SonicWall, who built the communications equipment, said on Friday night, he was investigating a security breach of his internal network after discovering what he described as a “sophisticated attack.”
SonicWall has issued an emergency security alert about threat actors using the zero-day risk on their VPN products to attack their internal systems.
SonicWall is a well-known manufacturer of hardware firewall devices, VPN gates, and network security solutions in their products widely used in SMB / SMEs and large business organizations.
In a brief statement posted on its website, the company said, “the most high-risk actors” have targeted their internal systems “by using zero-day risks on certain SonicWall secure access products.”
The company has Marked NetExtender VPN customers and Secure Mobile Access (SMA) gateways as affected:
- The NetExtender VPN 10.x client version (released in 2020) was used to connect to SMA 100 series devices and SonicWall fire extinguishers.
- Secure Mobile Access (SMA) version 10.x operating on SMA 200, SMA 210, SMA 400, SMA 410 consumables, and SMA 500v.
- SonicWall said the new SMA 1000 series is unaffected as this particular product series uses a different VPN client than NetExtender.
The zero-day risk patches are not available at the time of writing.
To help keep its customers’ networks secure, the vendor has included a series of limitations in its information database, such as installing a firewall to limit who can interact with SMA devices or disable access to a NetExtender VPN client to its firewalls.
SonicWall also urged companies to enable two authentication options for their products on admin accounts.
The communications device manufacturer, whose product is often used to protect corporate networks, is now the fourth security vendor to expose security breaches over the past two months, following FireEye, Microsoft, and Malwarebyte.
All three previous companies were broken during the SolarWinds chain attack. CrowdStrike said it targeted the SolarWinds hack as well, but the attack was unsuccessful.
Cisco, another major retailer of communications and security devices, was also targeted by SolarWinds hackers. Last month, the company was investigating whether attackers increased their access for the first time from SolarWinds products to other parts of its network.
Several sources have also suggested that SonicWall may have been the victim of a ransomware attack.