Hackers attempt to exploit SonicWall zero-day vulnerability

The flaw is believed to be the same vulnerability used in a security incident confirmed by the company late last month

Cyber security researchers have discovered active exploitation attempts against a zero-day vulnerability in SonicWall’s networking devices.

The flaw is believed to be the same zero-day vulnerability used in a security incident confirmed by the company late last month

Researchers from IT security company NCC Group said that they had notified SonicWall of the flaw as well as the exploits over the weekend. In a Twitter post, the researchers said they had “identified and demonstrated exploitability of a possible candidate for the vulnerability described and sent details to SonicWall”.

“We've also seen indication of indiscriminate use of an exploit in the wild,” the post stated.

NCC Group CTO Ollie Whitehouse said that the company had received confirmation from SonicWall that it had received the security company's warnings about the flaw.

IT Pro contacted the NCC Group for more information. However, according to ZDNet, the researchers have decided not to share details about the nature of the zero-day vulnerability in order to prevent other threat actors from collecting enough information to launch further attacks.

On 23 January, SonicWall announced that it had “identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products”.

Related Resource

Channel Pro Insight: A fast guide to central network management

How to stay connected and secure with central network management

A fast guide to central network management - whitepaperDownload now

The company didn’t specify when exactly the incident took place but ruled out that its NetExtender VPN Client product had been compromised, adding that the only products to remain under investigation are from the SMA 100 series. However, SonicWall clarified that, despite the investigation, all “SMA 100 series products may be used safely in common deployment use cases”.

On Friday, the company issued an update saying that it’s continuing its investigation into the SMA 100 Series, although “the presence of a potential zero-day vulnerability remains unconfirmed”.

SonicWall also stated that it had analysed a number of reports from its clients of “potentially compromised SMA 100 series devices”, adding that it had “so far only observed the use of previously stolen credentials to log into the SMA devices”.

“We will continue to fully investigate this matter and share more information and guidance as we have it. We will post further updates on this KB and will hopefully soon rule definitively on the outcome of this investigation,” it said.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022