SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware
Ionut Ilascu
July 16, 2025
11:33 AM
0
A threat actor has been deploying a previously unseen malware called OVERSTEP that modifies the boot process of fully-patched but no longer supported SonicWall Secure Mobile Access appliances.
The backdoor is a user-mode rootkit that allows hackers to hide malicious components, maintain persistent access on the device, and steal sensitive credentials.
Researchers at Google Threat Intellige...
