19 July 2021

HelloKitty ransomware gang is hunting for vulnerable SonicWall devices


HelloKitty ransomware gang is hunting for vulnerable SonicWall devices

Last week, the network equipment vendor SonicWall released a security notice warning its customers of “imminent” ransomware campaign targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) appliances with end-of-life 8.x firmware.

The company said that attackers are targeting an old SQL injection vulnerability in SonicWall SRA that allows to execute arbitrary SQL queries in database. The issue affects SRA appliances running all 8.x firmware or an old version of firmware 9.x (9.0.0.9-26sv or earlier) and has been fixed in recent versions of the firmware.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also warned of ongoing ransomware attacks attempting to exploit known, previously patched, vulnerability in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.

Neither SonicWall nor CISA did not share any details regarding a threat actor behind this campaign, however, according to Bleeping Computer, the HelloKitty ransomware gang has been exploiting the vulnerability in a recent series of attacks.

In its June report the cybersecurity firm Coveware said the Babuk ransomware gang is also targeting SonicWall devices, namely SonicWall VPNs, likely vulnerable to CVE-2020-5135. Although this flaw was patched by vendor in October 2020, it still is being heavily abused by ransomware groups.

UNC2447 is another cybercrime group that targeted vulnerabilities in SonicWall equipment in the past. In particular, the gang abused the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy the FiveHands ransomware.


Back to the list

Latest Posts

Iranian hackers masqueraded as aerobics instructor to breach US defence company

Iranian hackers masqueraded as aerobics instructor to breach US defence company

The threat actor used alluring social media persona to infect the machine of an employee of the US aerospace defense contractor with the LEMPO malware.
29 July 2021
US, UK and Australia reveal most targeted vulnerabilities in the last two years

US, UK and Australia reveal most targeted vulnerabilities in the last two years

CVE-2019-19781 was the most exploited flaw in 2020.
29 July 2021
Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

The latest version of PlugX has a variety of plug-ins that allow hackers to monitor, update and interact with the compromised system.
29 July 2021