October 13, 2025: Sonic Wall has warned ALL customers to reset their MySonicWall account credentials in order to protect firewall configuration backup files that could allow unauthorized threat actors access who have breached SonicWalls’s systems.

As of September 17, 2025, SonicWall confirmed that an unauthorized party accessed firewall configuration backup files stored in its MySonicWall cloud backup environment.

These threat actors are logging into multiple SSSL VPN accounts of compromised devices using valid credentials that were encrypted, which poses a high risk to any affected organizations, according to SonicWall.

What is the Impact of the SonicWall Cloud Backup Breach?

Firewalls and SSL VPNs are common remote access points for vendors and staff. If backup files or credentials are abused, attackers can gain remote access to critical systems, potentially tampering with firewalls, taking critical systems offline, exfiltrating PII, and move laterally throughout your network.

SonicWall Cloud Backup Breach Mitigation Recommendations

Immediate actions we recommend if your organization uses Sonic Wall’s Cloud Backup Service:

  • Blocking 202.155.8[.]73 at the network edge
  • Restrict/disable VPN access until credentials can be reset
  • Review for unapproved VPN logins

SecuLore Guidance For SonicWall Security Breach

Check your device to updates and see if your device is affected, according to SonicWall and your admins can follow a detailed guide they have provided.

Attackers with valid credentials can blend in to your environment, making detection much more challenging.

That’s why it’s important to have logs reviewed, identify unusual VPN logins or unusual hours, look for unexplained configurations, changes to role-based access including to sensitive systems that are unusual for certain accounts.

Additional Actions Actions Critical Networks Should Take

If you’re unsure how exposed your agency is, a Vulnerability Risk Assessment can help identify weaknesses before attackers do.

SecuLore’s continuous, passive monitoring allows threats to be detected early before attackers gain persistence. Our cybersecurity analysts continuously monitor activity patterns across PSAP and ECC environments nationwide to detect anomalies in logins to instances such as firewalls or VPNS.

  • Unauthorized remote access into dispatch networks.

  • Lateral movement into 911 call-handling systems.

  • Disruption of emergency communications and response operations.

For agencies already dealing with staffing and operational pressures, a network compromise could directly impact public safety missions.

What Public Safety Agencies Should Do Now

Awareness is the first step to your cyber defense strategies.

Monitor SonicWall Advisories

Stay alert for updates from SonicWall. Be ready to change passwords or address any issues with affected devices.

Assess Your Vulnerability

If you’re unsure how exposed your agency is, a Vulnerability Risk Assessment can help identify weaknesses before attackers do.

Prepare Incident Response Teams

Make sure your team has updated incident response playbooks for handling a firewall or VPN breach. Test your incident response procedures now.

Read More

Enable Continuous Monitoring

Because zero-day exploits can spread quickly, many agencies benefit from CyberSight™ Monitoring. Continuous, passive monitoring allows threats to be detected early before attackers gain persistence.

Staying Ahead of Cyber Threats

Third party breaches represent one of the most dangerous risks to public safety networks. By acting early, PSAPs and ECCs can limit exposure and protect mission-critical systems like CAD and 911 communications.

SecuLore’s mission is to defend public safety agencies against evolving cyber threats.

Whether through vulnerability assessments or continuous monitoring, we work alongside your team to strengthen defenses and improve readiness.

If your agency uses SonicWall devices and backup cloud services, now is the time to act before threat actors gain access to and move laterally across your network.

Contact SecuLore to learn how we can help monitor your network for anomalous behavior, suspicious or unauthorized logins and other activity.

Other Alerts

  • SonicWall Breach – Backup Files Exposed: Advice for Critical Networks

    2025-10-13

  • Update – Cisco ASA Zero-Day Attacks: What Public Safety Agencies Need to Know

    2025-09-09

  • Cyber Alert: Mitel and Oracle Vulnerabilities

    2025-01-13

  • Cyber Alert: Ivanti Connect Secure Flaw

    2025-01-13

  • Cyber Alert: Zyxel Firewall Vulnerability

    2024-12-05

Cybersecurity for Critical Infrastructure

SecuLore provides Managed Detection and Response (MDR) to protect our nation’s critical infrastructure from cyber threats. Our expertise is built on deep knowledge of 9-1-1 technology, cyberwarfare, and ethical hacking, ensuring the highest level of cybersecurity for public safety agencies.

  • 24/7 Vulnerability & Threat Monitoring

  • Automated & AI Threat Detection

  • Specialized Threat Intelligence

  • Proactive Threat Hunting

  • Incident Response & Remediation

  • Forensics & Root Cause Analysis