Sonicwall today warned customers that they reset Creedians after their firewall configuration backup files were exposed in a safety violation, which affects mythicwall accounts.
After detecting the incident, Sonicwall has cut the access to the attackers to its system and is collaborating with cyber security and law enforcement agencies to investigate the impact of the attack.
“As part of our commitment to transparency, we are informing you about an event in which some mythicwall accounts have been exposed to the firewall configuration backup files stored in the mythical accounts,” Cyber security company said On Wednesday. “Access to exposed firewall configuration files contains information that can make the exploitation of firewalls much easier for danger actors.”
The consequences of the event can be severe, as these exposed backups can provide access to sensitive information such as credentials and tokens to any or all services running on Sonicwall devices on their network.
Sonicwall Is also published Detailed Guidance To Help administrators Reduce the risk of an exposed firewall configuration to access your network, re -configure the potentially compromised secrets and passwords, and detect the potential danger activity within their network.
“The following checklist provides a structured approach to ensure all the relevant passwords, keys and mysteries, continuously updated. Doing these stages helps maintain protection and protect the integrity of your sonicwell environment. Important items are listed first. All other credensible should be updated to your convenience,” the company has cautioned.
“Please note that the passwords, shared secrets and encryption keys configured in Sonicos may also need to be updated elsewhere, such as ISP, Dynamic DNS provider, email provider, remote IPSEC VPN PEER, or LDAP/Radius server, just for a few names.”
This guidance advises administrators to disable or restrict access to services on the device before resetting credentials. Then they need to reset all credentials, API keys and authentication tokens used by users, VPN accounts and services.
A complete list of services required to reset due to stolen configuration files is listed in it Necessary credit reset Support the bulletin.
A Sonicwall spokesperson has told Bleepingcomputer that the incident affects less than 5% Sonicwall firewall and the attackers targeted the API service for cloud backup in the brute-force attacks.
“Our investigation determined that the backup firewall priority files in less than 5% of our Firewall Install base were stored in the cloud for these devices stored in the cloud. While the files included encrypted passwords, they also included information that could make it easy for the attackers to exploit the firewalls.”
“We currently do not know about these files being leaked online by the danger actors. It was not a ransomware or similar phenomenon for Sonicwall, but it was a series of account-by-cruel force attacks with the aim of obtaining access to the preference files stored in the backup for potential forward use by the danger actors.”
In August, Sonicwall dismissed the reports that the Akira Rainmware gang was dissolving the gene 7 firewall with SSLVPN, enabling using a potential zero-day exploitation, stating that it was actually connected with Cve-2024-40766, a significant SSLVPN access control in Sonicos.
Last week, the company’s principle was confirmed when the Australian Cyber Security Center (ACSC) and Cybercity firm Rapid 7 confirmed that the Akira Rancemware Gang is now exploiting the CVE-2024-40766, which is sorry to compromise on the unpacked Sonicwall devices.
September 17, 14:33 Update EDT: Sonicwall statement added.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
