https://www.sonicwall.com/support/ Updated September 22, 2025 Description SonicWall’s security teams recently detected suspicious activity targeting the cloud backup service for firewalls, which we confirmed as a security incident in the past few days. Our investigation found that threat actors accessed backup firewall preference files stored in the cloud for fewer than 5% of our firewall install base. While credentials within the files were encrypted, the files also included information that could make it easier for attackers to potentially exploit the related firewall. We are not presently aware of these files being leaked online by threat actors. This was not a ransomware or similar event for SonicWall, rather this was a series of brute force attacks aimed at gaining access to the preference files stored in backup for potential further use by threat actors. TIP: Learn more by watching this helpful video guide here Affected Products: SonicWall Firewalls with preference files backed up in MySonicWall.com Due to the sensitivity of the configuration files, we highly encourage customers to take the following steps immediately: Log in to your MySonicWall.com account and verify if cloud backups exist for your registered firewalls: If fields are blank (Figure 1): You are NOT at risk. A screenshot of a computer AI-generated content may be incorrect. Figure 1 – Does Not Contain Backup If fields contain backup details (Figure 2): Please continue reading. Image Figure 2 – Contains Backups Verify whether impacted serial numbers are listed in your account. Upon login, navigate to Product Management | Issue List, the affected serial numbers will be flagged with information such as Friendly Name, Last Download Date and Known Impacted Services. Image If Serial Numbers are shown: the listed firewalls are at risk and should follow the containment and remediation guidelines: Essential Credential Reset NOTE: Impacted Services should be used for general guidance only. The services listed were identified as being enabled and should be immediately reviewed. ALL SERVICES WITH CREDENTIALS THAT WERE ENABLED AT, OR BEFORE, THE TIME OF BACKUP SHOULD BE REVIEWED FOR EACH SERIAL NUMBER LISTED. If you have used the Cloud Backup feature but no Serial Numbers are shown or only some of your registered Serial Numbers: SonicWall will provide additional guidance in coming days to determine if your backup files were impacted. Please check back on this page for this additional information: MySonicWall Cloud Backup File Incident Technical Containment and Mitigation Documentation can be found at: Essential Credential Reset Remediation Playbook NOTE: Use the SonicWall Online Tool to identify services that require remediation. Follow the on-screen instructions to proceed. (UPE Mode is not supported.) We have a dedicated support service team available to help you with any of these changes. If you need any assistance, please login to your MySonicWall account and open a case with our Support team. You can access your account at: https://www.mysonicwall.com/muir/login. Change Log: 2025-9-17 4:40 AM PDT: Initial publish. 2025-9-17 2:45 PM PDT: Minor formatting update. 2025-9-17 8:45 PM PDT: Revised incident disclosure text to clarify scope (%3C5%25%20of%20firewalls),%20encrypted%20credentials,%20no%20known%20leaks,%20and%20brute-force%20(not%20ransomware)%20attack.%0D%0A%20%20%20%202025-9-18%20%205:38%20AM%20PDT:%20Changed%20formatting%20and%20provided%20detailed%20steps%20with%20screenshots.%0D%0A%20%20%20%202025-9-18%20%209:19%20AM%20PDT:%20Updated%20guidance%20steps,%20navigation%20screenshots,%20and%20note%20clarifying%20review%20of%20impacted%20services.%0D%0A%20%20%20%202025-9-18%204:30%20PM%20PDT:%20Updated%20KB%20text%20and%20image%20to%20clarify%20affected%20products,%20provide%20step-by-step%20backup%20verification%20instructions,%20and%20replace%20figures%20showing%20when%20backups%20are%20or%20are%20not%20present.%0D%0A%20%20%20%202025-9-19%201:15%20PM%20PDT:%20No%20updates%20at%20this%20time.%0D%0A%20%20%20%202025-9-20%209:15%20AM%20PDT:%20Added%20a%20Tip%20with%20a%20video%20guide%20and%20a%20Note%20linking%20to%20the%20SonicWall%20online%20tool%20for%20firewall%20configuration%20analysis%20and%20remediation%20guidance.%0D%0A%20%20%20%202025-9-22%208:20%20AM%20PDT:%20No%20updates%20at%20this%20time.%0D%0A%0A%3CDT%3EWe set out to craft the perfect phishing scam. Major AI chatbots were happy to help.
A REUTERS INVESTIGATION By STEVE STECKLOW and POPPY MCPHERSON Filed Sept. 15, 2025, 10:30 a.m. GMT The email seemed innocent enough. It invited senior citizens to learn about the Silver Hearts Foundation, a new charity dedicated to providing the elderly with care and companionship. “We believe every senior deserves dignity and joy in their golden years,” it read. “By clicking here, you’ll discover heartwarming stories of seniors we’ve helped and learn how you can join our mission.” But the charity was fake, and the email’s purpose was to defraud seniors out of large sums of money. Its author: Elon Musk’s artificial-intelligence chatbot, Grok. Grok generated the deception after being asked by Reuters to create a phishing email targeting the elderly. Without prodding, the bot also suggested fine-tuning the pitch to make it more urgent: “Don’t wait! Join our compassionate community today and help transform lives. Click now to act before it’s too late!” The Musk company behind Grok, xAI, didn’t respond to a request for comment. Phishing – tricking people into revealing sensitive information online via scam messages such as the one produced by Grok – is the gateway for many types of online fraud. It’s a global problem, with billions of phishing emails and texts sent every day. And it’s the number-one reported cybercrime in the U.S., according to the Federal Bureau of Investigation. Older people are especially vulnerable: Complaints of phishing by Americans aged 60 and older jumped more than eight-fold last year as they lost at least $4.9 billion to online fraud, FBI data show. Daniel Frank, a retired accountant in California, clicked on a link in an AI-generated simulated phishing email in a Reuters study. “AI is a genie out of the bottle,” he says. REUTERS/Daniel Cole The advent of generative AI has made the problem of phishing much worse, the FBI says. Now, a Reuters investigation shows how anyone can use today’s popular AI chatbots to plan and execute a persuasive scam with ease. Reporters tested the willingness of a half-dozen major bots to ignore their built-in safety training and produce phishing emails for conning older people. The reporters also used the chatbots to help plan a simulated scam campaign, including advice on the best time of day to send the emails. And Reuters partnered with Fred Heiding, a Harvard University researcher and an expert in phishing, to test the effectiveness of some of those emails on a pool of about 100 senior-citizen volunteers. Major chatbots do receive training from their makers to avoid conniving in wrongdoing – but it’s often ineffective. Grok warned a reporter that the malicious email it created “should not be used in real-world scenarios.” The bot nonetheless produced the phishing attempt as requested and dialed it up with the “click now” line. Five other popular AI chatbots were tested as well: OpenAI’s ChatGPT, Meta’s Meta AI, Anthropic’s Claude, Google’s Gemini and DeepSeek, a Chinese AI assistant. They mostly refused to produce emails in response to requests that made clear the intent was to defraud seniors. Still, the chatbots’ defenses against nefarious requests were easy to overcome: All went to work crafting deceptions after mild cajoling or being fed simple ruses – that the messages were needed by a researcher studying phishing, or a novelist writing about a scam operation. “You can always bypass these things,” said Heiding. That gullibility, the testing found, makes chatbots potentially valuable partners in crime. Heiding led a study last year which showed that phishing emails generated by ChatGPT can be just as effective in getting recipients (in that case, university students) to click on potentially malicious links as ones penned by humans. That’s a powerful advance for criminals, because unlike people, AI bots can churn out endless varieties of deceptions instantaneously, at little cost, slashing the money and time needed to perpetrate scams. Harvard researcher Fred Heiding designed the phishing study with Reuters. AI bots have weak defenses against being put to nefarious use, he says: “You can always bypass these things.” REUTERS/Shannon Stapleton Heiding collaborated with Reuters to test the effectiveness of nine of the phishing emails generated using five chatbots on U.S. senior citizens. The seniors – 108 in all – consented to participate as unpaid volunteers. No money or banking information, of course, was taken from the participants. Overall, about 11% of the seniors clicked on the emails sent. Five of the nine scam mails tested drew clicks: two generated by Meta AI, two by Grok and one by Claude. None clicked on emails generated by ChatGPT or DeepSeek. The results don’t measure the bots’ relative power to deceive: The study was designed to assess the effectiveness of AI-generated phishing emails in general, not to compare the five bots. (For more on the study’s methods, see related story.) The reporters used the bots to create several dozen emails, and then, much as a criminal group might do, chose nine that seemed likeliest to hoodwink recipients. That may partly explain why so many seniors clicked on them. It's impossible to know the success rate of phishing messages sent by actual criminals. But Proofpoint, a major California-based cybersecurity firm, has studied simulated phishing campaigns conducted by its clients. Proofpoint found that 5.8% of millions of test scam emails sent last year by clients to their employees succeeded in duping the recipients. “This is an industry-wide c...
