company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

HelloKitty

SonicWall

CrowdStrike

loading..
loading..
loading..

HelloKitty - previously patched ransomware targeting vulnerable SonicWall devices alerted by CISA

HelloKitty group targeting "a known, previously patched, vulnerability" SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products ...

19-Jul-2021
7 min read

HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign. HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign.HelloKitty - a previously known and patched vulnerability found targeting the SonicWall Secure Mobile Access (SMA) devices and Secure Remote Access (SRA) devices with an end-of-life framework. The threat actors could exploit the vulnerability as a part of a ransomware campaign.

SonicWall issued an 'important security alert' and sent emails to notify all customers about a potential ransomware attack. Bill Siegel, CEO of Coverware, confirmed the CISAs warning that the ransomware campaign is ongoing even though the risk is imminent. CISA warned all users and corporates about the persistent threat and urged them to upgrade their devices to the latest security frameworks and discard all end-of-life products mentioned in the security notice.

CISA and Sonic Wall have not disclosed the identity of the threat actors behind these attacks yet but, according to reports, the HelloKitty ransomware group is exploiting this vulnerability for the last two weeks. CrowdStrike, a cybersecurity firm, confirmed multiple attackers behind this incident, including the HelloKitty group.

HelloKitty is a human-guided ransomware campaign active since November 2020, mostly known for encrypting the internal systems of CD Projekt Red and stealing source codes of popular games like Cyberpunk and Witcher 3. Heather Smith, a security researcher at CrowdStrike, reported that the vulnerability is tracked as CVE-2019-7481.

A group called UNC2447, tracked down by Mandiant, has exploited the CVE-2021-20016 zero-day error in SonicWall SMA 100 Series VPN products to deploy a new DeathRansome variant of HelloKitty called FiveHands. This same zero-day bug was exploited in January, targeting the internal systems of Sonic Walls.

The Mandiant researchers stated that "The threat actors leveraged the vulnerabilities with critical knowledge of Sonic wall applications and products to penetrate in their systems, access files, and data and move laterally in the network to cause further damage."