Campaign Persistently Exploiting Vulnerable SonicWall Devices
Dark Lab on Mar 14 2023
Share:
On March 8 2023, researchers identified an ongoing campaign conducted by a suspected Chinese unknown threat actor leveraging a malware on vulnerable SonicWall Devices, including SonicWall Secure Mobile Access (SMA) appliances to maintain long-term persistence on the compromised environments. SonicWall released their latest update and patches on 1 March 2023. HKBN urges impacted organisations to apply the patches immediately, given the active exploitation. The following report is issued as it satisfies our criteria for the release of a critical vulnerability alert.
SonicWall has released a patch mitigating the impacts of the OpenSSL vulnerability (CVE-2022-4304). The vendor recommends all users to upgrade to SonicWall SMA 10.2.1.7 by logging in to their MySonicWall portal or by following the guidance provided in their security advisory and additional resources. Further, if operating any outdated versions of SonicWall devices, we advise updating to the latest patch to avoid potential exploitation by the unknown actor.
https://blog.sonicwall.com/en-us/2023/03/new-sma-release-updates-openssl-library-includes-key-security-features/
https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall
SonicWall has released a patch mitigating the impacts of the OpenSSL vulnerability (CVE-2022-4304). The vendor recommends all users to upgrade to SonicWall SMA 10.2.1.7 by logging in to their MySonicWall portal or by following the guidance provided in their security advisory and additional resources. Further, if operating any outdated versions of SonicWall devices, we advise updating to the latest patch to avoid potential exploitation by the unknown actor.
https://blog.sonicwall.com/en-us/2023/03/new-sma-release-updates-openssl-library-includes-key-security-features/
https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall