Subj : SonicWall blames state ha
To   : All
From : Mike Powell
Date : Fri Nov 07 2025 10:58 am

SonicWall blames state hackers for damaging data breach

Date:
Thu, 06 Nov 2025 10:46:49 +0000

Description:
Someone broke into SonicWall's cloud backup service and stole files - and the
company thinks it knows who is to blame.

FULL STORY

SonicWall has blamed state-sponsored threat actors for the cloud backup
security breach which hit its services in September 2025.

In an update posted on the companys website, SonicWall said it completed the
investigation into the incident, and confirmed that the malicious activity
was carried out by a state-sponsored threat actor and was isolated to the
unauthorized access of cloud backup files from a specific cloud environment
using an API call.

In mid-September 2025, SonicWall warned its firewall customers to reset their
passwords after unnamed threat actors brute-forced their way into the
companys MySonicWall cloud service . This tool allows SonicWall firewall
users (typically businesses and IT teams) to back up their firewall
configuration files, including network rules and access policies, VPN
configurations, service credentials (LDAP, RADIUS, SNMP), or admin usernames
and passwords (if stored in config).

Acting like hacktivists

At first, SonicWall said that fewer than 5% of its customer base was
affected, but later confirmed the breach had impacted all of its customers
(which could be as many as 500,000 around the world).

The company confirmed its products and firmware were not compromised, and
that no other systems or tools, source code, or customer networks were
disrupted or otherwise tampered with.

SonicWall has taken all current remediation actions recommended by Mandiant
and will continue working with Mandiant and other third parties for ongoing
hardening of our network and cloud infrastructure, it said.

In theory, the attackers could brute-force or decrypt the secrets stolen from
the backup, extract credentials used in services tied to the firewall,
understand network topology and rules - bypassing defenses more easily, and
launch targeted attacks using insider knowledge on how the firewalls are
configured.

SonicWall did not name the attackers, and so far no one has claimed
responsibility for the attack. It was just stressed that these incidents are
unrelated to the recent Akira attacks that also targeted backups.

Via BleepingComputer

======================================================================
Link to news story:
https://www.techradar.com/pro/security/sonicwall-blames-state-hackers-for-dama
ging-data-breach

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.