Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

admin by admin
March 12, 2023
in Ethical Hackers


Mar 10, 2023Ravie LakshmananNetwork Security / Cyber Threat

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence.

“The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades,” cybersecurity company Mandiant said in a technical report published this week.

The Google-owned incident response and threat intelligence firm is tracking the activity under its uncategorized moniker UNC4540.

The malware – a collection of bash scripts and a single ELF binary identified as a TinyShell backdoor – is engineered to grant the attacker privileged access to SonicWall devices.

The overall objective behind the custom toolset appears to be credential theft, with the malware permitting the adversary to siphon cryptographically hashed credentials from all logged-in users. It further provides shell access to the compromised device.

Mandiant also called out the attacker’s in-depth understanding of the device software as well as their ability to develop tailored malware that can achieve persistence across firmware updates and maintain a foothold on the network.

The exact initial intrusion vector used in the attack is unknown, and it’s suspected that the malware was likely deployed on the devices, in some instances as early as 2021, by taking advantage of known security flaws.

Coinciding with the disclosure, SonicWall has released updates (version 10.2.1.7) that come with new security enhancements such as File Integrity Monitoring (FIM) and anomalous process identification.

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

In a statement shared with The Hacker News, SonicWall told that the campaign targeted “an extremely limited number of unpatched SMA 100 series appliances from the 2021 timeframe” and that it did not exploit a “new vulnerability.”

The development comes nearly two months after another China-nexus threat actor was found exploiting a now-patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa.

“In recent years Chinese attackers have deployed multiple zero-day exploits and malware for a variety of internet facing network appliances as a route to full enterprise intrusion,” Mandiant said.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Docker Container Logs 2023 Guide

Next Post

Log Aggregation 2023 Guide

Next Post

Log Aggregation 2023 Guide

Recommended

Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer

5 months ago

CLI Tool For PKCS7 Padding Oracle Attacks

6 months ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.