The vendor ruled out a zero-day vulnerability as the root cause, disputing initial assessments from third-party researchers. Fewer than 40 organizations have been impacted since mid-July.

About 20 organizations have been impacted and the pace of attacks is rising. Threat researchers and SonicWall are scrambling to determine the root cause.

Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers.

The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge.

The flaw has a severity rating of 9.8 out of 10, and a patch has been made available.

The malware in questions bear similarities to another hacking tool named after the popular cartoon.

“The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application," Mandiant said.

The bug is in SMA 100 mobile networking, which aims to add a layer of security fo employees using their own devices to access corporate networks.