A ransomware group caught targeting a recently patched SonicWall vulnerability leveraged that vulnerability before the patch became available, Mandiant reported Thursday. (SonicWall)
A ransomware group caught targeting a recently patched SonicWall vulnerability leveraged that vulnerability before the patch became available, Mandiant reported Thursday.
The vulnerability, a SQL injection bug in SonicWall’s SMA-100 series of remote access products, was already used in a headline-grabbing attack. Hackers used the vulnerability as a zero-day to breach SonicWall itself prior to the patch announcement in January. The latest findings show that another group also sought to take advantage.
Mandiant first observed the ransomware group, which Mandiant has dubbed UNC2447, targeting SonicWall SMA-100 customers organizations in the U.S. and Europe. The group uses a combination of SombRAT and a previously uncatalogued variant of the DeathRansom ransomware that Mandiant calls FIVEHANDS.
Mandiant researchers saw the group deploy the FIVEHANDS malware in January; but the group is older, and forensically tied to hacks us ..
Support the originator by clicking the read the rest link below.
