Hackers tried to exploit a zero-day in the Sophos XG firewall to distribute ransomware to Windows machines but were blocked by a hotfix issued by Sophos. The Asnar..k Trojan was used to steal data from the firewall that could have allowed the attackers to compromise the network remotely. Just hours after Sophos pushed out their hotfix, the attackers revised their attack to distribute the Ragnarok Ransomware on unpatched Windows machines on the network. The attack was orchestrated through the following diagram from Sophos.
Source: https://www.bleepingcomputer.com/news/security/hackers-tried-to-use-sophos-firewall-zero-day-to-deploy-ransomware/