SonicWall Identifies State-Sponsored Hackers in September Cloud Backup Breach
SonicWall has officially attributed a security breach in September to state-sponsored hackers. This incident involved unauthorized access to firewall configuration backup files stored in a cloud environment. The attack was carried out through an API call, as disclosed by the company in a recent statement.
Details of the Breach
The breach was announced nearly a month after SonicWall reported that this unauthorized access potentially impacted less than 5% of its cloud backup service customers. The company reassured its clients that the breach was not linked to ongoing global Akira ransomware attacks.
Investigation and Remedial Actions
SonicWall has enlisted the services of Mandiant, a subsidiary of Google, to investigate the breach further. The company confirmed that the breach did not compromise its products, firmware, or other systems.
Security Improvements
Following the recommendations made by Mandiant, SonicWall has initiated various remediation efforts to enhance its network and cloud security. The company is determined to fortify its defenses against the increasing targeting of edge security providers by nation-state actors.
Advice for SonicWall Customers
- Customers should log in to MySonicWall.com to assess their devices.
- It is essential to reset credentials for any affected services.
- SonicWall has introduced an Online Analysis Tool for identifying necessary remediations.
- A Credentials Reset Tool is available for security-related tasks.
SonicWall remains committed to enhancing its security stance, particularly for partners and small to medium-sized businesses (SMBs) facing these heightened threats.
