Credential Access Campaign Targeting SonicWall SMA Devices Linked to CVE-2021-20035
ID: 3debb2bf-8e28-5266-b100-a05267ffcf2e
STIX ID: report--3debb2bf-8e28-5266-b100-a05267ffcf2e
Feed Name: Arctic Wolf Blog
Threat Score
Arctic Wolf reports an active campaign (Jan–Apr 2025) targeting SonicWall SMA 100 series appliances that leverages CVE-2021-20035 — recently reclassified by SonicWall as allowing remote code execution and added to CISA’s KEV — alongside credential-compromise techniques (including default/insecure local admin passwords and credential stuffing) to access VPN accounts; the advisory urges patching, enabling MFA, resetting local passwords, limiting VPN accounts, disabling unused accounts, and configuring syslog monitoring.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.