H-ISAC TLP White Threat Bulletin: Akira Ransomware is Actively Targeting SonicWall SSL VPNs

On August 1, 2025, SonicWall released a report claiming they have identified a significant increase in ransomware activity targeting SonicWall SSL VPNs for initial network access starting in late July 2025. The company claims evidence suggests these attacks might be leveraging a zero-day vulnerability. Cyber company Huntress has also allegedly observed threat actors trying to gain access to networks using SonicWall devices.

While SonicWall has not confirmed the existence of a zero-day vulnerability, this alert is shared for your situational awareness.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272