SonicWall devices infected by malware that survives firmware upgrades
A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that establishes long-term persistence for cyber espionage campaigns. The deployed malware is customized for SonicWall devices and is used to steal user credentials, provide shell access to the attackers, and even persist through firmware upgrades. The malware consists of an ELF binary, the TinyShell backdoor, and several bash scripts that show a deep understanding of the targeted network devices. The threat actors achieved persistence by using scripts that offer redundancy and ensure long-term access to breached devices. CVEs: CVE-2022-42475 Malware: TINYSHELL [View Article](https://www.bleepingcomputer.com/news/security/sonicwall-devices-infected-by-malware-that-survives-firmware-upgrades/)