Overview
- SonicWall says Mandiant found no impact to products, firmware, internal systems, source code, or customer networks.
- Attackers accessed firewall configuration backup files in MySonicWall that can contain encrypted credentials and tokens.
- The company updated its assessment from under 5% affected to all devices that used the cloud backup service.
- SonicWall has applied Mandiant-recommended mitigations, hardened infrastructure, and released analysis and credential-reset tools for customers.
- The company says the activity is unrelated to Akira ransomware operations or the separate SSLVPN account compromises reported by Huntress.