BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators.
SonicWall this week has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL).
Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families.
“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials.” reads the alert published by the company. “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”
The company states that organizations that fail to address known vulnerabilities in the firmware of SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack.
The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible.
CISA also warned of ransomware attacks attempting to exploit known, previously patched, vulnerability in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.
Upgrade to the newest SonicWall firmware and disconnect EOL SonicWall appliances ASAP. Failing to follow SonicWall guidance may lead to targeted ransomware attacks. Read more at https://t.co/ji96tw5Md4 #Cybersecurity #InfoSec #Ransomware
— US-CERT (@USCERT_gov) July 15, 2021
Both SonicWall and CISA did not provide details about the threat actors behind these attacks, but BleepingComputer became aware that HelloKitty ransomware gang has been exploiting the issue in a recent wave of attacks.
“While CISA and SonicWall did not reveal the identity of the threat attackers behind these attacks, BleepingComputer was told by a source in the cybersecurity industry that HelloKitty has been exploiting the vulnerability for the past few weeks.” reported BleepingComputer.
Bleeping computer also added that CrowdStrike confirmed that several three actors, including HelloKitty ransomware operators, are attempting to exploit a flaw tracked as CVE-2019-7481.
Other groups targeted known vulnerabilities in SonicWall devices in the past, such as the UNC2447 cybercrime gang that exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to deliver the FiveHands ransomware.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, HelloKitty ransomware)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators.
SonicWall this week has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL).
Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families.
“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials.” reads the alert published by the company. “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”
The company states that organizations that fail to address known vulnerabilities in the firmware of SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack.
The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible.
CISA also warned of ransomware attacks attempting to exploit known, previously patched, vulnerability in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.
Upgrade to the newest SonicWall firmware and disconnect EOL SonicWall appliances ASAP. Failing to follow SonicWall guidance may lead to targeted ransomware attacks. Read more at https://t.co/ji96tw5Md4 #Cybersecurity #InfoSec #Ransomware
— US-CERT (@USCERT_gov) July 15, 2021
Both SonicWall and CISA did not provide details about the threat actors behind these attacks, but BleepingComputer became aware that HelloKitty ransomware gang has been exploiting the issue in a recent wave of attacks.
“While CISA and SonicWall did not reveal the identity of the threat attackers behind these attacks, BleepingComputer was told by a source in the cybersecurity industry that HelloKitty has been exploiting the vulnerability for the past few weeks.” reported BleepingComputer.
Bleeping computer also added that CrowdStrike confirmed that several three actors, including HelloKitty ransomware operators, are attempting to exploit a flaw tracked as CVE-2019-7481.
Other groups targeted known vulnerabilities in SonicWall devices in the past, such as the UNC2447 cybercrime gang that exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to deliver the FiveHands ransomware.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, HelloKitty ransomware)