SonicWall recently announced that a brute-force attack attributed to a state-sponsored threat actor compromised firewall configuration files of customers using their cloud backup service. The vendor did not specify the nation-state responsible for the attack, and Mandiant, which investigated the incident, provided little additional information. CEO Bob VanKirk assured stakeholders that the malicious activity has been contained and that there was no impact on other SonicWall products or customer data, despite the stolen backups containing sensitive information such as firewall rules and encrypted credentials.
The initial assessment from SonicWall stated that less than 5% of the firewall install base was affected, but this was later corrected by Mandiant which confirmed the totality of the exposure. The attack was detected in September but key aspects, such as the number of customers impacted and the duration of access maintained by the attacker, remain undisclosed. This incident follows a surge in Akira ransomware attacks exploiting older vulnerabilities in SonicWall devices, although the company claims there is no connection between these two events. Continuous efforts to enhance security practices are underway, with all recommended measures from Mandiant being implemented or in progress.
👉 Pročitaj original: CyberScoop
