritynews.com/sonicwall ... nerability