Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor

A financially-motivated threat actor, UNC6148, is targeting fully patched end-of-life SonicWall SMA 100 series appliances. They are using stolen credentials and OTP seeds from previous intrusions to regain access. The actor has deployed a new persistent backdoor/user-mode rootkit called OVERSTEP, which modifies the appliance's boot process, steals credentials, and conceals itself. UNC6148 may be using an unknown zero-day vulnerability for deployment. The campaign, ongoing since October 2024, aims at data theft, extortion, and possibly ransomware deployment. OVERSTEP's functionality includes establishing reverse shells, exfiltrating passwords, and implementing usermode rootkit capabilities. Organizations are advised to rotate all credentials and follow provided recommendations to mitigate the threat.

Pulse ID: 6879f91ca3f7a11b698fd127
Pulse Link: https://otx.alienvault.com/pulse/6879f91ca3f7a11b698fd127
Pulse Author: AlienVault
Created: 2025-07-18 07:34:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#SonicWall #SMA devices hacked with #OVERSTEP #rootkit tied to #ransomware

https://www.bleepingcomputer.com/news/security/sonicwall-sma-devices-hacked-with-overstep-rootkit-tied-to-ransomware/

Houken Exploits Ivanti CSA Flaws to Deploy Stealthy Linux Rootkit

Pulse ID: 686767ae58ae239c29036d15
Pulse Link: https://otx.alienvault.com/pulse/686767ae58ae239c29036d15
Pulse Author: cryptocti
Created: 2025-07-04 05:33:34

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

"#Malware maker sponsors a #shitpost by a #TechIlliterate #Windows n0ob to sell their #Rootkit to #TechIlliterates" would'nt be as clickbaity but a #HonestVideoTitle instead...

https://www.youtube.com/watch?v=UKLTGoftJi8

Nice how site refers to the application features "monitor employee productivity" back in my day this was called spying using a rootkit.

RE: https://sfba.social/@twrling/114419685349438823

PoC #rootkit #Curing evades traditional #Linux detection systems
https://securityaffairs.com/177098/hacking/poc-rootkit-curing-evades-traditional-linux-detection-systems.html
#securityaffairs #hacking

#Hackers can now bypass #Linux #security thanks to terrifying new Curing #rootkit

https://betanews.com/2025/04/24/hackers-bypass-linux-security-with-armo-curing-rootkit/

#Linux '#io_uring' security blindspot allows stealthy #rootkit attacks

https://www.bleepingcomputer.com/news/security/linux-io-uring-security-blindspot-allows-stealthy-rootkit-attacks/

Fortinet advierte que atacantes pueden conservar el acceso incluso después de la aplicación de parches https://blog.elhacker.net/2025/04/fortinet-advierte-atacantes-mantienen-acceso-tras-aplicacion-parche-seguridad.html #vulnerabilidad #persistencia #fortinet #Rootkit #bug #cve

"Passwort" Folge 25: Staatlich sanktionierte Schnüffelsoftware

Dieses Mal nehmen sich die Podcast-Hosts eines kontroversen Themas an: Unternehmen installieren über Sicherheitslücken Malware - und das in staatlichem Auftrag.

https://www.heise.de/news/Passwort-Folge-25-Staatlich-sanktionierte-Schnueffelsoftware-10271855.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Pumakit – Sophisticated Linux Rootkit That Persist Even After Reboots https://gbhackers.com/pumakit-linux-rootkit-persistence/ #CyberSecurityNews #IncidentResponse #cybersecurity #Linuxmalware #LinuxMalware #Rootkit

"Passwort" Folge 23: Schnitzeljagd um ein Linux-Bootkit

Sicherheitsforscher finden zufällig die Malware "Bootkitty" und analysieren sie. Was kann sie und wer steckt dahinter? Christopher und Sylvester rätseln mit.

https://www.heise.de/news/Passwort-Folge-23-Schnitzeljagd-um-ein-Linux-Bootkit-10236522.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

BlackPill is a stealthy Linux rootkit made in Rust.

https://github.com/DualHorizon/blackpill

PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms  – Source: securityaffairs.com https://ciso2ciso.com/pumakit-a-sophisticated-rootkit-that-uses-advanced-stealth-mechanisms-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #hacking #Malware #PUMAKIT #Rootkit

It’s only a real linux bootkit if it comes under an open-source license.

BTW it’s actually GNU/Bootkitty.

#SaltTyphoon hackers backdoor #telcos with new #GhostSpider #malware
The backdoor was discovered by Trend Micro, which has been monitoring Salt Typhoon's attacks against critical infrastructure and government organizations worldwide.
Along with GhostSpider, Trend Micro discovered that the threat group also uses a previously documented #Linux backdoor named '#MasolRAT,' a #rootkit named '#Demodex,' and a modular backdoor shared among #China #APT groups named '#SnappyBee.'
https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/

Malware Exploits Trusted Avast Anti-Rootkit Driver to Disable Security Software – Source:hackread.com https://ciso2ciso.com/malware-exploits-trusted-avast-anti-rootkit-driver-to-disable-security-software-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Hackread #security #malware #Rootkit #avast

Malware Exploits Trusted Avast Anti-Rootkit Driver to Disable Security Software https://hackread.com/malware-avast-anti-rootkit-driver-bypass-security/ #Cybersecurity #Security #security #Malware #Rootkit #avast

"Passwort" Folge 17: News von Cybercrimegruppen bis zu Zertifikatsplänen

Im Security-Podcast geht es dieses Mal um Aktionen gegen Kryptobörsen, neue Spectre-Varianten, eine variantenreiche Linux-Malware und Apples Zertifikatsideen.

https://www.heise.de/news/Passwort-Folge-17-News-von-Cybercrimegruppen-bis-zu-Zertifikatsplaenen-9994681.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon