TZUTC: -0500   
   MSGID: 1684.consprcy@1:2320/105 2d7353c4   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   SonicWall blames state hackers for damaging data breach   
      
   Date:   
   Thu, 06 Nov 2025 10:46:49 +0000   
      
   Description:   
   Someone broke into SonicWall's cloud backup service and stole files - and the   
   company thinks it knows who is to blame.   
      
   FULL STORY   
      
   SonicWall has blamed state-sponsored threat actors for the cloud backup   
   security breach which hit its services in September 2025.    
      
   In an update posted on the companys website, SonicWall said it completed the   
   investigation into the incident, and confirmed that the malicious activity    
   was carried out by a state-sponsored threat actor and was isolated to the   
   unauthorized access of cloud backup files from a specific cloud environment   
   using an API call.    
      
   In mid-September 2025, SonicWall warned its firewall customers to reset their   
   passwords after unnamed threat actors brute-forced their way into the    
   companys MySonicWall cloud service . This tool allows SonicWall firewall    
   users (typically businesses and IT teams) to back up their firewall   
   configuration files, including network rules and access policies, VPN   
   configurations, service credentials (LDAP, RADIUS, SNMP), or admin usernames   
   and passwords (if stored in config).   
      
   Acting like hacktivists   
      
   At first, SonicWall said that fewer than 5% of its customer base was    
   affected, but later confirmed the breach had impacted all of its customers   
   (which could be as many as 500,000 around the world).    
      
   The company confirmed its products and firmware were not compromised, and    
   that no other systems or tools, source code, or customer networks were   
   disrupted or otherwise tampered with.    
      
   SonicWall has taken all current remediation actions recommended by Mandiant   
   and will continue working with Mandiant and other third parties for ongoing   
   hardening of our network and cloud infrastructure, it said.    
      
   In theory, the attackers could brute-force or decrypt the secrets stolen from   
   the backup, extract credentials used in services tied to the firewall,   
   understand network topology and rules - bypassing defenses more easily, and   
   launch targeted attacks using insider knowledge on how the firewalls are   
   configured.    
      
   SonicWall did not name the attackers, and so far no one has claimed   
   responsibility for the attack. It was just stressed that these incidents are   
   unrelated to the recent Akira attacks that also targeted backups.    
      
    Via BleepingComputer    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/sonicwall-blames-state-hackers-for-dama   
   ging-data-breach   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426