Hackers have breached Stormshield's customer support ticketing system and stolen some of the security company’s network firewall source code, Stormshield has disclosed. Among the areas of additional concern: The company, based in France, provides various security services to the French government -- which is monitoring the situation closely.
Breach details as of Friday, February 5, 2021:
- The threat actor gained access to a Stormshield support portal and stole some customer information.
- All the support tickets and technical exchanges in the accounts concerned have been reviewed and the results have been communicated to the customers.
- As a precaution, the passwords of all accounts were reset and we applied additional measures to the portal in order to reinforce its security.
- The stolen source code involves Stormshield's Network Security (SNS) firewall.
- The French National Agency for the Security of Information Systems (ANSSI) issued this statement about the Stormshield breach.
Stormshield, a subsidiary of Airbus Security, focuses on network, endpoint and data security. The company works with a network of solution resellers and distributors, but doesn't specifically mention MSPs or MSSPs on the partner section of its website.
Hackers Target Cybersecurity Companies (Again)
The Stormshield statement also reinforced the obvious:
"Companies like Stormshield, that provide cybersecurity solutions against the explosion of cyberthreats, would appear to be a new target for highly prepared and experienced attackers."
Indeed, multiple cybersecurity companies have been targeted in recent months, and some of the attacks appear related to a SolarWinds breach that was discovered in December 2020. Still, Stormshield did not suggest that its own breach was somehow related to SolarWinds.
