Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Software Security

FBI Probe of Major Hack Includes Project-Management Software From JetBrains (reuters.com) 25

Posted by BeauHD from the put-under-the-microscope dept.
According to Reuters, the FBI is investigating whether the hackers behind a series of intrusions at U.S. federal agencies and companies also broke into project-management software created by the Czech-based company JetBrains in order to breach its customers. From the report: Privately held JetBrains produces software called TeamCity that is used by tens of thousands of customers to construct other software. Among its customers is SolarWinds, JetBrains Chief Executive Maxim Shafirov said from St. Petersburg, Russia, where JetBrains has offices. SolarWinds revealed last month that someone with access to its system for developing network-management software had inserted back doors into two updates of its flagship Orion products.

Dozens of SolarWinds customers, including at least a half-dozen U.S. agencies, were then exploited by the same hackers. U.S. intelligence agencies said Tuesday that Russia was likely behind the damaging spree, though Russian officials denied it. Shafirov said his company had fielded questions from SolarWinds but that he had not heard anything about JetBrains software being the hackers' route into SolarWinds or other customers.
This discussion has been archived. No new comments can be posted.

FBI Probe of Major Hack Includes Project-Management Software From JetBrains More

FBI Probe of Major Hack Includes Project-Management Software From JetBrains

Comments Filter:

  • China,
    Israely
    Iran,
    Saudi Arabia,
    maybe even North Korea.
    Of course Russia too.
    Hell, what about Turkey. Or India/Pakistan?
    If it is France, I'm gonna have to fly to hell on my pig and check the temperature. :)

    Let's see who it is.

    • s/Israely/Israel,/

      Obvioisly, "Israely Iran" makes no sense. /Would/ be a hilarious fantasy though! ^^

    • Re: (Score:2)

      by Anonymous Coward

      It's probably worth noting that a significant proportion of JetBrain's development is done in Moscow, and that all the owners are Russian. The fact it's called a Czech company is merely a result of the fact that that's where the company is registered, but the reality is that it's a primarily Russian company, run by Russians.

      Given this, and given Russia's form for attacking the West digitally it shouldn't be too surprising that Russia would be the obvious culprit.

      One of our teams working on a classified proj

  • Careful analysis of this and 105 other hacks show a clear market trend of the x86 platform. No wonder Apple is leaving...
    • Have you ever looked at your X86 Path statement recently? On windows, the command shell's "path" command also displays the current path when it is issued with no arguments. So, ... c:>path will also display the current path. The SET command will display all shell variables when issued with no arguments. c:>set will display path along with everything else. Management engine, Intel cpu patches - a real dogs breakfast of superuser at boot time, With Oracle Java at the front. Apple is correct in forci

  • The weakest Link (Score:3)

    by Canberra1 ( 3475749 ) on Thursday January 07, 2021 @07:56AM (#60906208)
    It does not matter who broke in, but the clown that bought untrustworthy software not fit for the task at hand.There is a reason why builders no longer make houses of straw, or core ICT held together with cereal box certificates that have no warranty. Yep, software has no fit-for-purpose certifications. Fools who buy click and point software should also employ 8 year old child labor at the front-line, in that holy grail to shave costs. Sure, wallpaper over this embarrassment, there will probably be 200 other corporate applications or plugins that are equally vulnerable. Legal software is notoriously old and updated. Checksums on unsupported software/old versions - are rarely checked. The good news is the blackmail of siphoned data and emails has not yet occurred- so we can't nail down the players until the tracker attacked to the ransom is delivered and banked. Nobody has admitted if any 'Secret' rated networks had leaks..Nevermind it had an open internet connection. Corporate enterprises that don't do daily full checksum checking - derserve what follows. So far no vendor has explained how controlled digital signatures made the jump to production. By extension this means it will happen again.

Slashdot Top Deals

2.4 statute miles of surgical tubing at Yale U. = 1 I.V.League

Close