SonicWall recently reported a breach involving its cloud backup service, where attackers, identified as a nation-state threat actor, stole firewall configuration files. SonicWall’s CEO, Bob VanKirk, stated that the breach was limited to the cloud backup service and did not affect any of the company's products, customer data, or networks. The intrusion involved an API call, though SonicWall has not disclosed the specifics of the compromised API or how it was accessed. They did confirm that the attack vector was quickly mitigated and validated by Mandiant, but there’s no evidence that the stolen data has been exploited. The incident highlights a troubling trend where threat actors increasingly target APIs for malicious purposes. Experts note a growing concern over exposed API keys and other sensitive information, which can be found in various development environments. SonicWall's breach adds to its history of being targeted by a range of attackers, including cybercriminals and nation-state actors. In response to the persistent threats, SonicWall has launched security initiatives aimed at enhancing its defenses, including a commitment to a zero-trust architecture. Despite achieving a 100% block rate in recent firewall efficacy tests, the company's security vulnerabilities have led to rising concern within the cybersecurity community, even affecting insurance premiums for its products.