At least 30 intrusions involving the exploitation of the critical SonicWall SSL VPN access control bug, tracked as CVE-2024-40766, have been conducted by the Akira and Fog ransomware gangs against several industries since August, with the former responsible for 75% of the incidents, reports BleepingComputer.
Most of the attacks — which share the same infrastructure, indicating the groups' continued partnership after exploiting a critical Veeam backup flaw — took nearly 10 hours from initial compromise to data encryption, while many involved the utilization of VPN/VPS for endpoint access, according to an analysis from Arctic Wolf, which also showed the absence of multi-factor authentication on the breached SSL VPN accounts. Additional findings revealed that virtual machines and backups were primarily subjected to the groups' rapid encryption attacks, which targeted documents and proprietary software but not files or sensitive documents that were older than six months or 30 months, respectively.
