UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit


UNC6148 hackers have compromised fully-patched, end-of-life SonicWall SMA 100 devices using a stealthy backdoor called OVERSTEP, likely via stolen credentials or a zero-day exploit. The rootkit enables persistent access, hides activity, and steals credentials. Google links the activity to past ransomware operations. In response, SonicWall is ending support for SMA 100 devices by December 31, 2025, and advises customers to migrate to newer, more secure solutions.

Read More


thumb-image

Solutions