According to Mandiant, suspected Chinese cybercriminals are focusing their efforts on SonicWall gateways that haven’t been patched and are infecting the devices with malware that steals credentials and survives firmware updates. The SonicWall Secure Mobile Access 100 Series is a gateway that gives remote users access to a VPN, and it is the target of malware.
Further hardening measures like File Integrity Monitoring and the detection of suspicious processes were incorporated in last week’s firmware upgrade, which the spokesperson referred to as a “maintenance release.” These measures were also included in updates to the OpenSSL library.