Connect with us

Hi, what are you looking for?



Investigation Launched Into Role of JetBrains Product in SolarWinds Hack: Reports

Cybersecurity companies and U.S. intelligence agencies are investigating the possible role played by a product from JetBrains in the recently discovered SolarWinds hack, according to reports.

Cybersecurity companies and U.S. intelligence agencies are investigating the possible role played by a product from JetBrains in the recently discovered SolarWinds hack, according to reports.

The New York Times and Reuters reported on Wednesday that cybersecurity experts and government agencies are trying to determine whether the hackers that targeted SolarWinds may have abused software created by JetBrains to achieve their goal.

JetBrains is a software development company based in the Czech Republic. The firm has offices in Europe, Russia and the United States, and it claims that its solutions are used by over 9 million developers across 300,000 companies around the world, including 95 of the Fortune 100 companies and 79 Fortune Global 100 companies.

In a statement issued in response to the New York Times article, JetBrains CEO Maxim Shafirov said his company was not aware of any investigations into its software’s role in the SolarWinds breach, but noted that they are prepared to cooperate.

According to reports, the JetBrains product possibly abused by the SolarWinds hackers is TeamCity, a continuous integration and development system. Shafirov has confirmed that SolarWinds is a customer.

“It’s important to stress that TeamCity is a complex product that requires proper configuration. If TeamCity has somehow been used in this process, it could very well be due to misconfiguration, and not a specific vulnerability,” Shafirov said, pointing to a section of the JetBrains website where they regularly inform customers about the vulnerabilities patched in products.

The New York Times reported that SolarWinds has yet to confirm a definitive connection between TeamCity and the attack targeting its systems.

Advertisement. Scroll to continue reading.

Continuous Updates: Everything You Need to Know About the SolarWinds Attack

It’s worth pointing out that the attack on SolarWinds is believed to have started at least one year prior to its discovery, and it’s possible that SolarWinds has also been targeted by a second, unrelated threat actor.

The United States has officially said that the attack on SolarWinds was likely conducted by Russia, an accusation that Moscow has denied.

The breach, which involved the delivery of trojanized updates for SolarWinds’ Orion product, is believed to have allowed the attackers to breach the networks of at least 250 government and private organizations. The latest government organization to admit being hit is the U.S. Justice Department, which said on Wednesday that three percent of its Microsoft 365 email accounts were potentially affected, but claimed there was no evidence that classified systems were impacted.

Related: Class Action Lawsuit Filed Against SolarWinds Over Hack

Related: Microsoft Says ‘SolarWinds’ Hackers Viewed Internal Code

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...