After SonicWall and CISA warned of targeted attacks against SonicWall Secure Mobile Access (SMA) 100 and Secure Remote Access (SRA) devices running End of Life (EoL) firmware, sources told BleepingComputer that the group behind HelloKitty was responsible for the “imminent threat” of ransomware notice. According to BleepingComputer, CrowdStrike also confirmed multiple other threat actors targeting these devices along with HelloKitty. The abused vulnerability is being tracked as CVE-2019-7481 and has been patched in firmware versions released in early 2021, according to a statement by SonicWall. Other exploits have been potentially identified as being abused as well, including CVE-2019-7481 and CVE-2020-5135.
Note: this post was originally shared on https://squiblydoo.blog/ by a member of the Binary Defense Team. In