Skip to content
Protect Your Gadgets from Cyber ThreatsGadget Hype's Tech Hub

Akira Ransomware Strikes: North Korea-Linked Hackers Bypass OTP MFA

North Korea-linked hackers exploit SonicWall VPNs to launch Akira ransomware attacks. Over half of intrusions bypassed OTP MFA, demonstrating the sophistication and speed of these state-sponsored cyber threats.

 and  Administrator
1 min read
In this image there is one person standing at right side of this image and there is a headphone on...
In this image there is one person standing at right side of this image and there is a headphone on her neck which is in white color. There is a apple desktop at left side of this image. There is one watermark at bottom left corner of this image. There is one board in middle of this image.

Akira Ransomware Strikes: North Korea-Linked Hackers Bypass OTP MFA

A new wave of cyber attacks has been detected, with the Akira ransomware causing significant disruption across various sectors. The attacks, which began in July 2025, have exploited vulnerabilities in SonicWall SSL VPNs, bypassing One-Time Password (OTP) Multi-Factor Authentication (MFA).

The attacks are believed to have started with malicious SSL VPN logins from Virtual Private Server (VPS) providers. Once inside, threat actors, affiliated with North Korea, quickly spread across networks, with rapid post-login activity and short dwell times. Over half of the intrusions involved OTP MFA accounts, demonstrating the attackers' ability to circumvent this security measure.

The Akira ransomware targets SonicWall NSA and TZ series devices running SonicOS 6-8, including recent 7.3.0 builds. It exploits the CVE-2024-40766 vulnerability to gain initial access. After gaining entry, attackers use multiple techniques to evade detection, such as disabling Remote Monitoring and Management (RMM) tools and deleting Volume Shadow Copies.

Threat actors install WinRAR on servers and domain controllers to package files for exfiltration. They also search for VM storage/backups to access sensitive data and domain credentials. After SSL VPN access, attackers scan internal networks within just five minutes, indicating a high level of sophistication and speed.

The Akira ransomware campaign has highlighted the ongoing threat posed by state-affiliated cybercriminal groups. With their ability to bypass OTP MFA and exploit vulnerabilities in widely-used VPNs, organizations must remain vigilant and prioritize robust cybersecurity measures to protect against such attacks.

Read also:

Related

Latest