{"id":50952,"date":"2023-03-10T09:30:00","date_gmt":"2023-03-10T09:30:00","guid":{"rendered":"https:\/\/www.csoonline.com\/article\/3690588\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant.html#tk.rss_security"},"modified":"2023-03-10T09:30:00","modified_gmt":"2023-03-10T09:30:00","slug":"attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/","title":{"rendered":"Attacks on SonicWall appliances linked to Chinese campaign: Mandiant"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2020\/03\/danger_warning_emblazoned_across_a_glitched_china_flag_chinese_security_threat_by_koszubarev_gettyimages-1084348972_2400x1600-100836516-large.jpg?auto=webp&amp;quality=85,70\" class=\"ff-og-image-inserted\"><\/div>\n<p>A persistent <a href=\"https:\/\/www.csoonline.com\/article\/3295877\/what-is-malware-viruses-worms-trojans-and-beyond.html\">malware<\/a> targeting unpatched SonicWall Secure Mobile Access (SMA) appliances has been linked to a Chinese campaign dating back to 2021, according to a Mandiant research done in partnership with SonicWall\u2019s in-house research team.<\/p>\n<p>The responsible malware, dubbed UNC4540, has been found to be stealing user credentials, providing shell access, and persisting through firmware upgrades.<\/p>\n<p>\u201cThis is not a new vulnerability, so a patch was not published,\u201d a Mandiant spokesperson said. \u201cThe findings are based on the analysis of an extremely limited number of unpatched SMA 100 series appliances from the 2021 timeframe.\u201d<\/p>\n<p>SonicWall did, however, issue SMA 100 firmware 10.2.1.17 update last week as a maintenance release, the spokesperson added.<\/p>\n<p>The SMA series is a line of on-premises security appliances developed and manufactured by SonicWall that are designed to provide remote access to corporate networks, cloud applications, and other resources for employees, contractors, and partners.<\/p>\n<h2><strong>Attacks are consistent with earlier Chinese hacks <\/strong><\/h2>\n<p>Mandiant has identified a pattern of Chinese attackers utilizing numerous <a href=\"https:\/\/www.csoonline.com\/article\/3284084\/zero-days-explained-how-unknown-vulnerabilities-become-gateways-for-attackers.html\">zero-day<\/a> exploits and malware to gain full access to enterprise systems through various internet-facing network appliances, and the SonicWall SMA appliances attack as part of this trend.<\/p>\n<aside class=\"nativo-promo nativo-promo-1 smartphone\" id> <\/aside>\n<p>The techniques used were found to be consistent with multiple security incidents in April 2021 involving compromises of Pulse Secure <a href=\"https:\/\/www.csoonline.com\/article\/3567052\/optimizing-vpns-for-security-5-key-tasks.html\">VPN<\/a> appliances through authentication bypass.<\/p>\n<p>Earlier in March 2021, Mandiant Managed Defense had also discovered three zero-day vulnerabilities being actively exploited in SonicWall\u2019s Email Security product indicating a persistent malicious presence in SonicWall\u2019s system.<\/p>\n<aside class=\"nativo-promo nativo-promo-1 tablet desktop\" id> <\/aside>\n<p>Usually, vendors do not allow users direct access to the operating system or the file system. Instead, they provide administrators with a graphical user interface or a restricted Command Line Interface that prevents accidental damage to the system.&nbsp;<\/p>\n<p>Due to this restricted access, Chinese attackers are putting in significant resources and effort to create exploits and malware for managed devices, according to a Mandiant blog post.<\/p>\n<h2><strong>Malware module primarily steals credentials <\/strong><\/h2>\n<p>The main malware entry point is a bash script named \u201cfirewalld\u201d, which essentially executes an SQL command to accomplish credential stealing along with the execution of few other components. firewalld is used to initiate TinyShell backdoor, a remote access hack through PHP script, which then allows the attackers to run arbitrary SQL commands and perform various malicious activities.<\/p>\n<p>A TinyShell backdoor is typically installed by exploiting vulnerabilities in web applications or by using <a href=\"https:\/\/www.csoonline.com\/article\/3563352\/brute-force-attacks-explained-and-why-they-are-on-the-rise.html\">brute force attacks<\/a> to guess weak passwords for login pages. Once the attacker gains access to the web server, they can upload the TinyShell script and execute it to gain remote access.<\/p>\n<aside class=\"nativo-promo nativo-promo-2 tablet desktop smartphone\" id> <\/aside>\n<p>The primary purpose of the malware was found to be stealing hashed credentials from all logged in users by executing the SQL command, \u201cselect userName, password from Sessions<em>\u201d. <\/em>This command targets the session information with hashed credentials in the source database maintained by the unpatched appliance.<\/p>\n<h2>Module designed for persistence and stability<\/h2>\n<p>The attackers have primarily focused on the stability and persistence of their tooling, allowing access to the network to persist through firmware updates and maintaining network foothold through the SonicWall device.<\/p>\n<p>Used as the entry point and persistence in this attack, firewalld is a startup script run at boot time and is designed to manage the firewall rules and provides a user-friendly interface for configuring and managing network traffic. Additionally, a modified firewalld copy \u201ciptabled\u201d, was found in the affected device to provide persistence for the main malware process in case of exit or crash.<\/p>\n<p>\u201cThe two scripts were configured to call the other if it was not running, providing a backup instance of the main malware process and therefore an additional layer of resilience,\u201d said the blog post.<\/p>\n<aside class=\"nativo-promo nativo-promo-3 tablet desktop smartphone\" id> <\/aside>\n<p>The attackers also have a process in place for their access to persist through firmware updates. They use another bash script geoBotnetd that frequently checks for firmware updates, to unzip the update and load the malware package upon every detection.<\/p>\n<p>\u201cThese firmware manipulations only occurred post-exploitation on an already infected device and were not seen used in a supply chain attack,\u201d added the post.<\/p>\n<h2>Defense includes timely patching and management<\/h2>\n<p>SonicWall has indicated that maintaining proper patch management is paramount for mitigating the risk of vulnerability exploitation. It is advising customers who use SMA100 to update their software to version 10.2.1.7 or later. This <a href=\"https:\/\/blog.sonicwall.com\/en-us\/2023\/03\/new-sma-release-updates-openssl-library-includes-key-security-features\/\" rel=\"nofollow\">updated version<\/a> includes improvements to strengthen the software, such as the addition of File Integrity Monitoring (FIM) and identification of unusual processes.<\/p>\n<p>Given that inspecting affected devices can be challenging, analyzing accessible logs for indirect indicators of breach, such as unusual logins or internal network activity, may present some possibilities for detection, recommended the blog post.<\/p>\n<div class=\"end-note\"> <!-- blx4 #2004 blox4.html --> <\/p>\n<div id class=\"blx blxParticleendnote blxM2004 blox4_html blxC51120\">\n<aside> <strong>Next read this<\/strong> <\/aside>\n<\/p><\/div>\n<\/p><\/div>\n<p> READ MORE <a href=\"https:\/\/www.csoonline.com\/article\/3690588\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant.html#tk.rss_security\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The technique used in the attack on SonicWall devices are consistent with earlier attacks from a Chinese campaign. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50953,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[738],"tags":[28,19],"class_list":["post-50952","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networkworld","tag-malware","tag-vulnerabilities"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Attacks on SonicWall appliances linked to Chinese campaign: Mandiant 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attacks on SonicWall appliances linked to Chinese campaign: Mandiant 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-10T09:30:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/images.idgesg.net\/images\/article\/2020\/03\/danger_warning_emblazoned_across_a_glitched_china_flag_chinese_security_threat_by_koszubarev_gettyimages-1084348972_2400x1600-100836516-large.jpg?auto=webp&amp;quality=85,70\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Attacks on SonicWall appliances linked to Chinese campaign: Mandiant\",\"datePublished\":\"2023-03-10T09:30:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\\\/\"},\"wordCount\":773,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant.jpg\",\"keywords\":[\"Malware\",\"Vulnerabilities\"],\"articleSection\":[\"Networkworld\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\\\/\",\"name\":\"Attacks on SonicWall appliances linked to Chinese campaign: Mandiant 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant.jpg\",\"datePublished\":\"2023-03-10T09:30:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant.jpg\",\"width\":150,\"height\":100},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malware\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/malware\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Attacks on SonicWall appliances linked to Chinese campaign: Mandiant\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attacks on SonicWall appliances linked to Chinese campaign: Mandiant 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/","og_locale":"en_US","og_type":"article","og_title":"Attacks on SonicWall appliances linked to Chinese campaign: Mandiant 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-03-10T09:30:00+00:00","og_image":[{"url":"https:\/\/images.idgesg.net\/images\/article\/2020\/03\/danger_warning_emblazoned_across_a_glitched_china_flag_chinese_security_threat_by_koszubarev_gettyimages-1084348972_2400x1600-100836516-large.jpg?auto=webp&amp;quality=85,70","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Attacks on SonicWall appliances linked to Chinese campaign: Mandiant","datePublished":"2023-03-10T09:30:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/"},"wordCount":773,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/03\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant.jpg","keywords":["Malware","Vulnerabilities"],"articleSection":["Networkworld"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/","url":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/","name":"Attacks on SonicWall appliances linked to Chinese campaign: Mandiant 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/03\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant.jpg","datePublished":"2023-03-10T09:30:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/03\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/03\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant.jpg","width":150,"height":100},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-sonicwall-appliances-linked-to-chinese-campaign-mandiant\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Malware","item":"https:\/\/www.threatshub.org\/blog\/tag\/malware\/"},{"@type":"ListItem","position":3,"name":"Attacks on SonicWall appliances linked to Chinese campaign: Mandiant"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50952","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50952"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50952\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50953"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50952"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50952"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50952"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}