Parts of source code leaked in recent Stormshield security breach

Parts of source code leaked

Digital infrastructure security company Stormshield announced this week that some parts of its Stormshield Network Security (SNS) source code were leaked. Its teams detected a security breach that led to unauthorized access to a “technical portal used, in particular, by our customers and partners for the management of their support tickets on our products.”

Stormshield, a wholly-owned subsidiary of France-based Airbus CyberSecurity, also revealed that in addition to the parts of source code, personal data and technical exchanges associated with certain accounts “may have been consulted,” the company said in a security advisory. The company has as a precautionary measure reset the passwords of all accounts, and applied additional measures to the portal in order to reinforce its security.

All the activities and technical resources that serve customers and partners are still fully operational, the company said. During the investigations, no failure of the Stormshield solutions was detected.

Affected SNS customers have been informed. “As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised,” according to the vendor.

The cybersecurity company has as an additional precautionary measure anticipated the replacement of the trusted certificate that signs and ensures the integrity of the SNS releases and updates. New updates have been made available to customers and partners so that their products can work with this new certificate.

Stormshield’s technical support remains at the disposal of the account owners on the MyStormshield and Stormshield Institute portals to obtain the specific information that concerns them.

Following the confirmation of a security breach by Stormshield, the French National Agency for the Security of Information Systems (ANSSI) issued a security advisory in French.

“Although the incident has no immediate operational impact for its customers, Stormshield has published an update that we recommend that you apply as a precaution,” according to a translation of ANSSI’s statement from SecurityWeek. “Furthermore, for the duration of the investigations and also as a precautionary measure, ANSSI has decided to place the qualifications and approvals of SNS and SNI products under observation,” the translation continued.

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on whatsapp

Author

Join over 5,000 Industrial OT & Cyber professionals

Weekly Newsletter direct to your inbox