During the attacks, hackers exploit a vulnerability that has been fixed in newer firmware versions.
Specialists from SonicWall and CISA warned users about a malicious campaign organized by the operators of the HelloKitty ransomware. Attackers target Secure Mobile Access (SMA) 100 and Secure Remote Access (SRA) devices that have reached the End of Life (EOL). During the attacks, hackers exploit a vulnerability in the firmware, which has been fixed in newer versions.
Organizations using SRA and SMA 100 series products with outdated firmware are at imminent risk of a ransomware attack.
As confirmed by experts from the CrowdStrike company, several cybercriminal groups, including the operators of the HelloKitty ransomware, exploit the CVE-2019-7481 vulnerability during attacks. Another group, the monitored information security company Mandiant how UNC2447, used the vulnerability CVE-2021-20016 before it was corrected by the manufacturer in February 2021. The same vulnerability was exploited in January 2021 in an attack on SonicWall’s internal systems.
Catch up on more articles here
Follow us on Twitter here