JetBrains' CEO, Maxim Shafirov, denied reports from multiple news outlets that the company played a role in the SolarWinds supply chain attack.
The privately-held software vendor was founded in Prague, Czech Republic, in February 2000, and it has more than 1,200 employees.
JetBrains' products are used by over 9,000,000 developers from more than and 300,000 companies worldwide, including 95 Fortune 100 companies and 79 Fortune Global 100 companies.
The company's customer list includes Google, Netflix, Twitter, HP, Valve, Samsung, Volkswagen, NASA, Ubisoft, Citibank, Expedia, VMware, The New York Times, and many other high profile companies and organizations.
According to reports published by The New York Times, The Wall Street Journal, and Reuters, US officials are investigating if JetBrains' systems were breached, with the attackers using the access to its systems to infiltrate customer networks.
TeamCity, a continuous integration and deployment system used for unit testing and code quality analysis, is the JetBrains product that officials are reportedly looking into as a potential attack vector used by the SolarWinds hackers.
The reports present multiple potential investigation avenues including the possibility that the TeamCity software was backdoored by the threat actors to infiltrate JetBrains customers' systems and that a SolarWinds TeamCity server was compromised by exploiting high severity or critical vulnerabilities.
Reports of involvement denied by CEO
JetBrains' CEO issued an official statement after the media reports were published denying that the company was involved in any way in the SolarWinds hack.
"First and foremost, JetBrains has not taken part or been involved in this attack in any way," Shafirov said. "SolarWinds is one of our customers and uses TeamCity, which is a Continuous Integration and Deployment System, used as part of building software.
"SolarWinds has not contacted us with any details regarding the breach and the only information we have is what has been made publicly available."
He also said that he has no knowledge of JetBrains' alleged involvement in the SolarWinds supply-chain attack being investigated since no security agency or government contacted the company until the statement was published.
"Secondly, we have not been contacted by any government or security agency regarding this matter, nor are we aware of being under any investigation," he added. "If such an investigation is undertaken, the authorities can count on our full cooperation."
Shafirov also added that both TeamCity vulnerabilities or a misconfigured TeamCity server could have been used as a potential pathway into a customer's network.
"It’s important to stress that TeamCity is a complex product that requires proper configuration," he said. "If TeamCity has somehow been used in this process, it could very well be due to misconfiguration, and not a specific vulnerability."
A JetBrains spokesman also told Reuters that the company is not aware of a JetBrains breach that could have led to a hack or of any customers being impacted after exploitation of a TeamCity vulnerability.
Update January 07, 16:43 EST: JetBrains' CEO published an update regarding the SolarWinds breach.
At this point we reiterate the message we posted yesterday – we have not played any role in this breach, nor are we aware of any vulnerabilities in TeamCity that may have led to this breach, as we are also not aware of any investigation underway.
Based on the public information available (which to date is the only thing we’re aware of as neither SolarWinds nor any governmental agency have reached out to us with any details regarding the breach), it seems that the attack on SolarWinds was targeted at their build process (what the media is referring to as a supply-chain attack). SolarWinds uses TeamCity amongst other tools during the build process. However, at this point, as also supported by the statements of the SolarWinds own spokesperson, there is no evidence that TeamCity had any role in this.
None of the articles published so far, including those referencing investigations by the FBI, as well as quotes from SolarWinds themselves, show any evidence that TeamCity has any vulnerability or backdoor that would have allowed unauthorized access to the build process.
As such we have no knowledge or evidence to believe that any of our tools may have been compromised, and consequently do not believe that you are at any risk in continuing to use our tools.
We hope that the investigation with SolarWinds is finalised as soon as possible and clears up any misrepresentation of our tools and our company. We’d also like to reiterate that we offer our full cooperation with any governmental agencies and security researchers.
Comments
and24v1 - 3 years ago
Imagine something like the competition opening breaches to harm the jobs of thousands of employees, and not to mention all the people that SolarWinds provides software. I'm just speculating over here, but this kind of situations are just sad for me. Good post!