SonicWall Blames "State-Sponsored Threat Actors" for Cloud Backup Data Breach

Details of the Breach and its Initial Impact

SonicWall announced: The cybersecurity solutions specialist announced that "state-sponsored" hackers were responsible for the security breach that targeted its cloud backups in September 2025. This announcement comes after the company completed its investigations into the incident.

SonicWall Update: In an update published on its website, SonicWall confirmed that this malicious activity "was carried out by a state-sponsored threat actor" and its impact was limited to "unauthorized access to cloud backup files from a specific cloud environment using an API call."

SonicWall Warning: In mid-September 2025, SonicWall had warned its firewall customers to reset their passwords after unknown hackers managed to breach the company's MySonicWall cloud service. This tool allows SonicWall firewall users (who are typically businesses and IT teams) to back up their firewall configuration files. These files include network rules and access policies, VPN configurations, service credentials (such as LDAP, RADIUS, SNMP), as well as administrator usernames and passwords (if stored within the configuration).

Breach Scope Expansion and Company Confirmations