Information security specialists of the NCC Group have discovered that a mysterious 0-day vulnerability in SonicWall’s network products is already under “indiscriminate” attacks.
Since there is still no patch, details of the bug were not disclosed to prevent other hackers from joining the attacks. SonicWall developers were notified of what was happening last weekend.One NCC Group expert told ZDNet the following:
At the same time, analysts are convinced that they have discovered the very same zero-day vulnerability, with the help of which a mysterious attacker recently hacked SonicWall itself, penetrating the manufacturer’s internal network.
Let me remind you that at the end of January it became known that SonicWall suffered during a “coordinated hacker attack.”
Company representatives still do not report any details about this incident, they only write that Secure Mobile Access (SMA) version 10.x, running on hardware solutions SMA 200, SMA 210, SMA 400, SMA 410 and virtual SMA 500v should be considered vulnerable to an unknown 0-day problem. Also, SMA 100 series devices are still under investigation.
Bleeping Computer journalists reported that they were contacted 2 weeks ago by an attacker claiming to have information about a 0-day vulnerability in the products of a well-known firewall vendor. It is not known whether it was SonicWall.
In turn, Security Week reported that they were also contacted by an anonymous author who said that SonicWall had suffered from a ransomware attack, and the malware operators managed to steal the company’s source code, as well as gain full access to all SonicWall’s internal systems.