The company and cyber security firm FireEye said Hackers have targeted customers of California-based network services firm SonicWall via a previously undisclosed vulnerability in its email security product. The intrusions are the latest in a string of hacks using third-party provided software and hardware in the United States. The most notable – the compromise of Solar Winds Corp by alleged Russian hackers last year -has raised concerns about the ability of end users to vet the security of their devices and their programs.
In SonicWall’s case, hackers could have used the weakness to easily gain “a pretty significant foothold” in their targets’ networks, said Charles Carmakal, a senior vice president of Mandiant, an arm of FireEye.
He said his firm didn’t have a clear idea of who the hackers were and said that he was aware of “fewer than five” victims.