Cybersecurity firm Huntress has issued a warning about a widespread breach impacting SonicWall SSL VPN devices, which has affected over 100 accounts across 16 customer networks. The attacks began on October 4, 2025, with attackers leveraging valid credentials to rapidly authenticate into compromised devices, as opposed to using brute-force login attempts.
Huntress detected unusual activity originating from a specific IP address, where threat actors initially logged into the VPN but in some cases disconnected shortly after without taking further action. However, in other instances, they engaged in network scanning and attempted to access multiple local Windows accounts.
This alert follows a recent incident in which SonicWall disclosed that an unauthorized exposure had taken place, leading to the leak of firewall configuration backup files from MySonicWall accounts. These configuration files, which contain sensitive information, such as user settings and domain configurations, can greatly assist attackers in exploiting and gaining access to organizational networks.
While there is no definitive evidence linking the credential breach to the previous exposure, the significant risk posed by the sensitive information in the compromised configuration files has prompted Huntress to recommend several precautionary measures. Organizations utilizing SonicWall’s cloud backup service are urged to reset their credentials on active firewall devices, limit remote access capabilities, revoke external API keys connected to management systems, and enforce multi-factor authentication (MFA) for all administrative accounts.
The concern is further heightened by the ongoing rise in ransomware incidents that target SonicWall firewall devices, indicating that attackers are actively exploiting known vulnerabilities for initial access to networks. In light of these developments, cybersecurity professionals stress the continuous need for rigorous patch management to protect against both newly discovered and previously disclosed security flaws.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.