JetBrains' CEO, Maxim Shafirov, denied reports from multiple news outlets that the company played a role in the SolarWinds supply chain attack.

The privately-held software vendor was founded in Prague, Czech Republic, in February 2000, and it has more than 1,200 employees.

JetBrains' products are used by over 9,000,000 developers from more than and 300,000 companies worldwide, including 95 Fortune 100 companies and 79 Fortune Global 100 companies.

The company's customer list includes Google, Netflix, Twitter, HP, Valve, Samsung, Volkswagen, NASA, Ubisoft, Citibank, Expedia, VMware, The New York Times, and many other high profile companies and organizations.

According to reports published by The New York Times, The Wall Street Journal, and Reuters, US officials are investigating if JetBrains' systems were breached, with the attackers using the access to its systems to infiltrate customer networks.

TeamCity, a continuous integration and deployment system used for unit testing and code quality analysis, is the JetBrains product that officials are reportedly looking into as a potential attack vector used by the SolarWinds hackers.

The reports present multiple potential investigation avenues including the possibility that the TeamCity software was backdoored by the threat actors to infiltrate JetBrains customers' systems and that a SolarWinds TeamCity server was compromised by exploiting high severity or critical vulnerabilities.

Reports of involvement denied by CEO

JetBrains' CEO issued an official statement after the media reports were published denying that the company was involved in any way in the SolarWinds hack.

"First and foremost, JetBrains has not taken part or been involved in this attack in any way," Shafirov said. "SolarWinds is one of our customers and uses TeamCity, which is a Continuous Integration and Deployment System, used as part of building software.

"SolarWinds has not contacted us with any details regarding the breach and the only information we have is what has been made publicly available."

He also said that he has no knowledge of JetBrains' alleged involvement in the SolarWinds supply-chain attack being investigated since no security agency or government contacted the company until the statement was published.

"Secondly, we have not been contacted by any government or security agency regarding this matter, nor are we aware of being under any investigation," he added. "If such an investigation is undertaken, the authorities can count on our full cooperation."

Shafirov also added that both TeamCity vulnerabilities or a misconfigured TeamCity server could have been used as a potential pathway into a customer's network.

"It’s important to stress that TeamCity is a complex product that requires proper configuration," he said. "If TeamCity has somehow been used in this process, it could very well be due to misconfiguration, and not a specific vulnerability."

A JetBrains spokesman also told Reuters that the company is not aware of a JetBrains breach that could have led to a hack or of any customers being impacted after exploitation of a TeamCity vulnerability.


Update January 07, 16:43 EST: JetBrains' CEO published an update regarding the SolarWinds breach.

At this point we reiterate the message we posted yesterday – we have not played any role in this breach, nor are we aware of any vulnerabilities in TeamCity that may have led to this breach, as we are also not aware of any investigation underway.

Based on the public information available (which to date is the only thing we’re aware of as neither SolarWinds nor any governmental agency have reached out to us with any details regarding the breach), it seems that the attack on SolarWinds was targeted at their build process (what the media is referring to as a supply-chain attack). SolarWinds uses TeamCity amongst other tools during the build process. However, at this point, as also supported by the statements of the SolarWinds own spokesperson, there is no evidence that TeamCity had any role in this.

None of the articles published so far, including those referencing investigations by the FBI, as well as quotes from SolarWinds themselves, show any evidence that TeamCity has any vulnerability or backdoor that would have allowed unauthorized access to the build process.

As such we have no knowledge or evidence to believe that any of our tools may have been compromised, and consequently do not believe that you are at any risk in continuing to use our tools.

We hope that the investigation with SolarWinds is finalised as soon as possible and clears up any misrepresentation of our tools and our company. We’d also like to reiterate that we offer our full cooperation with any governmental agencies and security researchers.

Related Articles:

Exploit available for new critical TeamCity auth bypass bug, patch now

Anycubic 3D printers hacked worldwide to expose security flaw

Mowing down demons: DOOM comes to Husqvarna smart lawnmowers

SolarWinds fixes critical RCE bugs in access rights audit solution

JetBrains warns of new TeamCity auth bypass vulnerability