19 July 2021

HelloKitty ransomware gang is hunting for vulnerable SonicWall devices


HelloKitty ransomware gang is hunting for vulnerable SonicWall devices

Last week, the network equipment vendor SonicWall released a security notice warning its customers of “imminent” ransomware campaign targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) appliances with end-of-life 8.x firmware.

The company said that attackers are targeting an old SQL injection vulnerability in SonicWall SRA that allows to execute arbitrary SQL queries in database. The issue affects SRA appliances running all 8.x firmware or an old version of firmware 9.x (9.0.0.9-26sv or earlier) and has been fixed in recent versions of the firmware.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also warned of ongoing ransomware attacks attempting to exploit known, previously patched, vulnerability in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.

Neither SonicWall nor CISA did not share any details regarding a threat actor behind this campaign, however, according to Bleeping Computer, the HelloKitty ransomware gang has been exploiting the vulnerability in a recent series of attacks.

In its June report the cybersecurity firm Coveware said the Babuk ransomware gang is also targeting SonicWall devices, namely SonicWall VPNs, likely vulnerable to CVE-2020-5135. Although this flaw was patched by vendor in October 2020, it still is being heavily abused by ransomware groups.

UNC2447 is another cybercrime group that targeted vulnerabilities in SonicWall equipment in the past. In particular, the gang abused the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy the FiveHands ransomware.


Back to the list

Latest Posts

Hackers exploited ancient Adobe ColdFusion bug to drop Cring ransomware

Hackers exploited ancient Adobe ColdFusion bug to drop Cring ransomware

The attackers made use of the vulnerabilities patched by Adobe more than ten years ago.
23 September 2021
Hackers are on the hunt for vulnerable VMware vCenter servers

Hackers are on the hunt for vulnerable VMware vCenter servers

Scans are based on the workaround provided by VMware to customers who could not immediately update their appliances.
23 September 2021
Another U.S. farm coop falls victim to ransomware

Another U.S. farm coop falls victim to ransomware

The incident marks the second ransomware attack in the last week targeting an agriculture cooperative.
23 September 2021