SonicWall has officially suggested that state-sponsored attackers were behind a September security breach that led to the unauthorized release of firewall configuration backup files.
“The malicious activity carried out by state-sponsored threat actors was limited to unauthorized access to cloud backup files from specific cloud environments using API calls,” the company said in a statement this week. “This incident is unrelated to the ongoing global Akira ransomware attack on firewalls and other edge devices.”
However, SonicWall did not reveal which countries were behind the incident, nor did it provide any indication of a link to any known attackers or groups.
The disclosure comes nearly a month after the company announced that an unauthorized person had accessed the firewall configuration backup files of all customers using its cloud backup service. In September, it claimed that attackers had accessed the cloud-stored backup files of less than 5% of its customers.
SonicWall, which hired Google’s Mandiant service to investigate the breach, said its products, firmware, and other systems were not affected. The company also said it has adopted various remedial actions recommended by Mandiant to harden its network and cloud infrastructure and will continue to improve its security posture.
“As state-sponsored attackers increasingly target edge security providers, especially those serving SMB and distributed environments, SonicWall is committed to strengthening our leadership position for our partners and their SMB customers on the front lines of this escalation,” he added.
SonicWall customers are encouraged to log in to MySonicWall.com to check their devices and reset credentials for any affected services. The company also released an online analysis tool and a credential reset tool to identify services that need remediation and perform credential-related security tasks.
Source link
