Last weekend, representatives of SonicWall said that the company suffered from a “coordinated hacker attack”, while cybercriminals hacked the company’s network through 0-day vulnerabilities in its own products.
A short message from the company lists the following vulnerable products, in which zero-day problems were found (there are no patches for them yet): Secure Mobile Access (SMA) version 10.x, running on hardware solutions SMA 200, SMA 210, SMA 400, SMA 410 and virtual SMA 500v. The SMA 100 series devices are still under investigation.The company later reported that these fears were groundless.
It is separately emphasized that the new SMA 1000 line, SonicWall and SonicWall SonicWave AP bandwalls do not affect vulnerabilities.
While there are no details about the attack itself, or about the vulnerabilities found, the company only encourages its customers to enable two-factor authentication for administrator accounts, as well as use of firewalls and restriction of the circle of persons who can interact with SMA devices.
Bleeping Computer writes that, judging by the laconic descriptions of the bugs, they can be used remotely, without authentication on public devices. Journalists also say that in the middle of last week, they were contacted by an attacker claiming that he had information about a 0-day vulnerability in the products of a well-known firewall vendor. It is not known whether it was SonicWall.
In turn, SecurityWeek reports that they were also contacted by an anonymous author who said that SonicWall had suffered from a ransomware attack, and the malware operators managed to steal the company’s source code, as well as gain full access to all SonicWall’s internal systems. However, the unknown did not provide any evidence of it, except for a single screenshot (which SecurityWeek did not publish).
Let me remind you that I also reported that Zyxel firewalls and VPN gateways contain a built-in backdoor.