Hackers target SonicWall customers through email weak spot

FILE PHOTO: Man holds laptop computer as cyber code is projected on him in this illustration picture · Reuters

By Raphael Satter

WASHINGTON (Reuters) -Hackers have targeted customers of California-based network services firm SonicWall via a previously undisclosed vulnerability in its email security product, the company and cybersecurity firm FireEye said https://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html Tuesday.

In a statement https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360, SonicWall Inc said that the vulnerability had been "exploited in the wild", meaning hackers had already used the flaw to break into target systems. SonicWall said it had published a fix for the issue and urged customers to "immediately upgrade" their software.

The intrusions are the latest in a string of hacks using third-party provided software and hardware in the United States. The most notable - the compromise of SolarWinds Corp by alleged Russian hackers last year - has raised concerns about the ability of end users to vet the security of their devices and their programs.

Last month, it was disclosed that an unknown number of Microsoft customers had been compromised after an allegedly Chinese hacking group made use of serious vulnerabilities in the company's email server software.

Just last week, a breach with potentially serious knock-on consequences was reported at San Francisco-based software auditing firm Codecov. Earlier on Tuesday, hackers were outed for exploiting a serious vulnerability in VPN devices made by Utah-based IT firm Ivanti.

In SonicWall's case, hackers could have used the weakness to easily gain "a pretty significant foothold" in their targets' networks, said Charles Carmakal, a senior vice president of Mandiant, an arm of FireEye. He said his firm didn't have a clear idea of who the hackers were and said that he was aware of "fewer than five" victims.

(Reporting by Raphael Satter; Editing by Sam Holmes)