Attacks on SonicWall appliances linked to Chinese campaign: Mandiant

A persistent malware targeting unpatched SonicWall Secure Mobile Access (SMA) appliances has been linked to a Chinese campaign dating back to 2021, according to a Mandiant research done in partnership with SonicWall’s in-house research team.

The responsible malware, dubbed UNC4540, has been found to be stealing user credentials, providing shell access, and persisting through firmware upgrades.

“This is not a new vulnerability, so a patch was not published,” a Mandiant spokesperson said. “The findings are based on the analysis of an extremely limited number of unpatched SMA 100 series appliances from the 2021 timeframe.”

To read this article in full, please click here