UNC4540, a China-linked cybercriminal group, was observed deploying a custom backdoor on a SonicWall SMA appliance. Attackers show a thorough understanding of the appliance and use a set of malicious files to obtain privileges. The malware is capable of extracting credentials, achieving persistence through firmware upgrades, and remotely executing code.
Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!
