SonicWall, a network and cyber security appliance vendor, is reporting that ransomware activity is currently targeting their Secure Mobile Access (SMA) and Secure Remote Access (SRA) products. This ransomware activity is reported by SonicWall as abusing stolen credentials.
The ACSC is aware of stolen credentials affecting Australian organisations that were likely the result of vulnerable SonicWall devices being exploited.
The ACSC has previously issued an alert on a remote credential access vulnerability affecting SonicWall products.
Mitigation
Australian organisations should review their networks for the presence of affected SonicWall products which are outlined in the security notice from SonicWall. If vulnerable products are identified, Australian organisations should review and implement the recommended mitigations provided by SonicWall.
Assistance
The ACSC is monitoring the situation and is able to provide assistance and advice as required.
Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.