Czech software development company JetBrains published a statement today denying reports from the New York Times and the Wall Street Journal stating that JetBrains is under investigation for possibly being involved in the SolarWinds hack that has impacted thousands of companies worldwide.
The reports, citing government sources, said that US officials are analyzing a scenario in which Russian hackers breached JetBrains and then launched attacks against their customers, one of which was SolarWinds.
In particular, the researchers believe that the hackers targeted a JetBrains product called TeamCity, a CI / CD (Continuous Integration / Continuous Development) server that is used to assemble components in the final software application in a process known as “build”.
But in a post published today, JetBrains CEO Maxim Shafirov said the Czech company was unaware that it was being investigated for its role in the SolarWinds breach.
“SolarWinds is one of our customers and uses TeamCity, which is a seamless integration and deployment system, used as part of building software,” said Shafirov.
“SolarWinds did not contact us with details about the breach,” he added.
“Secondly, we have not been contacted by any government or security agency regarding this matter, nor are we aware that we are under investigation. If such an investigation is carried out, the authorities can count on our full cooperation.”
However, the CEO of JetBrains, a Russian national, did not completely rule out the possibility that his product might have been abused in the SolarWinds hack.
“It is important to emphasize that TeamCity is a complex product that requires proper configuration. If TeamCity was used in any way in this process, it may well be due to an incorrect configuration, rather than a specific vulnerability,” said the executive.
However, the two reports are also unclear about the alleged breach of JetBrains. As Stefan Soesanto, Senior Cyber Defense Researcher at the Security Studies Center at the Swiss Federal Institute of Technology (ETH) in Zurich, pointed out on Twitter today, more details need to be clarified before any blame is laid on JetBrains’ role in the hack SolarWinds.
WSJ: the TeamCity server that SolarWinds uses has been accessed
(allowing attack on the supply chain against SolarWinds)NYT: TeamCity software has been compromised
(allowing attacks on the supply chain against countless JetBrains customers)Which is ????
– Stefan Soesanto (@iiyonite) January 6, 2021
Updated at 22:20 ET. An original version of this article stated that JetBrains was being investigated as the point of origin for the SolarWinds hack. ZDNet regrets the error.