SonicWall acts after backup breach as state actors target cloud files

SonicWall has concluded an investigation into a security incident involving the unauthorised access of backup firewall configuration files stored within a specific cloud environment.

Incident overview

The company detected suspicious activity in early September, prompting the immediate activation of response protocols. SonicWall engaged Mandiant to support the investigation and informed its global network of partners and customers about the situation and necessary remediation steps.

Mandiant’s investigation determined the cause of the breach to be an API call that enabled state-sponsored threat actors to gain access to cloud backup files. The incident did not affect SonicWall’s products, firmware, source code, or other systems. There was no evidence of disruption to customer networks or any compromise of other company infrastructure.

Remediation steps

SonicWall advised partners on mitigation actions and provided dedicated remediation tools. The company also offered commercial concessions to assist with costs associated with the incident response. Live Q&A sessions were held to address partner concerns directly.

All recommendations made by Mandiant have been implemented, and the company continues to work with external parties to further strengthen its network and cloud defences.

Unrelated attacks

SonicWall clarified that the security incident was not related to ongoing Akira ransomware activity that has affected other edge devices worldwide.

Strategic initiatives

Earlier this year, SonicWall launched a Secure by Design initiative aimed at modernising product architecture, cloud operations, and internal security practices. This effort included the appointment of a new Chief Information Officer and additional investment in security teams, vendor management, and operational tooling.

The company has also enhanced processes for partner notifications when security incidents occur and is pursuing further improvements in this area based on recent feedback.

Industry perspective

SonicWall noted the increasing pressure from state-sponsored actors targeting edge security providers, especially those serving small and medium-sized businesses and distributed networks. The company said it will continue to develop its platform to address these ongoing threats.

SonicWall’s product security efficacy was recently underlined in a third-party test by NetSecOPEN, where its firewall reported a 100% block rate in all categories assessed, including malware and evasion techniques.

“We are confident that SonicWall emerges from this moment stronger, more resilient, and even more trusted as a long-term cybersecurity partner to our customers, partners, and investors,” said a SonicWall spokesperson.