Malware is a serious issue for many companies and organizations, and one of the most recent cases involves a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates. According to security firm Mandiant, this campaign is notable for its ability to remain on the devices even after its firmware receives new updates. To achieve this, the malware checks for and copies available firmware upgrades every 10 seconds, unzips it, mounts it, and then copies the malicious files to it. It also adds a backdoor root user to the mounted file and rezips it so it’s ready for installation.
The threat actors have put significant effort into the stability and persistence of their tooling, which allows them to maintain a foothold on the network. This technique is not especially sophisticated, but it does show considerable effort on the part of the attacker to understand the appliance update cycle, then develop and test a method for persistence.
SonicWall has already released an emergency patch for the security appliance in order to prevent these kinds of attacks. Companies and organizations that use SonicWall products will want to make sure they are up-to-date with the latest security patches, as well as other security measures such as network segmentation and firewall rules to protect against malicious activity.
It is important for companies and organizations to stay up-to-date with the latest security patches and other security measures to prevent such malicious malware attacks. This recent case is a reminder of how important it is to stay vigilant and protect against these kinds of attacks.
In conclusion, the recent malware attack on SonicWall security appliances is an example of the importance of staying up-to-date with the latest security patches and other security measures to protect against malicious activity. Companies and organizations that use SonicWall products need to make sure they are up-to-date with the latest security patches, as well as other security measures such as network segmentation and firewall rules to protect against malicious activity.
Key Points:
• Malware is a serious issue for many companies and organizations
• The recent Chinese malware attack on SonicWall security appliances is notable for its ability to remain on the devices even after its firmware receives new updates
• Companies and organizations need to stay up-to-date with the latest security patches and other security measures to protect against malicious activity
• SonicWall has already released an emergency patch for the security appliance in order to prevent these kinds of attacks