Network device maker SonicWall said Friday night it was investigating a breach of its internal network, after discovering what it described as a “coordinated attack”.
In a brief statement posted on its knowledge bank portal, the company said that “highly sophisticated actors of threats” had targeted its internal systems by ‘exploiting potential zero-day vulnerabilities on certain SonicWall secure remote access products.’
The company is listed NetExtender VPN clients and the Secure Mobile Access (SMA) gates as affected:
- NetExtender VPN client version 10.x (released in 2020) is used to connect to SMA 100 equipment and SonicWall firewalls.
- Secure Mobile Access (SMA) version 10.x is used on SMA 200, SMA 210, SMA 400, SMA 410 physical devices and the SMA 500v virtual device.
SonicWall said the newer SMA 1000 range is not affected as the specific product range uses a VPN client other than NetExtender.
Patches for the zero-day vulnerability are not available at the time of writing.
To help keep its own customers’ networks secure, the vendor has included a series of mitigations in its knowledge base article, such as using a firewall to restrict who can communicate with SMA devices or to access via the NetExtender VPN client to connect to its firewalls.
SonicWall has also called on companies to enable two-factor authentication options in its admin account products.
The manufacturer of network devices, whose products are frequently used to ensure access to corporate networks, is now the fourth security vendor to announce a security breach in the past two months after FireEye, Microsoft and Malwarebytes.
All three previous companies were breached during the attack on the SolarWinds chain offering. CrowdStrike said it was also targeted in the SolarWinds hack, but the attack did not succeed.
Cisco, another major provider of network and security devices, was also targeted by the SolarWinds hackers. The company said last month it was investigating whether attackers were increasing their initial access from the SolarWinds products to other parts of its network.
Several sources in the threat community told ZDNet after the publication of this article that SonicWall could be the victim of a ransomware attack.