top of page
Search

Zoom Accuses State-Sponsored Hackers for Recent Cybersecurity Incident

  • Nov 6, 2025
  • 2 min read

Background


  • In September 2025, SonicWall, a cybersecurity firm, disclosed a security breach that exposed firewall configuration files tied to MySonicWall accounts.

  • The company initially claimed that less than 5% of customers were impacted, and no files were leaked.

  • However, in October, SonicWall confirmed that threat actors had accessed the preference files of all firewalls using its MySonicWall cloud backup service.


Key Findings


  • The stolen files contained encrypted credentials and configurations, which could aid further attacks.

  • SonicWall engaged Mandiant, a Google-owned cybersecurity firm, to investigate the breach.

  • Mandiant's investigation confirmed that the malicious activity was carried out by a state-sponsored threat actor and was isolated to the unauthorized access of cloud backup files using an API call.

  • The incident was unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices.

  • SonicWall has applied Mandiant's recommended fixes and is working to strengthen its systems with the help of external experts.


Impact and Response


  • SonicWall is committed to strengthening its position as a leader in edge security, particularly for small and medium-sized businesses (SMBs) and distributed environments, as nation-state-backed threat actors increasingly target such providers.

  • The company has released tools to help customers identify impacted devices and perform credential-related security tasks.

  • SonicWall is urging customers to log in to MySonicWall.com, check their devices, and reset the credentials for any impacted services.


Conclusion


  • The September security breach at SonicWall has been attributed to a state-sponsored threat actor, highlighting the escalating threat targeting edge security providers, especially those serving SMB and distributed environments.

  • SonicWall has taken remedial actions and is committed to strengthening its security posture to better protect its customers in the face of this growing challenge.


Sources


  • https://securityaffairs.com/184258/security/sonicwall-blames-state-sponsored-hackers-for-september-security-breach.html

  • https://thehackernews.com/2025/11/sonicwall-confirms-state-sponsored.html

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page