US intelligence agencies and private cybersecurity investigators are examining the role of a widely used software company, JetBrains, in Russia’s sweeping attack on federal agencies, US private sector and infrastructure corporations, according to the investigation officials and executives.
Officials are investigating whether the company, founded in Russia and currently headquartered in the Czech Republic, is a way for Russian hackers to insert backdoors into the software of some tech companies. . Security experts warn that the month-long hack could be the largest US network breach in history.
JetBrains, which accounts for 79 of the 100 Fortune companies as customers, is used by developers at 300,000 companies. One of them is SolarWinds, Austin, Texas, whose network management software plays a central role in allowing hackers to break into government and private networks.
The exact software investigators are examining is a JetBrains product called TeamCity, which allows developers to test and exchange software code prior to release. By hacking TeamCity, cybersecurity experts say that Russian hackers may have unintentionally placed the back door on an untold number of JetBrain customers.
Separately, the Justice Department announced that its email system was compromised as part of the SolarWinds hack, a message extending the reach of government computers that Russia can access.
Government officials are unsure about how the JetBrains software compromise is related to the larger SolarWinds hack. They are looking to find out if that is a parallel way for the main Russian intelligence agency to infiltrate government and private systems or if it was the initial route for Russian agents to infiltrate SolarWinds. Firstly.
On Tuesday, the Office of the Director of National Intelligence, the FBI, the Department of Homeland Security and the National Security Agency released an official joint statement stating that Russia is most likely the source of the hack. But the statement gave no details, and did not mention the JetBrains or SVR software, Russia’s most skilled intelligence agency.
Among other JetBrains customers are Google, Hewlett-Packard and Citibank. Others include Siemens, a key technology provider in critical infrastructure such as power and nuclear plants, and VMware, a technology company that the National Security Agency warned on Dec. 7. is being used by Russian hackers to break into networks.
JetBrains did not immediately return a request for comment.
Although the security vulnerability resides in the majority of government infrastructure that has downloaded the latest SolarWinds software, Russia has been very cautious when it comes to accessing any of those networks, making it difficult to quickly evaluate damages.
In the agency’s announcement, the officials said they believe Russian hackers stop at 10 federal agencies, but internal assessment of Amazon, which is testing hackers’ tools, believes that the total number of victims in the government and the private sector could increase. 250 organizations.
Microsoft also announced on December 31 that its network was being accessed by similar attackers and confirmed that the intruders viewed the company’s source code. It does not yet indicate which products may have been compromised. CrowdStrike, a security firm, confirmed last month that it was targeted, unsuccessfully, through a Microsoft reseller, a company that sells software on behalf of Microsoft. The reseller helps to set up Microsoft’s software and often maintains broad access to customers’ systems, something Russian hackers can exploit on countless Microsoft customers.
The Justice Department did not discover and closed the vulnerability in their Microsoft Outlook email system until December 24, about 10 days after the SolarWinds hack of government computers was made public, officials said.
Marc Raimondi, a Justice Department spokesperson, said about 3% of the suite’s email inboxes using specific Microsoft software were compromised by the hack. He said that none of the grading system seems to be affected, but said that the episode was designated as a main episode.
“Compromising and introducing into a built environment like TeamCity is the holy grail of a supply chain attack,” said Dmitri Alperovitch, co-founder of CrowdStrike, who currently runs the Silverado Policy Accelerator. infiltrating a victim’s system through their supply chain or software vendor. “It could allow enemies to have thousands of SolarWinds-style backdoors in all sorts of products used by victims around the world. This is a very big deal ”.