• Suspected Chinese Campaign to Persist on SonicWall Devices

    Home » Forums » Cyber Security Information and Advisories » Cyber Security for Business users » Suspected Chinese Campaign to Persist on SonicWall Devices

    Author
    Topic
    #2543648

    https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall

    Undetected since 2021 and resists firmware update

    Mandiant, working in partnership with SonicWall Product Security and Incident Response Team (PSIRT), has identified a suspected Chinese campaign that involves maintaining long term persistence by running malware on an unpatched SonicWall Secure Mobile Access (SMA) appliance. The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades. Mandiant currently tracks this actor as UNC4540…

    Mandiant was not able to determine the origin of the infection, however, the malware, or a predecessor of it, was likely deployed in 2021. Mandiant believes that attacker access has persisted through multiple firmware updates…

    2 users thanked author for this post.
    Reply To: Suspected Chinese Campaign to Persist on SonicWall Devices

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: