Sophos acknowledged “a coordinated attack by an unknown adversary” that compromised the company’s XG firewall products using a previously unknown SQL injection vulnerability. The attack began midday on April 22, and by early morning of the following day, Sophos had determined that multiple customers’ firewalls had been compromised by the exploit. The company urged its customers to harden their firewall configurations and not expose the administrative interface or user portal to the Internet. The malware appeared to be focused on data exfiltration, but there was no evidence the data collected had been successfully exfiltrated.”]
Source: https://www.darkreading.com/advanced-threats/attackers-target-sophos-firewalls-with-zero-day