Network security company SonicWall has concluded its investigation into the September security breach that exposed customer firewall configuration backup files. The company’s incident responders from Mandiant confirmed that a state sponsored threat actor was behind the attack.
The investigation determined that the malicious activity was isolated to unauthorized access of cloud backup files from a specific cloud environment using an API call. Importantly, the incident did not impact SonicWall products firmware systems tools source code or customer
networks. The breach was contained to a specific part of the environment and did not affect the safety of SonicWall’s core products.
In September, the company disclosed the exposure of these files which contained sensitive information like access credentials and tokens. SonicWall immediately advised all affected customers to reset their MySonicWall account credentials temporary access codes and various server and VPN policy passwords.
The network security vendor also stressed that this investigated nation state activity has no connection with separate attacks. This breach is unrelated to the Akira ransomware gang activity that targeted multi factor authentication protected SonicWall VPN accounts in late September or the elevated malicious activity targeting SonicWall SSLVPN accounts reported by Huntress in October.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
