- Threat actors of the gross actors The Sonicwall cloud portal, accessing the backup copies of the encrypted firewall configuration
- Up to 25,000 organizations can be affected; Sonicwall urges the remains of immediate credentials
- There are no data leaks still confirmed; But third -party experts and the application of the law are now involved
Sonicwall urges his Firewall customers to restore his passwords after confirming that he suffers a security incident that may have exposed his data.
In a security advertisement, Sonicwall described how the unidentified threat actors made their way in the company’s MySonicwall Cloud service.
This tool allows Sonicwall Firewall users (typically IT companies and equipment) to back down their Firewall configuration files, including network rules and access policies, VPN configurations, service credentials (LDAP, Radius, SNMP) or administration user names and passwords (if stored in config).
Thousands of potential victims
“While the credentials within the files were encrypted, the files also included information that could facilitate the attackers to exploit the related firewall,” the company explained.
In theory, attackers could make or decipher the secrets, extracting credentials used in the services linked to the firewall, understand the topology of the network and the rules, avoiding the defenses more easily and launch specific attacks using internal knowledge about how the firewalls are configured.
Sonicwall said that “less than 5%” of their customer base were affected by this attack, however, the company’s latest figures claim that IT services approximately 500,000 clients worldwide (although that does not mean that they all use Firewall or cloud support services), so the worst case would put the number of organizations affected in around 25,000.
Until now, no group attributed the responsibility of this attack, and the data has not appeared anywhere in the Dark website.
“We are currently not aware that these files are filtered online by threat actors,” Sonicwall explained. “This was not a ransomware or a similar event for Sonicwall, but it was a series of gross force attacks aimed at obtaining access to the preference files stored in the backup for a possible possible use by the actors of threats.”
After the rape, Sonicwall managed to expel the attackers and has brought third -party security experts to reinforce their defenses. The police have also been notified.
Through Bleepingcomputer
