top of page
Search

Zoom Accuses State-Sponsored Hackers for Recent Cybersecurity Incident

  • Nov 6, 2025
  • 2 min read

Background


  • In September 2025, SonicWall, a cybersecurity firm, disclosed a security breach that exposed firewall configuration files tied to MySonicWall accounts.

  • The company initially claimed that less than 5% of customers were impacted, and no files were leaked.

  • However, in October, SonicWall confirmed that threat actors had accessed the preference files of all firewalls using its MySonicWall cloud backup service.


Key Findings


  • The stolen files contained encrypted credentials and configurations, which could aid further attacks.

  • SonicWall engaged Mandiant, a Google-owned cybersecurity firm, to investigate the breach.

  • Mandiant's investigation confirmed that the malicious activity was carried out by a state-sponsored threat actor and was isolated to the unauthorized access of cloud backup files using an API call.

  • The incident was unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices.

  • SonicWall has applied Mandiant's recommended fixes and is working to strengthen its systems with the help of external experts.


Impact and Response


  • SonicWall is committed to strengthening its position as a leader in edge security, particularly for small and medium-sized businesses (SMBs) and distributed environments, as nation-state-backed threat actors increasingly target such providers.

  • The company has released tools to help customers identify impacted devices and perform credential-related security tasks.

  • SonicWall is urging customers to log in to MySonicWall.com, check their devices, and reset the credentials for any impacted services.


Conclusion


  • The September security breach at SonicWall has been attributed to a state-sponsored threat actor, highlighting the escalating threat targeting edge security providers, especially those serving SMB and distributed environments.

  • SonicWall has taken remedial actions and is committed to strengthening its security posture to better protect its customers in the face of this growing challenge.


Sources


  • https://securityaffairs.com/184258/security/sonicwall-blames-state-sponsored-hackers-for-september-security-breach.html

  • https://thehackernews.com/2025/11/sonicwall-confirms-state-sponsored.html

Recent Posts

See All

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page