“These files can provide threat actors with critical information such as user, group, and domain settings, DNS and log settings, and certificates,” he adds. Arctic Wolf has previously observed threat actors, including nation-state and ransomware groups, exfiltrating firewall configuration files to use for future attacks.
Required security measures
SonicWall is currently urging all customers and partners to regularly check their devices for updates. The company has published a list of affected devices on its customer portal under “Product Management > Issue List.”
The devices are classified according to urgency:
