| Over the last several days, SonicWall issued an advisory of a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSL VPN is enabled. A likely zero-day vulnerability in SonicWall VPNs is being actively exploited to bypass multi-factor authentication (MFA) and deploy ransomware. Threat actors are likely to pivot directly to domain controllers within hours of the initial breach. |
| SonicWall is actively investigating these incidents to determine whether they are connected to a previously disclosed vulnerability or if a new vulnerability may be responsible. |
| Until further notice, SonicWall strongly advises, where practical, disabling the VPN service immediately and applying other mitigations in the advisory to reduce exposure while SonicWall continues its investigation. |
| References |