Security News > 2023 > March > Suspected Chinese cyber spies target unpatched SonicWall devices

Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant.

The spyware targets the SonicWall Secure Mobile Access 100 Series - a gateway device that provides VPN access to remote users.

"Working in partnership with Mandiant, the SonicWall Product Security and Incident Response Team confirmed a persistent threat actor campaign leveraging malware against unpatched SonicWall Secure Mobile Access Series 100 appliances. While not tied to a new or specific vulnerability, SonicWall urges organizations to be proactive in updating to the most recent SMA 100 series firmware, which includes additional hardening and security controls."

"The joint investigation revealed that the devices had known exploited vulnerabilities going back as far as 2019 and were not remediated until 2021," the SonicWall spokesperson confirmed.

"The investigation revealed that the unpatched devices were vulnerable to known exploited vulnerabilities, including CVE-2021-20016, CVE-2021-20028, CVE-2019-7483 and CVE-2019-7481.".

Carmakal also commended SonicWall for the firmware update, which "Will better enable organizations to detect compromised devices," and said he hopes "More vendors push out similar code to their devices." .

News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/09/suspected_chinese_cyberspies_target_uppatched/