State-Sponsored Hackers Responsible for SonicWall’s September Security Breach
The September security breach involving SonicWall has been traced back to state-sponsored hackers, according to the company’s investigation. The findings were confirmed by incident responders from Mandiant, who concluded that the breach was limited to unauthorized access to cloud backup files.
Details of the Security Breach
SonicWall disclosed the incident on September 17. The breach affected firewall configuration backup files stored in specific MySonicWall accounts. These files contained sensitive information, including access credentials and tokens.
- Attackers could leverage this information to compromise customer firewalls.
- Immediate actions were recommended for customers to safeguard their accounts.
Customer Safety Measures
In response to the breach, SonicWall urged affected users to take several precautions:
- Reset MySonicWall account credentials.
- Change temporary access codes.
- Update passwords for various server types, including LDAP and RADIUS.
- Review IPSec site-to-site and GroupVPN policy shared secrets.
Investigation Highlights
The investigation, completed by early October, confirmed that no SonicWall products, firmware, or customer networks were compromised during the attack. The company emphasized that the unauthorized access was confined to a specific cloud environment and did not affect operational systems.
Moreover, SonicWall clarified that the state-sponsored activities uncovered were unrelated to recent attacks from the Akira ransomware gang. The Akira group targeted MFA-protected SonicWall VPN accounts in late September.
Recent Developments
On October 13, security company Huntress reported a surge in malicious activities targeting SonicWall SSLVPN accounts. More than a hundred accounts were compromised using valid credentials. However, Huntress found no evidence to connect these incidents to the September breach.
SonicWall has not yet responded to inquiries about these latest developments. As cybersecurity protocols evolve, organizations are urged to remain vigilant and proactive in their defenses.
