SonicWall, a firewall and cybersecurity solution provider based out of Silicon Valley, recently confirmed that their company was infiltrated by what the SonicWall team is calling a “coordinated attack on its internal systems” on January 22nd, 2021.
The attackers honed in on supposed zero-day vulnerabilities within SonicWall’s NetExtender VPN line of remote access products. A zero-day refers to attacks on software weaknesses that the company itself was not aware of.
Because of the nature of the attack, SonicWall rushed to identify the vulnerabilities as soon as possible, but in a follow-up statement on January 24th, said that the issue may not be limited to the NetExtender VPN client version 10.x and Secure Mobile Access (SMA) version 10.x as previously believed. In reality, SonicWall says, the vulnerabilities may affect all SonicWall products.
Company leaders have stated that customers and partners are not required to take any action at this time. SonicWall released an alert detailing how customers and partners can minimize any further attacks until they can make the necessary patches.