Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise.
The agency, which issued an emergency directive to federal agencies Thursday, said it took months to determine the root cause and mitigate the activity.
Cisco said it was investigating state-sponsored espionage attacks in May. CISA did not explain why it waited four months to issue an emergency directive.
A recent wave of attacks targeting SonicWall customers has researchers and authorities on alert. Many victim organizations had misconfigurations in their systems.