BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Chinese UNC4540 hackers spy using unpatched SonicWall devices

    According to Mandiant, Chinese hackers are exploiting unpatched SonicWall gateways and infecting devices with credential-stealing malware that persists after a firmware update.

    The spyware targets SonicWall Secure Mobile Access (SMA) 100 Series, a secure access gateway that provides VPN access to remote users.

    Although the attack is not tied to a new or specific vulnerability, SonicWall encourages organizations to apply the SMA 100 update (10.2.1.7 or later), which includes additional protection and security measures. According to SonicWall, "an extremely limited number of unpatched SMA 100 series devices as of 2021" are affected.

    Last week's update includes additional security measures such as file integrity monitoring (FIM) and anomalous process identification, as well as updates to the OpenSSL library.

    SonicWall was unable to determine the initial attack vector. However, the investigation found that the unpatched devices contained the known exploitable vulnerabilities CVE-2021-20016, CVE-2021-20028, CVE-2019-7483 and CVE-2019-7481.

    Mandiant is tracking the threat actor as UNC4540. In addition, this campaign is consistent with how Chinese attackers are targeting network devices to exploit zero-day exploits, suggesting the involvement of Chinese government hackers.

    According to Mandiant, the campaign uses malware consisting of bash scripts and one binary ELF file, which researchers have identified as a TinyShell backdoor.

    The malware uses a "firewalld" bash script that executes an SQL command to steal credentials and execute the TinyShell backdoor. According to experts, the main purpose of the malware is to steal the hashed credentials of all logged in users. In addition, malware remains resilient even if the device fails.

    The bash script also checks every 10 seconds for a new firmware update. When a new firmware is available, the bash script copies the backup file, adds the malware, and puts the package back in place, indicating that the cybercriminals are trying to understand the device update cycle and then develop a save method.

    Author DeepWeb
    Allegedly, the Russian group Winter Vivern attacks government organizations in different countries
    Mispadu banking trojan targets Latin America: over 90,000 credentials stolen

    Comments 0

    Add comment