JetBrains denies being involved in SolarWinds hack

JetBrains denies reports that is being under investigation and somehow related to the SolarWinds breach.
Written by Catalin Cimpanu, Contributor

Czech software development firm JetBrains published a statement today denying reports from the New York Times and the Wall Street Journal claiming that JetBrains is under investigation for possibly being involved in the SolarWinds hack that impacted thousands of companies across the globe.

The reports, citing government sources, said that US officials are looking at a scenario where Russian hackers breached JetBrains and then launched attacks on its customers, one of which was SolarWinds.

In particular, investigators believe that hackers targeted a JetBrains product named TeamCity, a CI/CD (Continuous Integration/Continous Development) server that is used to assemble components into the final software app in a process known as "building."

But in a blog post published today, JetBrains CEO Maxim Shafirov said that the Czech company was unaware that it was being under investigation for its role in the SolarWinds breach.

"SolarWinds is one of our customers and uses TeamCity, which is a Continuous Integration and Deployment System, used as part of building software," Shafirov said.

"SolarWinds has not contacted us with any details regarding the breach," he added.

"Secondly, we have not been contacted by any government or security agency regarding this matter, nor are we aware of being under any investigation. If such an investigation is undertaken, the authorities can count on our full cooperation."

However, the JetBrains CEO, a Russian national, didn't completely rule out the possibility that its product could have been abused in the SolarWinds hack.

"It's important to stress that TeamCity is a complex product that requires proper configuration. If TeamCity has somehow been used in this process, it could very well be due to misconfiguration, and not a specific vulnerability," the exec said.

However, the two reports are also not very clear on the alleged JetBrains breach. As Stefan Soesanto, Senior Cyber Defence Researcher at the Center for Security Studies at the Swiss Federal Institute of Technology (ETH) in Zurich, pointed out on Twitter earlier today, more details need to be clarified before any guilt is cast on JetBrains' role in the SolarWinds hack.

Updated at 22:20 ET. An original version of this article claimed that JetBrains was being investigated as the origin point of the SolarWinds hack. ZDNet regrets the error.

Editorial standards