SonicWall Says He Was Hacked Using Zero Days In His Own Products

Network device maker SonicWall said Friday night it was investigating a security breach in its internal network after detecting what it described as a “coordinated attack.”

In a brief statement posted to its knowledge base portal, the company said “highly sophisticated players” were targeting its internal systems by “exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”

Listed company NetExtender VPN clients and Secure mobile access (SMA) impacted gateways:

• NetExtender VPN client version 10.x (released in 2020) used to connect to SMA 100 series appliances and SonicWall firewalls.
• Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and SMA 500v virtual appliance.

SonicWall said the new SMA 1000 series is not affected because this particular product series uses a different VPN client from NetExtender.

Patches for zero-day vulnerabilities are not available at the time of writing.

To help protect their own customers’ networks, the vendor has included a series of mitigation measures in their knowledge base article, such as deploying a firewall to limit who can interact with SMA devices. or disabling access via the NetExtender VPN client to its firewalls.

SonicWall has also urged companies to enable two-factor authentication options in its products for administrator accounts.

The network device maker, whose products are often used to secure access to corporate networks, is now the fourth security vendor to reveal a security breach in the past two months after FireEye, Microsoft and Malwarebytes.

The previous three companies were raped in the attack on SolarWinds’ supply chain. CrowdStrike said it was also targeted in the SolarWinds hack, but the attack was unsuccessful.

Cisco, another major supplier of network and security devices, has also been targeted by SolarWinds hackers. The company said last month it was investigating whether the attackers had escalated their initial access of SolarWinds products to other parts of its network.

Several sources in the threat intelligence community told ZDNet after the publication of this article that SonicWall may have been the victim of a ransomware attack.