SonicWall blames state-backed crew for September breach

SonicWall blames state-backed crew for September breach

Briefly

"SonicWall has blamed an unnamed, state-sponsored collective for the September break-in that saw cybercriminals rifle through a cache of firewall configuration backups. The network security vendor said it spotted "suspicious activity" in early September involving the unauthorized downloading of backup firewall configuration files from "a specific cloud environment." The company initially said that "fewer than 5 percent" of its firewall installed base had files accessed,"

"SonicWall said its incident response team quickly called in Google-owned Mandiant, the go-to fixer for when things get ugly. SonicWall has now wrapped up the probe, confirming that the intruders were state-sponsored operators who gained access via an API call to the cloud backup system. In an update published this week, SonicWall said the investigation confirmed the intrusion was limited to a cloud-based backup service and did not affect SonicWall's products, firmware, source code, or any customer networks."

"In a video statement, SonicWall CEO Bob VanKirk said: "We now know this incident was carried out by state-sponsored threat actors. The malicious activity has been contained and was isolated to our firewall cloud-backup services. There was no impact to customer data or any other SonicWall system." SonicWall has not said which nation was behind the incident or provided indicators linking it to any known threat group. It has taken all remediation actions recommended by Mandiant and would continue to work with the firm and other third parties to harden network and cloud infrastructure."