Cybersecurity firm SonicWall said late on Friday that some of its internal systems were targeted by “highly sophisticated threat actors” exploiting what appear to be zero-day vulnerabilities affecting some of the company’s products.
SonicWall provides network, access, email, cloud, and endpoint security solutions. The company said the attackers may have exploited zero-day vulnerabilities in some of its secure remote access products, namely NetExtender VPN client version 10.x, which is used to connect to Secure Mobile Access (SMA) 100 series appliances and SonicWall firewalls, as well as SMA version 10.x running on SMA 200, 210, 400 and 410 physical appliances or the SMA 500v virtual appliance.
SonicWall has issued an alert with recommendations on what users of the impacted products should do to prevent potential attacks until patches are made available.
The company described the incident as a “coordinated attack.”
Before the news broke, SecurityWeek received an anonymous email claiming that SonicWall was hit by ransomware and that hackers managed to steal “all customer data.”
A second anonymous email said all internal systems went down on Tuesday at SonicWall and that the attackers left a message on Wednesday asking to be contacted by the company’s CEO. The same individual also claimed all source code was stolen from SonicWall’s GitLab repository as a result of the breach.
A screenshot described as proof that the hackers had full access to all internal systems at SonicWall only showed the results of a search conducted using the Shodan search engine.
SonicWall has not shared any information about ransomware or what type of data may have been compromised, and SecurityWeek has not been able to independently confirm the claims — they could be false claims that may have nothing to do with the actual breach suffered by SonicWall.
SecurityWeek has reached out to SonicWall for additional information.