Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks

Steven

Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks

Summary

SonicWall disclosed that an unauthorised party gained access to firewall configuration backup files stored in its cloud backup service for customers who used that feature. The backups include encrypted credentials, firewall rules and routing configurations. While SonicWall says the credentials were encrypted, possession of the files increases the risk of targeted attacks and offline cracking. The vendor is notifying customers and partners, has released assessment and remediation tools, and urges users to check MySonicWall for affected devices and follow containment steps.

Key Points

  • An unauthorised actor accessed cloud-stored firewall backup files for customers using SonicWall’s Cloud Backup service.
  • Backups contain encrypted credentials and detailed configuration data (firewall rules, routing, preferences).
  • SonicWall has updated its guidance, provided remediation tools, and prioritised affected devices on the MySonicWall portal.
  • The company previously estimated a small subset was affected but later broadened that assessment to all users of the cloud backup service.
  • SonicWall says it has hardened infrastructure, added logging and stronger authentication controls.
  • Security researchers say the attack was a brute-force against the cloud backup API and blame missing protections like rate-limiting and stricter API controls.
  • Users must log in to MySonicWall, check for backup entries and follow SonicWall’s containment and remediation playbooks immediately.

Context and relevance

Cloud backup data for network appliances is an attractive target: it provides a snapshot of network topology, rules and credentials in one place. This incident highlights two wider trends — attackers exploiting weak API protections (rate-limiting, auth) and the risk of offline cracking once encrypted material is exfiltrated. For anyone running perimeter appliances or relying on vendor cloud features, this is a reminder to treat cloud-held configuration snapshots as highly sensitive and to enforce strong passwords, MFA and rapid incident response procedures.

Why should I read this?

Short version: if you use SonicWall cloud backups (or manage firewalls), drop what you’re doing and check MySonicWall now. These backups are basically a blueprint of your network — in the wrong hands they make targeted attacks far easier. The article saves you the legwork: it flags the immediate checks to run and the remediation steps SonicWall has published.

Author style

Punchy — this is urgent, not optional. The write-up cuts to why the breach matters for network defenders and gives clear next steps. If you manage firewalls, treat the guidance as a priority action list.

Source

Source: https://thehackernews.com/2025/10/hackers-access-sonicwall-cloud-firewall.html