Security News > 2023 > March > China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware
A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access 100 appliances to drop malware and establish long-term persistence.
"The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades," cybersecurity company Mandiant said in a technical report published this week.
The malware - a collection of bash scripts and a single ELF binary identified as a TinyShell backdoor - is engineered to grant the attacker privileged access to SonicWall devices.
The overall objective behind the custom toolset appears to be credential theft, with the malware permitting the adversary to siphon cryptographically hashed credentials from all logged-in users.
The exact initial intrusion vector used in the attack is unknown, and it's suspected that the malware was likely deployed on the devices, in some instances as early as 2021, by taking advantage of known security flaws.
"In recent years Chinese attackers have deployed multiple zero-day exploits and malware for a variety of internet facing network appliances as a route to full enterprise intrusion," Mandiant said.
News URL
https://thehackernews.com/2023/03/china-linked-hackers-targeting.html
Related news
- China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks (source)
- Chinese hackers target Linux with new WolfsBane malware (source)