The Australian Cyber Security Centre (ACSC) has warned that SonicWall devices have been targeted with ransomware by malicious actors using stolen credentials.
The alarm was raised by cyber security company SonicWall, which revealed that malicious actors have used ransomware to target its Secure Mobile Access (SMA) and Secure Remote Access (SRA) products, using stolen credentials.
According the the ACSC, it is likely that these credentials were likely stolen following a breach in SonicWall devices.
“The ACSC is aware of stolen credentials affecting Australian organisations that were likely the result of vulnerable SonicWall devices being exploited,” the ACSC posted.
The ACSC recommends that individuals and businesses review the SonicWall security notice to see whether they are at risk of being exploited by the ransomware.
“If vulnerable products are identified, Australian organisations should review and implement the recommended mitigations provided by SonicWall,” the centre notes.
While it has yet to be confirmed who the attackers were, several industry sources have alleged to BleepingComputer that HelloKitty was recently probing the vulnerabilities.
In a comment emailed out to users, the actors targeted vulnerabilities that the company was already aware of.
"This exploitation targets a long-known vulnerability that was patched in newer versions of firmware released in early 2021," the company said.