HelloKitty group targeting "a known, previously patched, vulnerability" SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products ...
HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign.HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign.
SonicWall issued an 'important security alert' and sent emails to notify all customers about a potential ransomware attack. Bill Siegel, CEO of Coverware, confirmed the CISAs warning that the ransomware campaign is ongoing even though the risk is imminent. CISA warned all users and corporates about the persistent threat and urged them to upgrade their devices to the latest security frameworks and discard all end-of-life products mentioned in the security notice.
CISA and Sonic Wall have not disclosed the identity of the threat actors behind these attacks yet but, according to reports, the HelloKitty ransomware group is exploiting this vulnerability for the last two weeks. CrowdStrike, a cybersecurity firm, confirmed multiple attackers behind this incident, including the HelloKitty group.
HelloKitty is a human-guided ransomware campaign active since November 2020, mostly known for encrypting the internal systems of CD Projekt Red and stealing source codes of popular games like Cyberpunk and Witcher 3. Heather Smith, a security researcher at CrowdStrike, reported that the vulnerability is tracked as CVE-2019-7481.
A group called UNC2447, tracked down by Mandiant, has exploited the CVE-2021-20016 zero-day error in SonicWall SMA 100 Series VPN products to deploy a new DeathRansome variant of HelloKitty called FiveHands. This same zero-day bug was exploited in January, targeting the internal systems of Sonic Walls.
The Mandiant researchers stated that "The threat actors leveraged the vulnerabilities with critical knowledge of Sonic wall applications and products to penetrate in their systems, access files, and data and move laterally in the network to cause further damage."