image credit: Maxpixel

Suspected Chinese cyber spies target unpatched SonicWall devices

March 9, 2023


Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant.

The spyware targets the SonicWall Secure Mobile Access (SMA) 100 Series – a gateway device that provides VPN access to remote users.

The networking vendor confirmed the malware campaign in a statement emailed to The Register:

“Working in partnership with Mandiant, the SonicWall Product Security and Incident Response Team (PSIRT) confirmed a persistent threat actor campaign leveraging malware against unpatched SonicWall Secure Mobile Access (SMA) Series 100 appliances. While not tied to a new or specific vulnerability, SonicWall urges organizations to be proactive in updating to the most recent SMA 100 series firmware ( or later), which includes additional hardening and security controls.”

Read More on The Register