top of page

Stay Ahead of Cyber Threats: Keep Your Hardware Up to Date and Stay Safe Online - Learn More Here

A recent report from cybersecurity company Mandiant warns of a China-linked hacking campaign targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances. The campaign's objective is to drop malware and establish long-term persistence. The malware is engineered to steal user credentials, provide shell access, and persist through firmware upgrades.

The malware used in the campaign is a collection of bash scripts and a single ELF binary identified as a TinyShell backdoor. It is tailored to grant the attacker privileged access to SonicWall devices, siphon cryptographically hashed credentials from all logged-in users, and provide shell access to the compromised device.

Mandiant also calls out the attacker's in-depth understanding of the device software, enabling them to develop tailored malware that can achieve persistence across firmware updates and maintain a foothold on the network. The exact initial intrusion vector used in the attack is unknown, but it is suspected that the malware was deployed on the devices, in some instances as early as 2021, by taking advantage of known security flaws. To address this issue, SonicWall has released updates (version that come with new security enhancements such as File Integrity Monitoring (FIM) and anomalous process identification. It is important to note that the campaign targeted an extremely limited number of unpatched SMA 100 series appliances from the 2021 timeframe and did not exploit a new vulnerability.

This news highlights the importance of keeping routers and hardware up to date with the latest security patches and firmware updates to avoid potential vulnerabilities. Zero-day exploits and malware can be incredibly damaging to enterprises, and it's crucial to stay ahead of potential threats by maintaining strong security practices.n conclusion, the recent China-linked hacking campaign targeting unpatched SonicWall SMA devices highlights the importance of keeping your hardware up to date with the latest security patches and firmware updates.

As cyber threats continue to evolve and become more sophisticated, it is crucial for enterprises to maintain strong security practices to avoid potential vulnerabilities. By regularly updating your routers and hardware, you can help protect your business from the damaging effects of zero-day exploits and malware. At BVTech, we provide comprehensive cybersecurity solutions to help businesses stay protected in an ever-changing threat landscape. Contact us today to learn more. By email - by phone (210) 538-3669 or click here to call us from your browser.

Malicious code image.
BVTech knows cyber security.

6 views0 comments
bottom of page