SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

SonicWall VPN

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems.

The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access (SMA) that are used to provide users with remote access to internal resources.

“Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products,” the company exclusively told The Hacker News.

password auditor

The development comes after The Hacker News received reports that SonicWall’s internal systems went down earlier this week on Tuesday and that the source code hosted on the company’s GitLab repository was accessed by the attackers.

SonicWall wouldn’t confirm the reports beyond the statement, adding it would provide additional updates as more information becomes available.

The complete list of affected products include:

  • NetExtender VPN client version 10.x (released in 2020) utilized…

Have a comment? Type it below!