A threat actor has been deploying a previously unseen malware called OVERSTEP that modifies the boot process of fully-patched but no longer supported SonicWall Secure Mobile Access appliances.
OVERSTEP is a rootkit that allows attackers to maintain access and control of compromised devices. This is achieved even after reboots or firmware updates. The discovery of this rootkit highlights the ongoing threats faced by network appliances, especially those no longer supported by security updates.