Type
Incident
Actors
Unknown
Pub. date
September 25, 2025
Initial access
Password attack
Impact
Data exfiltration
Observed techniques
Password bruteforcing
Targeted technologies
SonicWall firewall
References
https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330
Status
Finalized
Last edited
Sep 30, 2025 1:25 PM
SonicWall has disclosed a security incident affecting its MySonicWall cloud backup service. Threat actors conducted brute force attacks on the MySonicWall.com portal and gained unauthorized access to a subset of firewall preference files. While fewer than 5% of firewall installations were impacted and sensitive credentials remain strongly encrypted, configuration details contained in the files were only encoded, potentially providing attackers with useful intelligence for targeting associated firewall devices. According to SonicWall, no evidence currently suggests that the files have been leaked online, and the event was not ransomware-related.