Security News > 2023 > March > China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access 100 appliances to drop malware and establish long-term persistence.
"The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades," cybersecurity company Mandiant said in a technical report published this week.
The malware - a collection of bash scripts and a single ELF binary identified as a TinyShell backdoor - is engineered to grant the attacker privileged access to SonicWall devices.
The overall objective behind the custom toolset appears to be credential theft, with the malware permitting the adversary to siphon cryptographically hashed credentials from all logged-in users.
The exact initial intrusion vector used in the attack is unknown, and it's suspected that the malware was likely deployed on the devices, in some instances as early as 2021, by taking advantage of known security flaws.
"In recent years Chinese attackers have deployed multiple zero-day exploits and malware for a variety of internet facing network appliances as a route to full enterprise intrusion," Mandiant said.
News URL
https://thehackernews.com/2023/03/china-linked-hackers-targeting.html
Related news
- China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)