Asnarök malware exploits firewall zero-day to steal credentials

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/asnar-k-malware-exploits-firewall-zero-day-to-steal-credentials/

Some Sophos firewall products were attacked with a new Trojan malware, dubbed Asnarök by researchers cyber-security firm Sophos, to steal usernames and hashed passwords starting with April 22 according to an official timeline.

The malware exploits a zero-day SQL injection vulnerability that can lead to remote code execution on any unpatched physical and virtual firewalls it targets.

"There was significant orchestration involved in the execution of the attack, using a chain of Linux shell scripts that eventually downloaded ELF binary executable malware compiled for a firewall operating system," Sophos said in an advisory published over the weekend.
"This attack targeted Sophos products and apparently was intended to steal sensitive information from the firewall."

 

[scorpionv]

Is this related to Security Alert - Hackers are exploiting a Sophos firewall zero-day ?

 

[silversurfer]

Is this related to Security Alert - Hackers are exploiting a Sophos firewall zero-day ?

Probably yes, both reports are about "SQL injection vulnerability"