The update comes about two months after Google warned that some unknown criminals have been exploiting fully patched, end-of-life SonicWall SMA 100 appliances to deploy a previously unknown backdoor and rootkit dubbed OVERSTEP. The malware modifies the appliance's boot process to maintain persistent access, enabling the criminals to steal sensitive credentials and conceal their own components. The Chocolate Factory's intel analysts in July attributed the ongoing campaign to UNC6148 - UNC in Google's threat-group naming taxonomy stands for "Uncategorized."