The DefendOps DiariesSep 23, 2025

SonicWall SMA 100 devices are under threat from a stealthy malware that clings even after updates, stealing sensitive credentials. Could your network be at risk? Dive into this unfolding security saga.

https://thedefendopsdiaries.com/the-persistent-threat-of-overstep-malware-on-sonicwall-sma-100-devices/

#overstepmalware
#sonicwall
#rootkit
#firmwareupdate
#cybersecurity
#unc6148
#ransomware
#cve202440766
#networksecurity
#threatintel

Security LandJul 24, 2025

Advanced threat actor UNC6148 is actively targeting SonicWall SMA 100 series appliances with sophisticated OVERSTEP backdoor malware, bypassing patches through stolen credentials.

#SecurityLand #BreachBreakdown #UNC6148 #Mandiant #GTIG #SonicWall #OVERSTEP

Read More: https://www.security.land/sonicwall-sma-100-series-targeted-by-advanced-backdoor-campaign/

securityaffairsJul 17, 2025
#UNC6148 deploys #Overstep #malware on #SonicWall devices, possibly for #ransomware operations
https://securityaffairs.com/180035/hacking/unc6148-deploys-overstep-malware-on-sonicwall-devices-possibly-for-ransomware-operations.html
#securityaffairs #hacking
UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware.

Security Affairs
The Threat CodexJul 16, 2025
Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor
#OVERSTEP #UNC6148
https://cloud.google.com/blog/topics/threat-intelligence/sonicwall-secure-mobile-access-exploitation-overstep-backdoor
Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor | Google Cloud Blog

A financially-motivated threat actor is targeting fully patched end-of-life SonicWall devices to deploy a backdoor known as OVERSTEP.

Google Cloud Blog