Attacks on SonicWall appliances linked to Chinese campaign: Mandiant
CSO Online – Shweta Sharma
The technique used in the attack on SonicWall devices are consistent with earlier attacks from a Chinese campaign. A persistent malware targeting unpatched SonicWall Secure Mobile Access (SMA) appliances has been linked to a Chinese campaign dating back to 2021, according to a Mandiant research done in partnership with SonicWallâs in-house research team.

The responsible malware, dubbed UNC4540, has been found to be stealing user credentials, providing shell access, and persisting through firmware upgrades.

SonicWall did, however, issue SMA 100 firmware 10.2.1.17 update last week as a maintenance release, the spokesperson added.
Link: https://www.csoonline.com/article/3690588/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant.html