SonicWall has released new firmware for its Secure Mobile Access (SMA) 100 series appliances, adding file-checking capabilities that help users remove known rootkit malware. The malware in question is the OVERSTEP user-mode rootkit, deployed by threat group UNC6148. The campaign In July 2025, Mandiant incident responders and Google Threat Intelligence Group (GTIG) threat analysts warned about a SonicWall SMA exploitation campaign perpetrated by UNC6148. Attackers leveraged previously stolen local administrator credentials to establish an SSL … More
The post SonicWall adds rootkit removal capabilities to the SMA 100 series appeared first on Help Net Security.
