SonicWall’s investigation confirms that a state-sponsored hacking group targeted their cloud backup files, but the breach did not affect their products or customer networks. Recent activity also shows ongoing attempts to compromise SonicWall SSLVPN accounts, separate from the initial incident. #SonicWall #Mandiant #AkiraRansomware #SSLVPN #firewallconfiguration
Keypoints
- The September breach involved unauthorized access to SonicWall’s cloud backup files by a state-sponsored actor.
- Investigations confirmed that SonicWall’s core products, firmware, and source code remained unaffected.
- Customers were advised to reset credentials and passwords following the breach exposure.
- The attack did not connect to the later Akira ransomware gang activity targeting VPNs.
- Recent malicious activity has targeted SonicWall SSLVPN accounts, with over a hundred compromised using stolen credentials.