{"id":14935,"date":"2025-10-11T00:03:31","date_gmt":"2025-10-11T00:03:31","guid":{"rendered":"https:\/\/newestek.com\/?p=14935"},"modified":"2025-10-11T00:03:31","modified_gmt":"2025-10-11T00:03:31","slug":"sonicwall-data-breach-affects-all-cloud-backup-customers","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14935","title":{"rendered":"SonicWall data breach affects all cloud backup customers"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>On Sept. 17, security vendor\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/4059008\/warning-brute-force-attacks-hitting-sonicwall-firewall-configuration-backups.html\">SonicWall announced that cybercriminals had stolen backup files<\/a> configured for cloud backup. At the time, the company claimed the incident was limited to \u201cless than five percent\u201d of its customers. Now, the firewall provider has admitted that \u201call customers\u201d using the MySonicWall cloud backup feature were affected.<\/p>\n<h2 class=\"wp-block-heading\" id=\"consequences-of-the-attack\">Consequences of the attack<\/h2>\n<p>According to the company, the stolen files contain encrypted credentials and configuration data. \u201c[W]hile encryption remains in place, possession of these files could increase the risk of targeted attacks,\u201d SonicWall warns in its\u00a0<a href=\"https:\/\/www.sonicwall.com\/support\/knowledge-base\/mysonicwall-cloud-backup-file-incident\/250915160910330\" target=\"_blank\" rel=\"noreferrer noopener\">press release<\/a>.<\/p>\n<p>Security specialist\u00a0<a href=\"https:\/\/arcticwolf.com\/resources\/blog\/sonicwall-concludes-investigation-incident-affecting-mysonicwall-configuration-backup-files\/\" target=\"_blank\" rel=\"noreferrer noopener\">Arctic Wolf also warns<\/a> of the consequences of the incident. \u201cFirewall configuration files store sensitive information that can be leveraged by threat actors to exploit and gain access to an organization\u2019s network,\u201d explains Stefan Hostetler, threat intelligence researcher at Arctic Wolf.<\/p>\n<p>\u201cThese files can provide threat actors with critical information such as user, group, and domain settings, DNS and log settings, and certificates,\u201d he adds. Arctic Wolf has previously observed threat actors, including nation-state and ransomware groups, exfiltrating firewall configuration files to use for future attacks.<\/p>\n<h2 class=\"wp-block-heading\" id=\"required-security-measures\">Required security measures<\/h2>\n<p>SonicWall is currently urging all customers and partners to regularly check their devices for updates. The company has published a list of affected devices on its customer portal under \u201cProduct Management &gt; Issue List.\u201d<\/p>\n<p>The devices are classified according to urgency:<\/p>\n<ul class=\"wp-block-list\">\n<li>\u201cActive \u2014 High Priority\u201d for internet-exposed devices<\/li>\n<li>\u201cActive \u2014 Lower Priority\u201d for devices without internet access<\/li>\n<li>\u201cInactive\u201d for devices that have not made contact for 90 days<\/li>\n<\/ul>\n<p>There is also a\u00a0<a href=\"https:\/\/www.sonicwall.com\/support\/knowledge-base\/remediation-playbook\/250916130050523\" target=\"_blank\" rel=\"noreferrer noopener\">detailed playbook<\/a>\u00a0that admins can use as a guide.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>On Sept. 17, security vendor\u00a0SonicWall announced that cybercriminals had stolen backup files configured for cloud backup. At the time, the company claimed the incident was limited to \u201cless than five percent\u201d of its customers. Now, the firewall provider has admitted that \u201call customers\u201d using the MySonicWall cloud backup feature were affected. Consequences of the attack According to the company, the stolen files contain encrypted credentials&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=14935\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14935","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14935","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14935"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14935\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14935"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14935"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14935"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}