SonicWall, a popular internet security provider of firewall and VPN products, revealed late Friday that it had been the victim of a coordinated attack on its internal systems.
The San Jose-based company said the attacks leveraged zero-day vulnerabilities at SonicWall securing remote access products like NetExtender VPN 10.x client version and Secure Mobile Access (SMA) used to provide users with remote access to internal resources.
“SonicWall recently identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on some SonicWall secure remote access products,” the company exclusively told The Hacker News.
The development comes after The Hacker News received reports that SonicWall’s internal systems had leaked earlier this week on Tuesday and that the source code held on the company’s GitLab repository had been accessed by the attackers.
SonicWall would not confirm the reports beyond the release, adding that it would provide additional updates as more information became available.
The complete list of products affected includes:
- NetExtender VPN 10.x client version (released 2020) used to connect to SonicWall SMA 100 series appliances and firewalls
- Safe Mobile Version (SMA) version 10.x runs on SMA 200, SMA 210, SMA 400, SMA 410 physical equipment, and SMA 500v virtual machine
The company said its SMA 1000 series is not open to the zero days and uses clients other than NetExtender.
He has also published a consultancy urging organizations to enable multi-factor authentication, disable NetExtender access to the firewall, restrict user and admirer access for public IP addresses, and configure white access on the SMA directly to mitigate the flaws .
With several cybersecurity vendors like FireEye, Microsoft, Crowdstrike, and Malwarebytes becoming targets of cyberattacks in the wake of SolarWinds supply chain fragmentation, the latest breach of SonicWall raises significant concerns.
“As a frontline of cyber defense, we have seen a dramatic surge in cybercriminals on governments and businesses, specifically on companies that provide critical infrastructure and security controls to those organizations,” SonicWall said.
UPDATE (January 24, 2021)
SonicWall, in an updated consultant on Saturday, said its NetExtender VPN clients are no longer affected by the potential zero-day vulnerabilities it said were being used to conduct a “coordinated attack” on its internal systems.
The company, however, said it is continuing to investigate the SMA 100 Series for likely zero days.
“Although we previously communicated NetExtender 10.x as potentially zero-day, that has now been ruled out,” the company noted. “It can be used with all SonicWall products. No action required from customers or partners.”
That said, the exact details of the nature of the attack and what prompted SonicWall to investigate its own products as a potential attack vector remain unclear until now.
We’ve reached out to the company for details, and will update the story if we hear back.