Threat actors frequently exploit vulnerabilities in VPN products like SonicWall (CVE-2024-40766) and Cisco AnyConnect (CVE-2020-3259) to gain entry.
They often use legitimate tools like AnyDesk , LogMeIn , and FileZilla to maintain persistence and exfiltrate data while blending in with normal admin activity. 2. Akira "Ghost Client" (Minecraft) Akira Client
In gaming communities, "Akira" refers to a "ghost client" used for cheating in Minecraft. Security researchers have flagged versions of this client as , often acting as a Trojan designed to steal credentials from the user's computer. It is strongly recommended to avoid downloading or running this software. 3. Reporting an Incident in June 2025
Recent research indicates Akira can move from initial access to full network encryption in under four hours . they began targeting Nutanix AHV environments.
While originally focused on Windows, the group has expanded to encrypt Linux and VMware ESXi virtual machines. Most recently, in June 2025, they began targeting Nutanix AHV environments.