Nov 06, 2025Ravie LakshmananIncident Response / Cloud Safety
SonicWall has formally implicated state-sponsored menace actors as behind the September safety breach that led to the unauthorized publicity of firewall configuration backup recordsdata.
“The malicious exercise – carried out by a state-sponsored menace actor – was remoted to the unauthorized entry of cloud backup recordsdata from a selected cloud surroundings utilizing an API name,” the corporate mentioned in an announcement launched this week. “The incident is unrelated to ongoing world Akira ransomware assaults on firewalls and different edge gadgets.”
The disclosure comes almost a month after the corporate mentioned an unauthorized get together accessed firewall configuration backup recordsdata for all prospects who’ve used the cloud backup service. In September, it claimed that the menace actors accessed the backup recordsdata saved within the cloud for lower than 5% of its prospects.
SonicWall, which engaged the companies of Google-owned Mandiant to research the breach, mentioned it didn’t have an effect on its merchandise or firmware, or any of its different programs. It additionally mentioned it has adopted varied remedial actions really helpful by Mandiant to harden its community and cloud infrastructure, and that it’ll proceed to enhance its safety posture.
“As nation-state–backed menace actors more and more goal edge safety suppliers, particularly these serving SMB and distributed environments, SonicWall is dedicated to strengthening its place as a pacesetter for companions and their SMB prospects on the entrance traces of this escalation,” it added.
SonicWall prospects are suggested to log in to MySonicWall.com and verify for his or her gadgets, and reset the credentials for impacted companies, if any. The corporate has additionally launched an On-line Evaluation Instrument and Credentials Reset Instrument to determine companies that require remediation and carry out credential-related safety duties, respectively.
