Key Metrics
16.8
Heat Index-
Impact LevelMedium
-
Scope LevelGlobal
-
Last Update2025-11-06
Key Impacts
Positive Impacts (7)
Event Overview
A state-sponsored cyberattack compromised a security firm's cloud backup, impacting firewall preference files. Initially, a small percentage of customers were affected, but it was later confirmed that all impacted firewalls' files were accessed. The company has taken steps to block further access and is collaborating with experts and law enforcement.
Collect Records
SonicWall Security Breach Attributed to State-Sponsored Hackers
In September, a state-sponsored threat actor accessed cloud backup files from SonicWall's MySonicWall accounts using an API call. The breach affected the preference files of firewalls, and less than 5% of SonicWall's customers were initially reported to be impacted. However, on October 8, SonicWall confirmed that the preference files of all impacted firewalls were accessed. The company has blocked the attackers' access and is working with cybersecurity experts and law enforcement to assess the full scope of the breach. SonicWall is notifying affected users, providing assessment tools, and prioritizing impacted firewalls for remediation. The breach did not affect SonicWall products, firmware, tools, source code, or customer networks. SonicWall recommends password resets and clarifies that the breach is unrelated to Akira ransomware or SSLVPN attacks.