TRENDING:

Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management

French Security Firm Says Hackers Accessed Its Source Code

Stormshield Is a Major Supplier of Security Products to the French Government Akshaya Asokan (asokan_akshaya) • February 5, 2021    
French Security Firm Says Hackers Accessed Its Source Code

French security vendor Stormshield has launched an investigation after an internal review found that hackers accessed the source code of the company's network security product.

On Thursday, Stormshield acknowledged the company had sustained a breach and that unknown hackers had accessed the source code of its Stormshield Network Security product. The firm supplies firewalls and other products to the French government and the military, and some of its tools carry the highest certification issued by France's National Information Systems Security Agency, or ANSSI, which is the country's main cybersecurity agency.

See Also: Cyber Maturity: New Look at Prioritizing, Quantifying Risk

The French government is assisting in the investigation, the company says. Stormshield, a subsidiary of Airbus CyberSecurity, also sells endpoint protection and data loss prevention tools.

Stormshield notes that the hackers gained unauthorized access to a technical portal that its customers and partners use for client support. Then, the hackers accessed personal details and technical exchanges between the company and its customers, along with the source code, the company notes.

"As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised," the company notes.

The company says it is not releasing more details on the hacking incident while the investigation is ongoing. It has initiated security steps, including resetting all passwords of customer accounts as well as reviewing all support tickets and technical exchanges between clients and the firm, according to the alert.

"As an additional precautionary measure, we have anticipated the replacement of the trusted certificate that signs and ensures the integrity of the SNS [Stormshield Network Security] releases and updates," Stormshield notes. "New updates have been made available to customers and partners so that their products can work with this new certificate."

A Stormshield spokesperson could not be immediately reached for comment on Friday.

Targeting Security Vendors

The Stormshield hacking incident comes at a time when numerous security firms have acknowledged that their infrastructure and tools have been either targeted or compromised following the SolarWinds supply chain hack, which was first disclosed in December 2020 (see: SolarWinds Hackers Cast a Wide Net).

FireEye, Malwarebytes and Mimecast have all acknowledged that their networks were affected by the SolarWinds hackers.

Other security firms, such as CrowdStrike and Palo Alto Networks, also appear to have been targeted by the same hacking group, but these intrusions apparently were unsuccessful.

Additional security vendors have also said their networks have been hacked. On Wednesday, SonicWall released a patch for a zero-day vulnerability that affects its Secure Mobile Access, or SMA, gateway product line. This came after the company discovered a "coordinated attack" on its internal network on Jan. 22 (see: SonicWall Confirms Zero-Day Flaw Affects Certain Products).

An Attractive Target

By targeting security firms, hackers are trying to gain access to sensitive enterprise customer data, analysts say.

"These companies present a concentrated attack vector, rich with sensitive customer data from a wealth of enterprise customers," says Kevin Dunne, president at security firm Greenlight.

Vishal Jain, co-founder and CTO at security firm Valtix, says that organizations of all types should rethink their third-party vendor risk management strategies, paying particular attention to automatic software updates that are pushed out and not reviewed.

"Attackers are clearly targeting various software product and services providers that enterprises use," Jain says. "The key is a defense-in-depth approach of automating security that makes it much more expensive for attackers who are currently pivoting on one-off exploits."

Previous
Flaws Found in Geeni Smart Doorbells, Security Cameras
Next
2020 Breach Statistics: An Analysis

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.