Waqas reports:
In September 2025, SonicWall reported a data breach of its cloud backup service, stating that fewer than 5% of its customers were affected. At the time, the issue appeared contained and under investigation. That changed today after SonicWall and incident response firm Mandiant confirmed that the attackers had accessed backup configuration files for every customer using the service.
The breach began with a brute force attack targeting the MySonicWall cloud backup API, which stores encrypted firewall configuration files. These files include detailed network rules, credentials and routing data used to restore or replicate SonicWall firewalls. While the passwords and keys remain encrypted, the attackers now hold complete configuration data that could be valuable for mapping or exploiting customer networks.
“The investigation confirmed that an unauthorised party accessed firewall configuration backup files for all customers who have used SonicWall’s cloud backup service. The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks.”
SonicWall
Read more at HackRead.