Advisory
H-ISAC TLP White Threat Bulletin: Akira Ransomware is Actively Targeting SonicWall SSL VPNs
On August 1, 2025, SonicWall released a report claiming they have identified a significant increase in ransomware activity targeting SonicWall SSL VPNs for initial network access starting in late July 2025. The company claims evidence suggests these attacks might be leveraging a zero-day vulnerability. Cyber company Huntress has also allegedly observed threat actors trying to gain access to networks using SonicWall devices.
While SonicWall has not confirmed the existence of a zero-day vulnerability, this alert is shared for your situational awareness.
For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:
John Riggi
National Advisor for Cybersecurity and Risk, AHA
jriggi@aha.org
(O) +1 202 626 2272
Key Resources
Related Resources
AHA Center for Health Innovation Market Scan
Advisory