CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Investigation Launched Into Role of JetBrains Product in SolarWinds Hack: Reports

Cybersecurity companies and U.S. intelligence agencies are investigating the possible role played by a product from JetBrains in the recently discovered SolarWinds hack, according to reports.

Cybersecurity companies and U.S. intelligence agencies are investigating the possible role played by a product from JetBrains in the recently discovered SolarWinds hack, according to reports.

The New York Times and Reuters reported on Wednesday that cybersecurity experts and government agencies are trying to determine whether the hackers that targeted SolarWinds may have abused software created by JetBrains to achieve their goal.

JetBrains is a software development company based in the Czech Republic. The firm has offices in Europe, Russia and the United States, and it claims that its solutions are used by over 9 million developers across 300,000 companies around the world, including 95 of the Fortune 100 companies and 79 Fortune Global 100 companies.

In a statement issued in response to the New York Times article, JetBrains CEO Maxim Shafirov said his company was not aware of any investigations into its software’s role in the SolarWinds breach, but noted that they are prepared to cooperate.

According to reports, the JetBrains product possibly abused by the SolarWinds hackers is TeamCity, a continuous integration and development system. Shafirov has confirmed that SolarWinds is a customer.

“It’s important to stress that TeamCity is a complex product that requires proper configuration. If TeamCity has somehow been used in this process, it could very well be due to misconfiguration, and not a specific vulnerability,” Shafirov said, pointing to a section of the JetBrains website where they regularly inform customers about the vulnerabilities patched in products.

The New York Times reported that SolarWinds has yet to confirm a definitive connection between TeamCity and the attack targeting its systems.

Continuous Updates: Everything You Need to Know About the SolarWinds Attack

Advertisement. Scroll to continue reading.

It’s worth pointing out that the attack on SolarWinds is believed to have started at least one year prior to its discovery, and it’s possible that SolarWinds has also been targeted by a second, unrelated threat actor.

The United States has officially said that the attack on SolarWinds was likely conducted by Russia, an accusation that Moscow has denied.

The breach, which involved the delivery of trojanized updates for SolarWinds’ Orion product, is believed to have allowed the attackers to breach the networks of at least 250 government and private organizations. The latest government organization to admit being hit is the U.S. Justice Department, which said on Wednesday that three percent of its Microsoft 365 email accounts were potentially affected, but claimed there was no evidence that classified systems were impacted.

Related: Class Action Lawsuit Filed Against SolarWinds Over Hack

Related: Microsoft Says ‘SolarWinds’ Hackers Viewed Internal Code

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.