Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management
French Security Firm Says Hackers Accessed Its Source CodeStormshield Is a Major Supplier of Security Products to the French Government
French security vendor Stormshield has launched an investigation after an internal review found that hackers accessed the source code of the company's network security product.
On Thursday, Stormshield acknowledged the company had sustained a breach and that unknown hackers had accessed the source code of its Stormshield Network Security product. The firm supplies firewalls and other products to the French government and the military, and some of its tools carry the highest certification issued by France's National Information Systems Security Agency, or ANSSI, which is the country's main cybersecurity agency.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The French government is assisting in the investigation, the company says. Stormshield, a subsidiary of Airbus CyberSecurity, also sells endpoint protection and data loss prevention tools.
Stormshield notes that the hackers gained unauthorized access to a technical portal that its customers and partners use for client support. Then, the hackers accessed personal details and technical exchanges between the company and its customers, along with the source code, the company notes.
"As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised," the company notes.
The company says it is not releasing more details on the hacking incident while the investigation is ongoing. It has initiated security steps, including resetting all passwords of customer accounts as well as reviewing all support tickets and technical exchanges between clients and the firm, according to the alert.
"As an additional precautionary measure, we have anticipated the replacement of the trusted certificate that signs and ensures the integrity of the SNS [Stormshield Network Security] releases and updates," Stormshield notes. "New updates have been made available to customers and partners so that their products can work with this new certificate."
A Stormshield spokesperson could not be immediately reached for comment on Friday.
Targeting Security Vendors
The Stormshield hacking incident comes at a time when numerous security firms have acknowledged that their infrastructure and tools have been either targeted or compromised following the SolarWinds supply chain hack, which was first disclosed in December 2020 (see: SolarWinds Hackers Cast a Wide Net).
FireEye, Malwarebytes and Mimecast have all acknowledged that their networks were affected by the SolarWinds hackers.
Other security firms, such as CrowdStrike and Palo Alto Networks, also appear to have been targeted by the same hacking group, but these intrusions apparently were unsuccessful.
Additional security vendors have also said their networks have been hacked. On Wednesday, SonicWall released a patch for a zero-day vulnerability that affects its Secure Mobile Access, or SMA, gateway product line. This came after the company discovered a "coordinated attack" on its internal network on Jan. 22 (see: SonicWall Confirms Zero-Day Flaw Affects Certain Products).
An Attractive Target
By targeting security firms, hackers are trying to gain access to sensitive enterprise customer data, analysts say.
"These companies present a concentrated attack vector, rich with sensitive customer data from a wealth of enterprise customers," says Kevin Dunne, president at security firm Greenlight.
Vishal Jain, co-founder and CTO at security firm Valtix, says that organizations of all types should rethink their third-party vendor risk management strategies, paying particular attention to automatic software updates that are pushed out and not reviewed.
"Attackers are clearly targeting various software product and services providers that enterprises use," Jain says. "The key is a defense-in-depth approach of automating security that makes it much more expensive for attackers who are currently pivoting on one-off exploits."