SonicWall Secure Mobile Access 100 is a secure remote access device that helps organizations deploy remote workgroups securely. In 2021, the device was hacked by hackers.
Security firm Mandiant said hackers breached the security of devices by running malware on unpatched SonicWall SMA devices. The work of the hackers was distinguished by the fact that the malware can remain on the devices even after receiving a new firmware.
To achieve this flexibility, the malware checks for available firmware updates every 10 seconds. When an update becomes available, the malware copies the archive file for backup, decompresses, uploads, and then copies the entire malicious file package to it.
Additionally, the malware adds a backdoor to the linked file. The malware opens the file so that it is ready for installation.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
