[ad_1]
Czech software development company JetBrains released a statement today denying New York Times and Wall Street Journal reports claiming that JetBrains is under investigation for possibly being involved in the SolarWinds hack that has affected thousands of businesses around the world.
Reports, citing government sources, say U.S. officials are considering a scenario in which Russian hackers breached JetBrains and then launched attacks against its customers, including SolarWinds.
In particular, investigators believe that the hackers targeted a JetBrains product named TeamCity, a Continuous Integration / Continous Development (CI / CD) server that is used to assemble components into the final software application in a process called “build.”
But in a blog post published today, JetBrains CEO Maxim Shafirov said the Czech company was unaware it was under investigation for its role in the SolarWinds breach.
“SolarWinds is one of our customers and uses TeamCity, which is a continuous integration and deployment system used in software creation,” Shafirov said.
“SolarWinds has not contacted us with details regarding the violation,” he added.
“Second, we have not been contacted by any government or security agency about this, nor do we know whether to be investigated. If such an investigation is undertaken, the authorities can count on our full confidence. cooperation.”
However, the CEO of JetBrains, a Russian national, did not completely rule out the possibility that his product could have been abused in the SolarWinds hack.
“It is important to stress that TeamCity is a complex product that requires proper configuration. If TeamCity has been used in some way or another in this process, it could very well be due to misconfiguration and not specific vulnerability, ”the executive said.
However, the two reports are also not very clear about the alleged violation of JetBrains. As Stefan Soesanto, Senior Cyber Defense Researcher at the Center for Security Studies at the Swiss Federal Institute of Technology Zurich (ETH) in Zurich, pointed out on Twitter earlier today, more details need to be clarified before any Guilt is cast on JetBrains’ role in the SolarWinds hack.
WSJ: access to the TeamCity server used by SolarWinds
(activation of supply chain attack on SolarWinds)NYT: TeamCity software has been compromised
(enabling supply chain attacks against countless numbers of JetBrains customers)Which one is it ????
– Stefan Soesanto (@iiyonite) January 6, 2021
Updated at 10:20 p.m. ET. An original version of this article claimed that JetBrains was under investigation as the origin point of the SolarWinds hack. ZDNet regrets the error.
[ad_2]
Source link