SonicWall VPN accounts breached using stolen creds in widespread attacks www.bleepingcomputer.com/news/secu…

Researchers warn that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign using stolen, valid credentials.

Although in some cases the attackers disconnected after a short period, in others they followed up with network scans and attempts to access local Windows accounts.

Most of this activity began on October 4, as observed by managed cybersecurity platform Huntress at multiple customer environments.

The attacks have impacted over 100 SonicWall SSLVPN accounts across 16 environments that Huntress protects, indicating a significant and widespread campaign that was still ongoing on October 10.

According to SonicWall’s security checklist, system administrators need to take the following protective steps:

• Reset and update all local user passwords and temporary access codes
• Update passwords on LDAP, RADIUS, or TACACS+ servers
• Update secrets in all IPSec site-to-site and GroupVPN policies
• Update L2TP/PPPoE/PPTP WAN interface passwords
• Reset the L2TP/PPPoE/PPTP WAN interfaces