The networking device merchant has issued a series of mitigations as it's examining the event and developing patches.
Fremont, CA: Networking device maker SonicWall is investigating a security violation of its internal network after discovering what it described as a well-planned attack. Profoundly advanced threat actors targeted the internal systems by abusing likely zero-day vulnerabilities on certain SonicWall secure remote access products. The company originally listed NetExtender VPN clients and the Secure Mobile Access (SMA) gateways as affected, but in an update, announced that only devices part of its SMA 100 series appliances is still under examination as including a zero-day vulnerability.
To help keep its own customers' networks safe, the merchant has involved a series of mitigations in its knowledgebase article, such as disposing of a firewall to restrict who can interact with SMA devices or impairing access via the NetExtender VPN client to its firewalls. SonicWall also urged businesses to activate two-factor authentication in its products for admin accounts.
The networking device maker, whose commodities are often used to protect access to corporate networks, now became the fourth security merchant to unveil a security infringement over the past two months after FireEye, Microsoft, and Malwarebytes. Cisco, another major merchant of networking and security appliances, was also targeted by the SolarWinds hackers. The company was investigating if attackers intensified their initial access from the SolarWinds products to different parts of its network.