BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Chinese UNC4540 hackers spy using unpatched SonicWall devices

    According to Mandiant, Chinese hackers are exploiting unpatched SonicWall gateways and infecting devices with credential-stealing malware that persists after a firmware update.

    The spyware targets SonicWall Secure Mobile Access (SMA) 100 Series, a secure access gateway that provides VPN access to remote users.

    Although the attack is not tied to a new or specific vulnerability, SonicWall encourages organizations to apply the SMA 100 update (10.2.1.7 or later), which includes additional protection and security measures. According to SonicWall, "an extremely limited number of unpatched SMA 100 series devices as of 2021" are affected.

    Last week's update includes additional security measures such as file integrity monitoring (FIM) and anomalous process identification, as well as updates to the OpenSSL library.

    SonicWall was unable to determine the initial attack vector. However, the investigation found that the unpatched devices contained the known exploitable vulnerabilities CVE-2021-20016, CVE-2021-20028, CVE-2019-7483 and CVE-2019-7481.

    Mandiant is tracking the threat actor as UNC4540. In addition, this campaign is consistent with how Chinese attackers are targeting network devices to exploit zero-day exploits, suggesting the involvement of Chinese government hackers.

    According to Mandiant, the campaign uses malware consisting of bash scripts and one binary ELF file, which researchers have identified as a TinyShell backdoor.

    The malware uses a "firewalld" bash script that executes an SQL command to steal credentials and execute the TinyShell backdoor. According to experts, the main purpose of the malware is to steal the hashed credentials of all logged in users. In addition, malware remains resilient even if the device fails.

    The bash script also checks every 10 seconds for a new firmware update. When a new firmware is available, the bash script copies the backup file, adds the malware, and puts the package back in place, indicating that the cybercriminals are trying to understand the device update cycle and then develop a save method.

    Author DeepWeb
    Allegedly, the Russian group Winter Vivern attacks government organizations in different countries
    Mispadu banking trojan targets Latin America: over 90,000 credentials stolen

    Comments 0

    Add comment