Czech software development firm JetBrains published a statement today denying reports from the New York Times and the Wall Street Journal claiming that JetBrains software is under investigation and involved in the SolarWinds hack that impacted thousands of companies across the globe.
The reports claim that SolarWinds used a JetBrains product called TeamCity, a CI/DI server that is used to assemble components into the final software app in a process known as “building.”
The two publications cited government sources who are currently looking at the scenario where Russian hackers compromised the TeamCity server used inside SolarWinds and inserted malware into SolarWinds’ Orion app, an IT monitoring platform used by tens of thousands of companies across the world.
These trojanized Orion updates were downloaded by almost 18,000 SolarWinds customers across the globe and helped Russian hackers breach high-value targets like security firm FireEye, IT giant Microsoft, and the US Department of Justice, among many.
But in a blog post published today, JetBrains CEO Maxim Shafirov said that the Czech company was unaware of any of these allegations.
“SolarWinds is one of our customers and uses TeamCity, which is a Continuous Integration and Deployment System, used as part of building software,” Shafirov said.
“SolarWinds has not contacted us with any details regarding the breach,” he added.
“Secondly, we have not been contacted by any government or security agency regarding this matter, nor are we aware of being under any investigation. If such an investigation is undertaken, the authorities can count on our full cooperation.”
However, the JetBrains CEO, a Russian national, didn’t completely rule out the possibility that its product could have been abused in the SolarWinds hack.
“It’s important to stress that TeamCity is a complex product that requires proper configuration. If TeamCity has somehow been used in this process, it could very well be due to misconfiguration, and not a specific vulnerability,” the exec said.
The two reports are also not very clear on the details, as Stefan Soesanto, Senior Cyber Defence Researcher at the Center for Security Studies at the Swiss Federal Institute of Technology (ETH) in Zurich, pointed out on Twitter earlier today.
Before any guilt is cast on JetBrains’ role in the SolarWinds hack, more details need to come to light.
WSJ: TeamCity server that SolarWinds uses was accessed
(enabling supply chain attack against SolarWinds)NYT: TeamCity software was compromised
(enabling supply chain attacks against untold number of JetBrains clients)Which one is it????
— Stefan Soesanto (@iiyonite) January 6, 2021