IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

SonicWall hacked via zero-day flaw in remote access tools

The company admits "highly sophisticated" hackers exploited flaws in its SMA 100 series products

A hand typing on a keyboard in a malicious manner

SonicWall has admitted that it's been the target of a cyber attack which saw hackers take advantage of zero-day vulnerabilities in its secure remote access products.

The network security provider issued a statement confirming the incident after being contacted by SC Media, which received an anonymous tip that SonicWall's systems had been breached.

The company stated that it had “identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products”.

The company didn’t specify when exactly the incident took place. IT Pro contacted SonicWall for a timeline of the attack but is yet to receive a response from the company.

Over the weekend, SonicWall issued an additional statement which ruled out that its NetExtender VPN Client product had been compromised, adding that the only products to remain under investigation are from the SMA 100 series which “provide Secure, Mobile and Remote Access” to SMBs. 

However, SonicWall clarified that, despite the investigation, all “SMA 100 series products may be used safely in common deployment use cases”.

The company also said that it “fully understands the challenges previous guidance had in a work-from-home environment, but the communicated steps were measured and purposeful in ensuring the safety and security of [its] global community of customers and partners”.

“As the front line of cyber defense, we have seen a dramatic surge in cyberattacks on governments and businesses, specifically on firms that provide critical infrastructure and security controls to those organizations,” it added.

Despite a decline in the number of security incidents, the last year was deemed as the worst for data breaches on record.

The news of the incident comes months after SonicWall released patches for a critical vulnerability in the SonicOS operating system, which is responsible for running SonicWall virtual private network (VPN) appliances.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide
Whitepaper

CIAM buyer’s guide

6 Jun 2022

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022