Mandiant’s investigation into the SonicWall cloud backup service hack has revealed that the breach was perpetrated by a state-sponsored threat actor, although the specific nation remains undisclosed. The incident involved unauthorized access to cloud backup files via a brute-force attack that began in early September 2025, ultimately compromising all backup files. While SonicWall assured that its products and internal systems were not affected, the company warned that the non-encrypted information within the compromised files could facilitate further attacks. This incident underscores the growing threat of state-sponsored cyber attacks on critical infrastructure and emphasizes the importance of robust cybersecurity measures to safeguard sensitive information in increasingly interconnected digital environments.