Google finds custom backdoor being installed on SonicWall network devices
Hackers are infiltrating SonicWall Secure Mobile Access (SMA) appliances, which are crucial for managing and securing mobile device access in enterprise networks. These targeted devices are no longer receiving updates, making them vulnerable to attacks. Google's Threat Intelligence Group has identified the hacking group UNC6148 as responsible for these breaches. Organizations using SMA appliances are advised to check for compromises and conduct forensic analysis to counter the rootkit anti-forensic capabilities. Collaboration with SonicWall may be necessary to capture disk images from physical appliances for further investigation.
Ars Technica•