Cybersecurity companies and U.S. intelligence agencies are investigating the possible role played by a product from JetBrains in the recently discovered SolarWinds hack, according to reports.
The New York Times and Reuters reported on Wednesday that cybersecurity experts and government agencies are trying to determine whether the hackers that targeted SolarWinds may have abused software created by JetBrains to achieve their goal.
JetBrains is a software development company based in the Czech Republic. The firm has offices in Europe, Russia and the United States, and it claims that its solutions are used by over 9 million developers across 300,000 companies around the world, including 95 of the Fortune 100 companies and 79 Fortune Global 100 companies.
In a statement issued in response to the New York Times article, JetBrains CEO Maxim Shafirov said his company was not aware of any investigations into its software’s role in the SolarWinds breach, but noted that they are prepared to cooperate.
According to reports, the JetBrains product possibly abused by the SolarWinds hackers is TeamCity, a continuous integration and development system. Shafirov has confirmed that SolarWinds is a customer.
“It’s important to stress that TeamCity is a complex product that requires proper configuration. If TeamCity has somehow been used in this process, it could very well be due to misconfiguration, and not a specific vulnerability,” Shafirov said, pointing to a section of the JetBrains website where they regularly inform customers about the vulnerabilities patched in products.
The New York Times reported that SolarWinds has yet to confirm a definitive connection between TeamCity and the attack targeting its systems.
It’s worth pointing out that the attack on SolarWinds is believed to have started at least one year prior to its discovery, and it’s possible that SolarWinds has also been targeted by a second, unrelated threat actor.
The United States has officially said that the attack on SolarWinds was likely conducted by Russia, an accusation that Moscow has denied.
The breach, which involved the delivery of trojanized updates for SolarWinds’ Orion product, is believed to have allowed the attackers to breach the networks of at least 250 government and private organizations. The latest government organization to admit being hit is the U.S. Justice Department, which said on Wednesday that three percent of its Microsoft 365 email accounts were potentially affected, but claimed there was no evidence that classified systems were impacted.