JetBrains denies being involved in SolarWinds hack
Czech software development firm JetBrains published a statement today denying reports from the New York Times and the Wall Street Journal claiming that JetBrains is under investigation for possibly being involved in the SolarWinds hack that impacted thousands of companies across the globe.
The reports, citing government sources, said that US officials are looking at a scenario where Russian hackers breached JetBrains and then launched attacks on its customers, one of which was SolarWinds.
In particular, investigators believe that hackers targeted a JetBrains product named TeamCity, a CI/CD (Continuous Integration/Continous Development) server that is used to assemble components into the final software app in a process known as "building."
But in a blog post published today, JetBrains CEO Maxim Shafirov said that the Czech company was unaware that it was being under investigation for its role in the SolarWinds breach.
Is it the way it usually works that one finds out about own investigation from the press? https://t.co/tEV9A0Xxvm
— Maxim Shafirov (@mshafirov) January 6, 2021
"SolarWinds is one of our customers and uses TeamCity, which is a Continuous Integration and Deployment System, used as part of building software," Shafirov said.
"SolarWinds has not contacted us with any details regarding the breach," he added.
"Secondly, we have not been contacted by any government or security agency regarding this matter, nor are we aware of being under any investigation. If such an investigation is undertaken, the authorities can count on our full cooperation."
However, the JetBrains CEO, a Russian national, didn't completely rule out the possibility that its product could have been abused in the SolarWinds hack.
"It's important to stress that TeamCity is a complex product that requires proper configuration. If TeamCity has somehow been used in this process, it could very well be due to misconfiguration, and not a specific vulnerability," the exec said.
However, the two reports are also not very clear on the alleged JetBrains breach. As Stefan Soesanto, Senior Cyber Defence Researcher at the Center for Security Studies at the Swiss Federal Institute of Technology (ETH) in Zurich, pointed out on Twitter earlier today, more details need to be clarified before any guilt is cast on JetBrains' role in the SolarWinds hack.
WSJ: TeamCity server that SolarWinds uses was accessed
— Stefan Soesanto (@iiyonite) January 6, 2021
(enabling supply chain attack against SolarWinds)
NYT: TeamCity software was compromised
(enabling supply chain attacks against untold number of JetBrains clients)
Which one is it????
Updated at 22:20 ET. An original version of this article claimed that JetBrains was being investigated as the origin point of the SolarWinds hack. ZDNet regrets the error.