CEO Refutes Reports of Involvement in SolarWinds Campaign

The Russian CEO of a software provider has hit back at reports that one of the firm’s products may have been exploited by Russian hackers in the recent SolarWinds campaign.

Czech-headquartered JetBrains provides tools for software developers including TeamCity, a continuous integration and deployment system at the center of the reports.

The New York Times and others claimed that unspecified US intelligence agencies and cybersecurity investigators are looking into whether Russian state attackers managed to compromise the software. They’re unsure whether it may have been used to gain a foothold into the SolarWinds developer environment, or as a direct attack vector into US government systems, it said.

According to the report, JetBrains is used at 300,000 businesses globally including 79 of the Fortune 100 and has research labs in Russia.

However, in two posts following the reports, St Petersburg-based CEO Maxim Shafirov refuted any allegations that the firm may have played an unwitting role in the audacious cyber-espionage campaign, and added that no government officials had yet been in contact.

“To date we have no knowledge of TeamCity or JetBrains having been compromised in any way that would lead to such a situation. In addition, we not only run regular scheduled audits of our software, but we are now organizing a further independent security audit of TeamCity,” he explained.

“If we are to find any vulnerability in the product that may have led to this, we will be fully transparent on the matter and inform our customers under our security and privacy policies. It’s also worth mentioning that we ourselves do not use SolarWinds Orion or any of their other software.”

Shafirov essentially argued that if JetBrains is under investigation, it is merely because TeamCity is used by SolarWinds during its build process.

However, in a separate post, he did explain a hypothetical situation in which the product may have been abused.

“It’s important to stress that TeamCity is a complex product that requires proper configuration. If TeamCity has somehow been used in this process, it could very well be due to misconfiguration, and not a specific vulnerability,” Shafirov said.

This week, the Department of Justice became the first US government entity to shed some light on the scope of the compromise, claiming attackers managed to access 3% of its Office 365 inboxes, which means more than 3000 users were affected.

What’s Hot on Infosecurity Magazine?