Network device maker SonicWall said late on Friday that it is investigating a security breach on its internal network after detecting what it described as a “coordinated attack”.
In a short statement posted on its knowledge base portal, the company said “highly sophisticated threat actors” targeted its internal systems “by exploiting probable zero-day vulnerabilities in certain SonicWall secure remote access products”.
The listed company NetExtender VPN clients and the Secure mobile access (SMA) affected gateways:
- NetExtender VPN client version 10.x (launched in 2020) used to connect SMA 100 series devices and SonicWall firewalls.
- Secure Mobile Access (SMA) version 10.x runs on physical devices SMA 200, SMA 210, SMA 400, SMA 410 and on the virtual device SMA 500v.
SonicWall said the latest SMA 1000 series was not affected, as that particular product series is using a VPN client other than NetExtender.
Patches for zero-day vulnerabilities are not available at the time of writing.
To help keep their own customers’ networks secure, the vendor has included a number of mitigations in its knowledge base article, such as deploying a firewall to limit who can interact with SMA devices or disable access via the NetExtender VPN client to your firewalls.
SonicWall also asked companies to enable two-factor authentication options in their products for administrator accounts.
The manufacturer of network devices, whose products are often used to protect access to corporate networks, now becomes the fourth security vendor to disclose a security breach in the past two months after FireEye, Microsoft and Malwarebytes.
All three previous companies were breached during the attack on SolarWinds’ supply chain. CrowdStrike said he was also the target of the SolarWinds hack, but the attack was unsuccessful.
Cisco, another major provider of network and security devices, was also targeted by SolarWinds hackers. The company said last month that it was investigating whether attackers had scaled their initial access of SolarWinds products to other parts of their network.
Several sources in the threat intelligence community told ZDNet after the publication of this article that SonicWall may have been the victim of a ransomware attack.