Particle.news
Get it on Google Play
Download on the App Store
4 ARTICLES
·
5mo ago

SonicWall Ships SMA 100 Firmware to Detect and Remove OVERSTEP Rootkit

The update targets OVERSTEP infections that enabled persistent access plus credential theft on SMA 100 appliances.

Image

Overview

  • SonicWall released SMA 100 version 10.2.2.2-92sv with file checking designed to identify and remove known rootkit malware from affected devices.
  • The firmware also addresses CVE-2024-38475 and CVE-2025-40599, expanding protections beyond rootkit removal.
  • Researchers attribute the OVERSTEP user‑mode rootkit to UNC6148, noting persistence across reboots, a reverse shell, log clearing, and theft of persist.database and certificate files.
  • SonicWall urges customers to rebuild or replace compromised appliances, rotate all credentials, replace certificates stored on devices, and require users to re-bind mobile authenticators.
  • SonicWall and CISA warned of brute-force attacks on the cloud backup service with configuration data accessed for fewer than 5% of firewall devices, while ACSC and Rapid7 confirmed separate Akira activity exploiting CVE-2024-40766 on unpatched gear.