Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise
ATT&CK techniques detected
T1556.006Multi-Factor Authentication
74%
“services one at a time and monitor for reappearance of unauthorised access. enforce mfa for all admin and remote accounts and apply least privilege to management roles.”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078Valid Accounts
55%
“huntress threat advisory : widespread sonicwall sslvpn compromise as of october 10, huntress has observed widespread compromise of sonicwall sslvpn devices across multiple customer environments. threat actors are authenticating into multiple accounts rapidly across compromised de…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1003OS Credential Dumping
36%
“huntress threat advisory : widespread sonicwall sslvpn compromise as of october 10, huntress has observed widespread compromise of sonicwall sslvpn devices across multiple customer environments. threat actors are authenticating into multiple accounts rapidly across compromised de…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
30%
“huntress threat advisory : widespread sonicwall sslvpn compromise as of october 10, huntress has observed widespread compromise of sonicwall sslvpn devices across multiple customer environments. threat actors are authenticating into multiple accounts rapidly across compromised de…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Huntress has observed a spike in compromises of SonicWall SSLVPN devices across multiple customer environments.