Security News > 2020 > April > Hackers Mount Zero-Day Attacks on Sophos Firewalls
Attackers have been targeting the Sophos XG Firewall using a zero-day exploit, according to the security firm - with the ultimate goal of dropping the Asnarok malware on vulnerable appliances.
Firewalls manually configured to expose a firewall service to the WAN zone that shares the same port as the admin or user portal were also affected," the firm explained.
If hackers were able to access an exposed XG device, the Asnarok trojan was then installed, which is designed to exfiltrate data housed on the XG firewall itself.
"The data exfiltrated for any impacted firewall includes all local usernames and hashed passwords of any local user accounts," Sophos noted.
Asnarok first retrieves the public-facing IP address where the firewall was installed, using public search engines like "Ifconfig.me" and "Checkip.dyndns.org." Next, it retrieves information about the firewall and its users from different storage areas on the firewall.
News URL
https://threatpost.com/hackers-zero-day-attacks-sophos-firewalls/155169/
Related news
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Fully patched Cleo products under renewed 'zero-day-ish' mass attack (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)