Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials. The exploitation targets a known vulnerability that has been patched in newer versions of firmware.
The notice is specifically for SMA 100 and the older SRA series, and does not affect SMA 1000 series products. Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and/or SMA 100 series with 9.x and 10.x firmware should continue to follow best practices such as update to the latest available SMA firmware or update to the latest SRA firmware and enable multifactor authentication MFA.