Technology

Google finds custom backdoor being installed on SonicWall network devices

Source

Ars Technica

Published

Jul 16, 2025

TL;DR

AI Generated

Hackers are infiltrating SonicWall Secure Mobile Access (SMA) appliances, which are crucial for managing and securing mobile device access in enterprise networks. These targeted devices are no longer receiving updates, making them vulnerable to attacks. Google's Threat Intelligence Group has identified the hacking group UNC6148 as responsible for these breaches. Organizations using SMA appliances are advised to check for compromises and conduct forensic analysis to counter the rootkit anti-forensic capabilities. Collaboration with SonicWall may be necessary to capture disk images from physical appliances for further investigation.

Read Full Article

Iran claims US exploited networking equipment backdoors during strikes — says devices from Cisco and others failed despite blackout in attack that 'indicates deep sabotage'

Iran has accused the U.S. of exploiting networking equipment backdoors from Cisco, Juniper, Fortinet, and MikroTik during military operations against Iran. The Iranian media claims that these devices failed during the attacks despite Iran being disconnected from the global Internet, suggesting deep sabotage. While these claims are unverified, the U.S. has confirmed conducting cyber operations against Iran's communications infrastructure. The vendors named by Iran have had past security issues, with examples like NSA intercepting Cisco routers for surveillance implants and Juniper finding unauthorized code in its firmware. Chinese state media has supported Iran's claims, linking them to American backdoors in networking hardware.

Tom's Hardware•

1 week ago

Ultra Ethernet Security (UET‑TSS) Tailored For AI And HPC

The article discusses the development of Ultra Ethernet Security (UET‑TSS) tailored for AI and HPC systems. Traditional Ethernet security mechanisms were not designed for the scaling and trust assumptions of next‑generation networks supporting AI and high‑performance computing (HPC). The Ultra Ethernet Consortium (UEC) introduced the Ultra Ethernet Specification 1.0 to define a new Ethernet‑based transport protocol for AI and HPC networks, focusing on security as a key architectural concern. The Ultra Ethernet Transport Security Sub‑layer (UET‑TSS) was created to address the security challenges posed by the architectural shift in AI/HPC clusters. Rambus introduced two new solutions, UET-TSS-IP-69 and UET-TSS-IP-369, to secure UET transport protocol with TSS for SmartNICs and NIC chiplets.

SemiEngineering•

2 months ago

As many as 2 million Cisco devices affected by actively exploited 0-day

A zero-day vulnerability affecting up to 2 million Cisco devices has been actively exploited, allowing attackers to remotely crash or execute code on vulnerable systems. The vulnerability, identified as CVE-2025-20352, exists in all supported versions of Cisco IOS and Cisco IOS XE, posing a risk to various networking devices. It can be leveraged by low-privileged users for denial-of-service attacks or by higher-privileged users to run code with root privileges. Cisco advises customers to upgrade to a patched software release to address this issue, which has a severity rating of 7.7 out of 10.

Ars Technica•

8 months ago

DDoS scrubbing service ironic target of massive attack it was built to prevent — hit with 1.5 billion packets per second from more than 11,000 distributed networks

A DDoS scrubbing service was hit by a massive DDoS attack, receiving 1.5 billion packets per second from over 11,000 distributed networks. FastNetMon, a defensive firm, helped mitigate the attack, emphasizing the need for ISP-level support against such attacks. DDoS scrubbing is a defense mechanism that filters traffic to distinguish legitimate users from malicious sources. While this attack was successfully defended, it highlights the growing threat of DDoS attacks and the need for stronger anti-DDoS measures and regulations.