Akira Ransomwareâs SonicWall Campaign Creates Enterprise M&A Risk
ID: 72c6c270-8af3-5be4-bec0-8939cfe4ee90
STIX ID: report--72c6c270-8af3-5be4-bec0-8939cfe4ee90
Feed Name: ReliaQuest Blog
Threat Score
ReliaQuest analyzed Akira ransomware campaigns (June–October 2025) that leveraged unpatched or misconfigured SonicWall SSL VPNs inherited during M&A to gain footholds in acquiring organizations; attackers exploited stale admin credentials, predictable hostnames, and inconsistent EDR to escalate to domain controllers in as little as five hours and deploy ransomware rapidly, with over 70 victims observed in October 2025.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.