Cloud Backup Security Incident Investigation Complete and Strengthened Cyber Resilience

In early September, SonicWall detected suspicious activity related to the downloading of backup firewall configuration files stored in a specific cloud environment. Our incident response team immediately activated our established response protocols, engaged Mandiant, a leading cybersecurity response firm, and notified our global partners and customers directly about the incident and remediation steps to protect their customers.   

In addition to frequent and transparent communication with partners and customers, SonicWall hosted live, interactive Q&A sessions for partners, developed and delivered remediation tools to assist partners in their efforts, and provided commercial concessions to help offset the financial burden associated with the remediation efforts. Our partners responded swiftly and professionally, including executing our recommended remediation actions. 

The Mandiant investigation is now complete. Their findings confirm that the malicious activity – carried out by a state-sponsored threat actor - was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call. The incident is unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices. 

The incident did not impact SonicWall products or firmware. No other SonicWall systems or tools, source code, or customer networks were disrupted or compromised. SonicWall has taken all current remediation actions recommended by Mandiant and will continue working with Mandiant and other third parties for ongoing hardening of our network and cloud infrastructure. 

While SonicWall has long been a leader and continues to win industry recognition for the security efficacy of its products and its unwavering commitment to its channel partners, SonicWall is using the learnings from this incident and feedback from its partners to continue to improve. 

Earlier this year, SonicWall had already launched a strategic and proactive Secure by Design modernization initiative across product architecture, cloud operations, and internal security practices. We appointed a new Chief Information Officer (CIO) to accelerate this transformation across infrastructure, development pipelines, and service delivery, and have made key investments in our CSIRT and PSIRT teams, vendors and tools. We are also continuing to improve how we interact with our partners when security issues arise.  

As nation-state–backed threat actors increasingly target edge security providers, especially those serving SMB and distributed environments, SonicWall is committed to strengthening its position as a leader for partners and their SMB customers on the front lines of this escalation. Our platform strategy is already aligned to that future. 

 This confidence is reinforced by independent validation. In the most recent NetSecOPEN third-party efficacy test, SonicWall was the only firewall vendor to achieve a 100% block rate across every test category—public CVEs, private CVEs, malware, and evasion techniques—for the second consecutive year. 

SonicWall remains fully committed to proactive transparency, accelerated security innovation, and deep partner collaboration, not only in response to emerging threats, but in anticipation of them. We are confident that SonicWall emerges from this moment stronger, more resilient, and even more trusted as a long-term cybersecurity partner to our customers, partners, and investors.