[UPDATE] Cybersecurity firm SonicWall said late on Friday that some of its internal systems were targeted by “highly sophisticated threat actors” exploiting what appear to be zero-day vulnerabilities affecting some of the company’s products.
SonicWall provides network, access, email, cloud, and endpoint security solutions. The company said the attackers may have exploited zero-day vulnerabilities in some of its secure remote access products, namely its Secure Mobile Access (SMA) client version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.
SonicWall has issued an alert with recommendations on what users of the impacted products should do to prevent potential attacks until patches are made available.
The company described the incident as a “coordinated attack.”
Before the news broke, SecurityWeek received an anonymous email claiming that SonicWall was hit by ransomware and that hackers managed to steal “all customer data.”
A second anonymous email to SecurityWeek said all internal systems went down on Tuesday at SonicWall and that the attackers left a message on Wednesday asking to be contacted by the company’s CEO. The same individual also claimed all source code was stolen from SonicWall’s GitLab repository as a result of the breach.
A screenshot described as proof that the hackers had full access to all internal systems at SonicWall only showed the results of a search conducted using the Shodan search engine.
SonicWall made no mention of ransomware or if any data may have been compromised, and SecurityWeek has not been able to independently confirm the claims — they could be false claims that may have nothing to do with the actual breach suffered by SonicWall.
Unfortunately, the company has not provided any visibility into any actions taken by the attackers beyond exploiting zero-days, leaving customers, partners and other wondering.
SecurityWeek has reached out to SonicWall for additional information.
*Upated 1/24/21 8:52AM ET
Related: Critical Vulnerability Allows Hackers to Disrupt SonicWall Firewalls
Related: Serious Vulnerabilities Expose SonicWall SMA Appliances to Remote Attacks

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Latest News
- Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April
- US to Adopt New Restrictions on Using Commercial Spyware
- Hackers Earn Over $1 Million at Pwn2Own Exploit Contest
- GoAnywhere Zero-Day Attack Hits Major Orgs
- Australia Dismantles BEC Group That Laundered $1.7 Million
- ‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
- Webinar Tomorrow: Understanding Hidden Third-Party Identity Access Risks
- GitHub Rotates Publicly Exposed RSA SSH Private Key
