
Networking device maker SonicWall said on Friday night that it is investigating a security breach of its internal network after detecting what it described as a “coordinated attack.”
In a short statement posted on its knowledgebase portal, the company said that “highly sophisticated threat actors” targeted its internal systems by “exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”
The company listed NetExtender VPN clients and the Secure Mobile Access (SMA) gateways as impacted:
- NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls.
- Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances, and the SMA 500v virtual appliance.
SonicWall said that the newer SMA 1000 series is not impacted as that particular product series is using a different VPN client than NetExtender.
Patches for the zero-day vulnerabilities are not available at the time of writing.
To help keep its own customers’ networks safe, the vendor has included a series of mitigations in its knowledgebase article, such as deploying a firewall to limit who can interact with SMA devices or disabling access via the NetExtender VPN client to its firewalls.
SonicWall also urged companies to enable two-factor authentication options in its products for admin accounts.
The networking device maker, whose products are often used to secure access to corporate networks, now becomes the fourth security vendor to disclose a security breach over the past two months after FireEye, Microsoft, and Malwarebytes.
All three previous companies were breached during the SolarWinds supply chain attack. CrowdStrike said it was targeted in the SolarWinds hack as well, but the attack did not succeed.
Cisco, another major vendor of networking and security devices, was also targeted by the SolarWinds hackers. The company said last month it was investigating if attackers escalated their initial access from the SolarWinds products to other parts of its network.
Multiple sources in the threat intel community told ZDNet after the publication of this article that SonicWall might have fallen victim to a ransomware attack.
Originally published at https://www.zdnet.com on January 23, 2021.
Read more in our article, what is spear phishing: https://teknologiia.com/what-is-spear-phishing/
Amazing! This blog looks just like my old one! It’s on a totally different subject but it has pretty much the same layout and design. Superb choice of colors!
Very interesting subject, regards for posting. “The great leaders have always stage-managed their effects.” by Charles De Gaulle.
I view something really special in this site.
I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post…
Wow, amazing weblog layout! How long have you ever been running a blog for? you make blogging look easy. The full look of your web site is great, let alone the content material!
I really like meeting useful info, this post has got me even more info! .
F*ckin’ tremendous issues here. I am very satisfied to look your article. Thank you a lot and i’m having a look forward to touch you. Will you kindly drop me a e-mail?
You are a very bright person!
I couldn’t resist commenting