SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files.
“The malicious activity – carried out by a state-sponsored threat actor – was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call,” the company said in a statement released this week. “The incident is unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices.”
The disclosure comes nearly a month after the company said an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. In September, it claimed that the threat actors accessed the backup files stored in the cloud for less than 5% of its customers.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
SonicWall, which engaged the services of Google-owned Mandiant to investigate the breach, said it did not affect its products or firmware, or any of its other systems. It also said it has adopted various remedial actions recommended by Mandiant to harden its network and cloud infrastructure, and that it will continue to improve its security posture.
“As nation-state–backed threat actors increasingly target edge security providers, especially those serving SMB and distributed environments, SonicWall is committed to strengthening its position as a leader for partners and their SMB customers on the front lines of this escalation,” it added.
SonicWall customers are advised to log in to MySonicWall.com and check for their devices, and reset the credentials for impacted services, if any. The company has also released an Online Analysis Tool and Credentials Reset Tool to identify services that require remediation and perform credential-related security tasks, respectively.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly