SonicWall reports:
In early September, SonicWall detected suspicious activity related to the downloading of backup firewall configuration files stored in a specific cloud environment. Our incident response team immediately activated our established response protocols, engaged Mandiant, a leading cybersecurity response firm, and notified our global partners and customers directly about the incident and remediation steps to protect their customers.
In addition to frequent and transparent communication with partners and customers, SonicWall hosted live, interactive Q&A sessions for partners, developed and delivered remediation tools to assist partners in their efforts, and provided commercial concessions to help offset the financial burden associated with the remediation efforts. Our partners responded swiftly and professionally, including executing our recommended remediation actions.
The Mandiant investigation is now complete. Their findings confirm that the malicious activity – carried out by a state-sponsored threat actor – was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call. The incident is unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices.
Read more at SonicWall.
