Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned. The analysts say UNC6148 – as they dubbed the threat group – is likely financially motivated. “An organization targeted by UNC6148 in May 2025 was posted to the ‘World Leaks’ data leak site (DLS) in June 2025, and UNC6148 activity overlaps with publicly … More
The post SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit appeared first on Help Net Security.
