We have the admin login only allowing logins from our HQ (IP limited). Yet, they have all been compromised?
This thread was automatically locked due to age.
We have the admin login only allowing logins from our HQ (IP limited). Yet, they have all been compromised?
Hi Hayden Kirk
We sincerely regret any inconvenience this has caused.
We’ve created this KBA for our customers that provides the recommended actions to fully remediate this issue: https://community.sophos.com/kb/en-us/135412
We will continue to update this KBA as new information becomes available.
Hi 4ng3er
We will soon release more details of the attack and its payloads. Please follow our https://community.sophos.com/kb/en-us/135412 for further updates.
Hi 4ng3er
We will soon release more details of the attack and its payloads. Please follow our https://community.sophos.com/kb/en-us/135412 for further updates.
After analyzing the components and intent of the attack, Sophos published a SophosLabs Uncut article, “Asnarok” Trojan targets firewalls, to share its current understanding of the malware.