Read Time:32 Second
A persistent malware targeting unpatched SonicWall Secure Mobile Access (SMA) appliances has been linked to a Chinese campaign dating back to 2021, according to a Mandiant research done in partnership with SonicWall’s in-house research team.
The responsible malware, dubbed UNC4540, has been found to be stealing user credentials, providing shell access, and persisting through firmware upgrades.
“This is not a new vulnerability, so a patch was not published,” a Mandiant spokesperson said. “The findings are based on the analysis of an extremely limited number of unpatched SMA 100 series appliances from the 2021 timeframe.”