- A threat actor used a vulnerability corrected in Sonicwall software
- The group is followed as UNC6148
- This allowed UNC6148 to potentially steal identification information and deploy ransomware
An actor of a threat to financial motivation, followed by the Google threats on the threats of the threats as aC6148, was observed targeting the devices of the end -of -life end -of -life series.
These attacks, determines Google with “great confidence”, use identification information and punctual password seeds (OTP) which were obtained through previous instructions, which allowed them to react even after the organizations updated their safety.
A vulnerability of zero-day remote code execution, says that Google says with “moderate confidence”, has been used to deploy an over-time on targeted Sonicwall SMA devices. The threat information group “also assesses with moderate confidence that the operations of the UNC6148, dating from at least October 2024, may be to allow data flight and extortion operations, and possibly a deployment of ransomware”.
UNC6148
The steep door rootkit / in previously unknown user mode, was deployed by the actor. This malware changes the device to start the device to allow persistent access, steal sensitive identification information, then hide its own components;
“An organization targeted by UNC6148 in May 2025 was published on the” World Leaks “data leak site (DLS) in June 2025, and UNC6148 activity overlaps with the publicly reported exploitation of Sonicwall at the end of 2023 and at the beginning of 2024 which was publicly linked to the deployment of Google Ransomware.
Earlier in 2025, sonicwall firewalls were affected by a disturbing cyber attack, in which vulnerability was exploited by threat actors to access the target termination criteria, interfere with the VPN and further disturb the target.
These attacks highlight the importance of updating software as soon as the fixes become available. Organizations that do not keep the system updates can be left vulnerable to known exploits. If it is too intimidating a task, take a look at our choices for the best correction management software for a helping hand.
