Researchers report a large-scale attack compromising over 100 SonicWall SSLVPN accounts using stolen credentials. The campaign involves network scanning and lateral movement, highlighting the importance of immediate security measures. #SonicWall #SSLVPN
Keypoints
- Threat actors have compromised over 100 SonicWall SSLVPN accounts across multiple environments.
- The attacks began on October 4 and involved rapid authentication attempts, suggesting credential theft rather than brute-force hacking.
- Most malicious activity originated from IP address 202.155.8[.]73, focusing on network reconnaissance and lateral movement.
- SonicWallβs encrypted backup files contain credentials in encoded form, reducing the likelihood of data breaches.
- System administrators are advised to reset passwords, disable remote access, and implement multi-factor authentication for protection.