13 after the firm found that it was also a victim of a supply chain attack and had its penetration testing tools stolen (see: FireEye: SolarWinds Hack 'Genuinely Impacted' 50 Victims).įurther analysis revealed that during March, the attackers snuck a backdoor into SolarWinds' Orion network monitoring tool, which is widely used both across the private sector and in U.S. The attack campaign was discovered by security firm FireEye on Dec. government to investigate the SolarWinds breach said it was likely an intelligence operation carried out by an advanced persistent threat group with ties to Russia (see: SolarWinds Attack: Pointing a Finger at Russia). On Tuesday, the Cyber Unified Coordination Group task force set up by the U.S. The attacker could have then proceeded to implant a backdoor to infect JetBrains' customers. The New York Times reported some security experts believe that hackers could have compromised TeamCity by exploiting unpatched vulnerabilities in the application or through stealing credentials. If such an investigation is undertaken, the authorities can count on our full cooperation." … We have not been contacted by any government or security agency regarding this matter, nor are we aware of being under any investigation. Responding to the news reports, Shafirov says: "SolarWinds has not contacted us with any details regarding the breach, and the only information we have is what has been made publicly available. Besides SolarWinds, other customers including Twitter, Google, Siemens and Citibank, according to the company's website. JetBrains says it has about 300,000 customers worldwide, including 95 Fortune 100 companies. intelligence authorities and security experts believe the hackers may have compromised TeamCity to implant a backdoor that would then lead to the compromise of SolarWinds - a JetBrains customer (see: Severe SolarWinds Hacking: 250 Organizations Affected?). authorities are investigating the possibility that the hackers who breached SolarWinds abused JetBrains' TeamCity, which is used for continuous integration/continuous development as part of the DevOps process.Ĭiting sources with knowledge of the investigation, the reports note that U.S. On Wednesday, the New York Times and Reuters reported that U.S. If TeamCity has somehow been used in this process, it could very well be due to misconfiguration, and not a specific vulnerability." He adds, however, that "it’s important to stress that TeamCity is a complex product that requires proper configuration. "JetBrains has not taken part or been involved in this attack in any way," the CEO says. See Also: Live Webinar | Navigating the Difficulties of Patching OT But he says customer misconfiguration of TeamCity could have enabled a hack. Reacting to news reports claiming hackers may have used Czech software firm JetBrains’ TeamCity tool as an initial infection vector during the attack against SolarWinds, JetBrains CEO Maxim Shafirov says the company has not been contacted by investigators.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |