Cybersecurity firm SonicWall attributed the September security breach exposing firewall configuration files to state-sponsored hackers.In September, SonicWall urged customers to reset credentials after firewall backup files tied to MySonicWall accounts were exposed. The company announced it had blocked attackers’ access and was working with cybersecurity experts and law enforcement agencies to determine the scope of the breach.SonicWall initially said under 5% of customers were impacted, and no files leaked.The incident impacted SonicWall Firewalls with preference files backed up in MySonicWall.comOn October 8, SonicWall confirmed that threat actors accessed the preference files of all firewalls using its MySonicWall cloud backup service.SonicWall said the stolen files contain encrypted credentials and configs, which could aid attacks. They are notifying affected users and providing assessment tools. Updated device lists now classify impacted firewalls by priority to guide remediation.The cybersecurity firm urged password resets and revealed that the security breach is unrelated to Akira ransomware or SSLVPN attacks.Now, SonicWall says state-sponsored hackers are behind the September security breach. Mandiant confirmed the breach didn’t impact SonicWall products, firmware, tools, source code, or customer networks.“The Mandiant investigation is now complete. Their findings confirm that the malicious activity – carried out by a state-sponsored threat actor – was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call.” reads the announcement published by the company. “The incident is unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices. “SonicWall applied Mandiant’s fixes and is strengthening its systems with the help of external experts.“As nation-state–backed threat actors increasingly target edge security providers, especially those serving SMB and distributed environments, SonicWall is committed to strengthening its position as a leader for partners and their SMB customers on the front lines of this escalation.” continues the announcement. “Our platform strategy is already aligned to that future.”Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, state-sponsored hackers)