Security News > 2023 > March > China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access 100 appliances to drop malware and establish long-term persistence.

"The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades," cybersecurity company Mandiant said in a technical report published this week.

The malware - a collection of bash scripts and a single ELF binary identified as a TinyShell backdoor - is engineered to grant the attacker privileged access to SonicWall devices.

The overall objective behind the custom toolset appears to be credential theft, with the malware permitting the adversary to siphon cryptographically hashed credentials from all logged-in users.

The exact initial intrusion vector used in the attack is unknown, and it's suspected that the malware was likely deployed on the devices, in some instances as early as 2021, by taking advantage of known security flaws.

"In recent years Chinese attackers have deployed multiple zero-day exploits and malware for a variety of internet facing network appliances as a route to full enterprise intrusion," Mandiant said.

News URL

https://thehackernews.com/2023/03/china-linked-hackers-targeting.html