An “aggressive” financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an “improper SQL command neutralization” flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS score 9.8) that allows an unauthenticated attacker to achieve remote code execution. Both strains, written in C++, are rewrites of another ransomware called DeathRansom.
Source: https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html