SonicWall Said Internal Systems Were Targeted by “Highly Sophisticated Threat Actors”


Late on Friday, the cybersecurity firm SonicWall said that some of its internal networks were attacked by “highly advanced threat actors” leveraging what seem to be zero-day vulnerabilities impacting some of the goods of the company.

Network, connectivity, email, cloud, and endpoint protection solutions are offered by SonicWall. In some of its protected remote access devices, including NetExtender VPN client version 10.x, which is used to connect to Secure Mobile Access (SMA) 100 series appliances and SonicWall firewalls, as well as SMA version 10.x running on SMA 200, 210, 400 and 410 physical appliances or the SMA 500v virtual appliance, the company said the attackers may have exploited zero-day vulnerabilities.

In order to stop future attacks before fixes are made available, SonicWall has released a warning with instructions for what consumers of the infected goods can do.

The firm described the incident as a “coordinated assault.”


We got an anonymous email before the news spread, alleging that ransomware hit SonicWall and that hackers managed to grab “all customer data.”

A second anonymous email said all internal services went down at SonicWall on Tuesday and that on Wednesday, the attackers left a message requesting to be approached by the CEO of the company. The same person also stated that as a result of the breach, all source code was taken from SonicWall’s GitLab repository.

Only the results of a search carried out using the Shodan search engine were seen by a screenshot identified as evidence that the hackers had complete access to all internal networks at SonicWall.

SonicWall could not reveal any malware specifics or what kind of data could have been hacked, and could not reliably validate the allegations, which may be unfounded claims that could have nothing to do with SonicWall’s actual hack.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.