Tag: CVE-2024-40766

4 Attack Reports | 1 Vulnerabilities

Attack reports

Update on Ongoing Akira Ransomware Campaign

The Akira ransomware campaign targeting SonicWall SSL VPN accounts has intensified since July 2025, with new infrastructure observed as recently as September 20. Threat actors are exploiting previously exfiltrated credentials, including those with OTP MFA, likely related to CVE-2024-40766. The atta…
ransomware
credential theft
akira
CVE-2024-40766
CVE-2023-20269
CVE-2020-3259
sonicwall
ssl vpn
2025-09-27
infrastructure rotation
Published: September 27, 2025
Downloadable IOCs: 0

Unmasking Akira: The ransomware tactics you can't afford to ignore

The Akira ransomware group has been targeting UK businesses since 2023, primarily affecting retail, finance, manufacturing, and medical sectors. Their tactics include exploiting SSL VPNs, using double extortion, and focusing on financial gain. Key observations from 2023-2025 include initial access …
ransomware
encryption
credential theft
data exfiltration
akira
CVE-2023-27532
CVE-2024-40766
CVE-2024-40711
double extortion
CVE-2023-20269
2025-09-22
backup destruction
Published: September 22, 2025
Downloadable IOCs: 0

Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN

Since early August, there has been a significant increase in Fog and Akira ransomware intrusions targeting SonicWall SSL VPN users across various industries. The attacks appear opportunistic rather than targeting specific sectors. All affected devices lacked patches for CVE-2024-40766. Initial acce…
ransomware
vpn
data exfiltration
akira
CVE-2024-40766
2024-10-24
sonicwall
initial access
fog
Published: October 24, 2024
Linked vulnerabilities : CVE-2024-40766 (CVSS 9.8)
Downloadable IOCs: 16

Akira ransomware continues to evolve

Akira ransomware has established itself as a prominent threat, constantly evolving its tactics. Initially employing double-extortion, it shifted focus to data exfiltration in early 2024. The group developed a Rust variant of their ESXi encryptor, moving away from C++. Recently, Akira has returned t…
linux
ransomware
windows
rust
CVE-2024-37085
vulnerability exploitation
akira
CVE-2023-27532
esxi
CVE-2024-40766
CVE-2023-48788
double-extortion
CVE-2024-40711
CVE-2023-20269
2024-10-22
CVE-2020-3259
CVE-2023-20263
chacha8
megazord
Published: October 22, 2024
Linked vulnerabilities : CVE-2024-37085 (CVSS 6.8), CVE-2024-40766 (CVSS 9.8), CVE-2024-40711 (CVSS 9.8), CVE-2023-27532, CVE-2023-20269, CVE-2020-3259, CVE-2023-48788, CVE-2023-20263
Downloadable IOCs: 37
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-40766

9.8
    Sonicwall
  • Sonicos
  • Soho
  • Nssp 12400
  • Nssp 12800
  • Sm9800
  • Nsa 2650
  • Nsa 3600
  • Nsa 3650
  • Nsa 4600
  • Nsa 4650
  • Nsa 5600
  • Nsa 5650
  • Nsa 6600
  • Nsa 6650
  • Sm 9200
  • Sm 9250
  • Sm 9400
  • Sm 9450
  • Sm 9600
  • Sm 9650
  • Soho 250
  • Soho 250w
  • Sohow
  • Tz 300
  • Tz 300p
  • Tz 300w
  • Tz 350
  • Tz 350w
  • Tz 400
  • Tz 400w
  • Tz 500
  • Tz 500w
  • Tz 600
  • Tz 600p
  • Nsa 2700
  • Nsa 3700
  • Nsa 4700
  • Nsa 5700
  • Nsa 6700
  • Nssp 10700
  • Nssp 11700
  • Nssp 13700
  • Tz270
  • Tz270w
  • Tz370
  • Tz370w
  • Tz470
  • Tz470w
  • Tz570
  • Tz570p
  • Tz570w
  • Tz670
Published: August 23, 2024
Click here to see more Vulnerabilities