By Eduard Kovacs on April 21, 2021
SonicWall’s Email Security product is affected by three vulnerabilities that have been exploited in attacks. It took the vendor roughly two weeks to start releasing patches, but a public warning about active exploitation came only 25 days after it learned about the attacks.
FireEye, whose incident response unit Mandiant spotted the vulnerabilities and their active exploitation in March, warned on Tuesday that a threat actor had been observed exploiting the SonicWall Email Security flaws to install backdoors, access emails and files, and move laterally in the victim’s network.
For the time being, FireEye hasn’t been able to definitively link the attackers to any previously known group so it’s tracking the threat actor as UNC2682 UNC stands for “uncategorized.” The company did note that the hackers appeared to have “intimate knowledge” of how the SonicWall product works.