Officials shared indicators of compromise observed as recently as this month to help organizations hunt for and defend against the ransomware group, which has pocketed $244 million…

The security vendor said the attack, which exposed customers’ firewall configuration files, is contained and unrelated to recent Akira ransomware attacks on its customers.

The security vendor’s customers have confronted a barrage of actively exploited defects since 2021. The brute-force attack on a company-controlled system underscores broader security pitfalls are afoot.

The company confirmed to CyberScoop that an unidentified cybercriminal accessed SonicWall’s customer portal through a series of brute-force attacks.

A recent wave of attacks targeting SonicWall customers has researchers and authorities on alert. Many victim organizations had misconfigurations in their systems.

The vendor ruled out a zero-day vulnerability as the root cause, disputing initial assessments from third-party researchers. Fewer than 40 organizations have been impacted since mid-July.

About 20 organizations have been impacted and the pace of attacks is rising. Threat researchers and SonicWall are scrambling to determine the root cause.

Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers.

The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge.

The flaw has a severity rating of 9.8 out of 10, and a patch has been made available.