SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems.
The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access (SMA) that are used to provide users with remote access to internal resources.
“Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products,” the company exclusively told The Hacker News.
The development comes after The Hacker News received reports that SonicWall’s internal systems went down earlier this week on Tuesday and that the source code hosted on the company’s GitLab repository was accessed by the attackers.
SonicWall wouldn’t confirm beyond the reports beyond the statement, adding it would provide additional updates as more information becomes available.
The complete list of affected products include:
- NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls
- Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances, and the SMA 500v virtual appliance
The company said its SMA 1000 series is not susceptible to the zero-days and that it utilizes clients different from NetExtender.
It has also published an advisory urging organizations to enable multi-factor authentication, disable NetExtender access to the firewall, restrict access to users and admins for public IP addresses, and configure whitelist access on the SMA directly to mitigate the flaws.
With a number of cybersecurity vendors such as FireEye, Microsoft, Crowdstrike, and Malwarebytes becoming targets of cyberattacks in the wake of SolarWinds supply chain hack, the latest breach of SonicWall raises significant concerns.
“As the front line of cyber defense, we have seen a dramatic surge in cyberattacks on governments and businesses, specifically on firms that provide critical infrastructure and security controls to those organizations,” SonicWall said.
(This is a developing story. We will update it as and when more updates are available.)