TI Mindmap HUB
Threat Intelligence Report

Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor | Google Cloud Blog

📅 July 21, 2025 📰 cloud.google.com 🔍 5 CVE(s) referenced

A financially motivated threat actor is actively exploiting SonicWall SMA 100 series appliances—despite patches—by leveraging previously stolen credentials and deploying a stealthy, persistent rootkit dubbed OVERSTEP, enabling ongoing access, credential theft, and potential ransomware or extortion operations.

vendor
CVE-2021-20035, CVE-2021-20038, CVE-2021-20039, CVE-2024-38475, CVE-2025-32819

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap
🎯 IOC Extraction
⚔️ MITRE ATT&CK TTPs
📦 STIX 2.1 Bundle