Ransomware Group Targets SonicWall Gen 7 Firewalls via CVE-2024-40766

In June 2026, a surge in attacks targeting SonicWall Gen 7 firewalls has been reported, exploiting CVE-2024-40766, an improper access control flaw. This vulnerability allows threat actors to gain unauthorized access, particularly during migrations from Gen 6 to Gen 7 firewalls where passwords were not reset. The Akira ransomware has been deployed in these incidents, with attackers leveraging SSL VPNs to breach internal networks and move laterally. SonicWall has confirmed that the threat is not linked to a zero-day vulnerability but is associated with this known CVE. Security firms, including Huntress and Bitdefender, are advising organizations to reset local user passwords and update firmware to mitigate risks. The ongoing campaign has seen rapid exploitation, with attackers often pivoting to domain controllers within hours of initial compromise. Organizations using SonicWall devices are urged to remain vigilant and apply recommended security measures.

Key Points: • SonicWall Gen 7 firewalls are being targeted via CVE-2024-40766, leading to unauthorized access. • Attackers are deploying Akira ransomware after gaining access through SSL VPNs. • Organizations are advised to reset passwords and update firmware to enhance security.