The FBI has launched an investigation to find out if the attackers behind the SolarWinds data breach also hacked into project management software from the Czech firm JetBrains.
JetBrains produces a software called TeamCity, which is used by thousands of customers for continuous integration and development as part of the DevOps process. The company has roughly 300,000 customers worldwide, including 95 Fortune 100 companies.
Reuters reports that U.S. authorities and security experts think hackers may have compromised TeamCity for the purpose of implanting a backdoor, which would have led to the compromise of SolarWinds.
The CEO of JetBrains, Maxim Shafirov, has recently said it was possible a customer misconfiguration of TeamCity could have enabled a hack. He has also said the company has yet to be contacted by investigators. Here is a direct quote from the CEO:
"JetBrains has not taken part or been involved in this attack in any way. It's important to stress that TeamCity is a complex product that requires proper configuration. If TeamCity has somehow been used in this [SolarWinds breach] process, it could very well be due to misconfiguration, and not a specific vulnerability.
SolarWinds has not contacted us with any details regarding the breach, and the only information we have is what has been made publicly available.... We have not been contacted by any government or security agency regarding this matter, nor are we aware of being under any investigation. If such an investigation is undertaken, the authorities can count on our full cooperation."
Cyberattack ties back to Russia
The U.S. government has created the Cyber Unified Coordination Group (UCG) for the purpose of investigating this SolarWinds data breach. The task force says the attack was likely an intelligence gathering operation carried out by an advanced persistent threat (APT) group with ties to Russia.
The UCG also found that the hackers placed a backdoor on SolarWinds' Orion network monitoring tool, used by many private sector and U.S. federal agencies, back in March 2020. Over several months, roughly 18,000 organizations installed the version of Orion that contained the backdoor. This enabled the hackers to remotely access some infected systems as well as push more malware and exfiltrate data in a subset of the infected organizations.
The U.S. Justice Department was one of the organizations affected, but it has previously reported that no classified systems were compromised.
Other U.S. government agencies affected by this attack include Commerce, Homeland Security, State, Energy, and Treasury departments, as well as some branches of the Pentagon.