Cybersecurity vendor SonicWall is urging customers to reset passwords and update configurations after threat actors accessed encrypted backup firewall preference files stored in the cloud.
The company said in a statement that less than 5% of its customers were affected. The files, while encrypted, may contain enough metadata and configuration details to aid attackers in targeting the associated firewalls.
“This was not a ransomware or similar event for SonicWall, rather this was a series of brute force attacks aimed at gaining access to the preference files stored in backup for potential further use by threat actors,” the company noted.
SonicWall has notified affected users and provided new, modified preference files created from the latest available backups. The updated files feature randomized passwords for local users, reset TOTP bindings, and new IPSec VPN keys.