SonicWall Snafu: Hackers Exploit Legacy Devices with Sneaky OVERSTEP Malware!

Hackers are exploiting end-of-life SonicWall SMA 100 Series devices using the OVERSTEP rootkit. This sneaky malware modifies the boot process, hides malicious components, and ensures hackers maintain access. SonicWall’s team is stumped, but one thing’s clear: these cyber-criminals are like the Houdinis of hacking.

3P
Published: July 16, 2025 3:42 pmAdded: July 16, 2025 at 9:14 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew SonicWall appliances were this hip? They’re so retro, hackers are targeting them like vinyl records at a hipster’s garage sale. With a malware name like OVERSTEP, I guess these cybercriminals are just stepping it up a notch in the musical chairs game of cybersecurity. Who needs Netflix when you have hackers staging a thriller on your old hardware?

Key Points:

  • UNC6148 is exploiting end-of-life SonicWall appliances with new malware named OVERSTEP.
  • OVERSTEP is a rootkit that manipulates the boot process, allowing persistent access.
  • Hackers are suspected of leveraging a zero-day vulnerability for initial access.
  • The threat actor may be involved in data theft and deploying Abyss ransomware.
  • Researchers recommend disk imaging to detect potential compromises.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?