Contact us
Cloud platform
  • Cyber Threat Intelligence, Emergency Announcement

SonicWall releases urgent update against rootkit in SMA 100 devices

SonicWall released a critical firmware update (version 10.2.2.2-92sv) to eliminate the OVERSTEP rootkit that compromises end-of-life SMA 100 devices. The malware, deployed by the UNC6148 group, maintains persistent access even after previous patches and can lead to ransomware attacks.

The rootkit was discovered by the Google Threat Intelligence Group in an active campaign by the UNC6148 group, which compromises SMA 100 devices even with previously updated security patches. The malware is highly sophisticated: modifies the boot process, maintains persistence through hidden components, establishes reverse shells, and steals credentials, OTP seeds, and certificates.

Recommendations:

  • Apply immediate firmware update: Install firmware version 10.2.2.2-92sv on all SMA 100 devices immediately.
  • Conduct forensic imaging: Acquire disk images for forensic analysis before remediation, with SonicWall support if necessary.
  • Reset all credentials: Reset all credentials, including passwords and OTP bindings for all device users.
  • Revoke and reissue certificates: Revoke and reissue certificates with private keys stored on the device.
  • Search for compromise indicators: Look for indicators of compromise such as suspicious files, malicious web requests, and anomalous VPN sessions.

SEK is actively monitoring the case and remains available to assist its clients in implementing the necessary measures and analyzing potential compromise.

 

More content like this:
  • Cyber Threat Intelligence, Emergency Announcement

Clop Group Exploits Critical Zero-Day Vulnerability in Oracle E-Business Suite

Oracle has confirmed the active exploitation of a critical zero-day vulnerability in E-Business Suite (EBS), identified as CVE-2025-61882

READ MORE
  • Cyber Threat Intelligence, Emergency Announcement

Zabbix releases fixes for three vulnerabilities in monitoring agents

Zabbix has disclosed three security vulnerabilities affecting multiple versions of its monitoring agents and servers.

READ MORE
Access more content
Where we are
Argentina

Esmeralda 1042, piso 10, CABA, Buenos Aires

Brazil

Av. Tamboré, nº 267, 13º andar, conjunto 131, Torre Norte, Alphaville. CEP 06460-000, Cidade de Barueri - São Paulo

Colômbia

Cra. 45 #114-44. Oficina 404 Edificio Invention Center. Bogotá, Colômbia

Chile

Suecia 0155, Piso 14 7510114 Santiago, Providencia, Región Metropolitana, Chile

Peru

Av. Del Pinar 152 Of. 1101 Chacarilla del Estanque, Santiago de Surco, Lima

Follow SEK on social media:
Linkedin Youtube
Report a concern
The information submitted through this channel will be kept confidential, as will your identity.
Submit your report
Access the manual
Contact us
Cloud Platform
Linkedin Youtube
Privacy Overview
SEK

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Additional Cookies

This website uses the following additional cookies:

(List the cookies that you are using on the website here.)