Network security vendor releases further details of ‘coordinated’ assault
Networking device vendor SonicWall has released the findings of an initial investigation after zero-day vulnerabilities in its products were targeted in a ‘highly sophisticated’ hack.
The company, which manufactures networking tools, cybersecurity products, and cloud platform tools, announced on Friday (January 22) that it had suffered a cyber-attack.
It was originally reported that at least two of its products – the NetExtender VPN client and the Secure Mobile Access (SMA) gateway – were impacted.
However, the vendor has now determined that the VPN client was not, in fact, affected.
A statement reads: “While we previously communicated NetExtender 10.X as potentially having a zero-day, that has now been ruled out. It may be used with all SonicWall products.”
SonicWall’s SMA 100 Series, a secure remote access client for use in corporate environments, is still under investigation.
SMA 100 Series customers can still use NetExtender for remote access with the SMA 100 series, since this use case was determined not to be susceptible to exploitation.
SonicWall added: “We advise SMA 100 series administrators to create specific access rules or disable Virtual Office and HTTPS administrative access from the internet while we continue to investigate the vulnerability.”
The manufacturer described the incident, during which unknown actors leveraged zero-day products in SonicWall products to target its internal systems, as a “coordinated attack”.
SonicWall said that the attack was carried out by “highly sophisticated threat actors” but has not released any information on the identity of the assailants.
Patches that protect against the vulnerabilities have not yet been released. The Daily Swig has reached out to SonicWall to determine when fixes will be available.
In the absence of a fix, SonicWall has released a series of mitigations for its users which can be found on its website.