Background /What has happened?
SonicWall, a network and cyber security appliance vendor, is reporting that ransomware activity is currently targeting their Secure Mobile Access (SMA) and Secure Remote Access (SRA) products. This ransomware activity is reported by SonicWall as abusing stolen credentials.
The ACSC is aware of stolen credentials affecting Australian organisations that were likely the result of vulnerable SonicWall devices being exploited.
The ACSC has previously issued an alert on a remote credential access vulnerability affecting SonicWall products.