CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Nation-State

State-Sponsored Hackers Stole SonicWall Cloud Backups in Recent Attack

The threat actor stole the firewall configuration files of all SonicWall customers who used the cloud backup service. The post State-Sponsored Hackers Stole SonicWall Cloud Backups in Recent Attack appeared first on SecurityWeek.

SonicWall vulnerability

SonicWall this week revealed that a state-sponsored threat actor was behind the September hack in which firewall configuration files were stolen from its cloud backup service.

The company disclosed the incident in mid-September, saying that the attackers had exfiltrated the backup files of less than 5% of its customers.

In an October 8 update, SonicWall revised that number, saying that all firewall preference files stored using its cloud backup service were stolen.

The files, SonicWall warned, contain encrypted credentials and configuration data. Attackers could use them to launch targeted attacks, it said.

The company urged all customers to check if any firewall backups were listed in their MySonicWall.com accounts, to determine if their devices were at risk, and to reset all passwords, as described in the accompanying containment and mitigation documentation.

SonicWall engaged Mandiant to investigate the attack, and notified all impacted partners and customers about the incident. The investigation, it announced this week, has been completed.

“The malicious activity – carried out by a state-sponsored threat actor – was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call,” SonicWall said.

The company also underlined that the attack is unrelated to the recent wave of Akira ransomware intrusions targeting SonicWall firewalls and other edge devices.

“The incident did not impact SonicWall products or firmware. No other SonicWall systems or tools, source code, or customer networks were disrupted or compromised,” the company said.

“SonicWall has taken all current remediation actions recommended by Mandiant and will continue working with Mandiant and other third parties for ongoing hardening of our network and cloud infrastructure,” it added.

SonicWall customers are advised to take immediate action to secure their devices. In mid-October, Huntress warned of a widespread campaign targeting SonicWall SSL VPN accounts, in which valid credentials were likely used for compromise across multiple businesses.

The attacks, the cybersecurity firm said, did not appear linked to the cloud backup incident. However, the sensitive information stored in the stolen files poses a high risk for the impacted organizations.

Related: Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover

Related: Transportation Companies Hacked to Steal Cargo

Related: SonicWall Updates SMA 100 Appliances to Remove Overstep Malware

Related: On Demand: Threat Detection & Incident Response (TDIR) Summit

Latest News

CYBERNEWSMEDIAPublisher