Cracks in the wall. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 30 August 2025

⏱️ 15 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

This week, we are joined by Jamie Levy, Director of Adversary Tactics at Huntress, who is discussing their work on "Active Exploitation of SonicWall VPNs." Huntress has released an urgent threat advisory on active exploitation of SonicWall VPNs, with attackers bypassing MFA, pivoting to domain controllers, and ultimately deploying Akira ransomware. The campaigns involve techniques such as disabling defenses, clearing logs, credential theft, and Bring Your Own Vulnerable Driver (BYOVD) attacks with legitimate Windows drivers. Organizations using SonicWall devices are strongly advised to disable SSL VPN access or restrict it via IP allow-listing, rotate credentials, and hunt for indicators of compromise as this remains an ongoing and evolving threat. Complete our annual ⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠ before August 31. The research can be found here: Huntress Threat Advisory: Active Exploitation of SonicWall VPNs Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:10.1	At TALIS, they know cybersecurity can be tough and you can't protect everything,
0:17.6	but with TALIS, you can secure what matters most.
0:23.2	With TALIS's industry-leading platforms, you can protect critical applications, data, and identities, anywhere and at scale with the highest
0:29.7	ROI. That's why the most trusted brands and largest banks, retailers, and healthcare companies in the
0:36.1	world rely on Talis to protect what matters most. Applications, retailers, and healthcare companies in the world rely on Talis to protect what matters most.
0:40.0	Applications, data, and identity.
0:42.6	That's Talis.
0:44.0	T-H-A-L-E-S.
0:45.8	Learn more at Talisgroup.com slash cyber.
0:50.0	Thank you. Hello, everyone, and welcome to the Cyberwires Research Saturday. I'm Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down the threats and vulnerabilities,
1:14.3	solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.
1:20.1	Thanks for joining us.
1:26.5	So we started to notice that there was an uptick and incidents that involved Sonic Wallet devices.
1:33.3	It actually started probably like a week or so before Arctic Wolf came out with their research.
1:41.3	That's Jamie Levy, Director of Advers of adversary tactics at Huntress. The research we're
1:47.1	discussing today is titled Active Exploitation of Sonic Wall VPNs. So as we started to notice that we had more and more incidents, we started to dig into it,
2:04.3	and then we saw their research come out, and then we realized that, yes, it was probably a part of
2:08.9	what was going on there. Yeah, it's funny how that can happen sometimes, right? Somebody is
2:14.4	independently on the same path, and you might not know it at the time.
2:18.3	Correct.
2:19.5	Yeah.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.