From tenable.com
On January 22, SonicWall published a product notification regarding a “coordinated attack on its internal systems” conducted by “highly sophisticated threat actors.” SonicWall believed the attackers had exploited “probable zero-day vulnerabilities” in specific SonicWall products used for remote access. As they continued with their investigation, they provided additional updates into the root cause of the attack, primarily to eliminate certain products that were originally believed to be affected.
On January 31, researchers at NCC Group tweeted that they had identified a “possible candidate for the vulnerability” that SonicWall was investigating, adding they observed “indiscriminate” exploitation for this flaw in the wild.