Russian hackers may have resorted to a tool developed by JetBrains based in the Czech Republic to gain access to federal government private sector systems in the United States

American intelligence agencies and private cybersecurity investigators are investigating the role of a widespread software company, JetBrains, in widespread Russian hacking of federal agencies, private companies, and the United States’ infrastructure, according to officials and executives briefed on the investigation >
Officials are investigating whether the company founded by three Russian engineers in the Czech Republic with research laboratories in Russia was breached and used as a way for hackers to insert backdoors into the software of a myriad of tech companies, security experts warn the months of intrusion could be the biggest violation of US networks in history

JetBrains, which includes 79 of the Fortune 100 companies, is used by developers in 300000 companies used One of them is SolarWinds, the Austin, Texas-based company whose network management software played a key role in giving hackers access to government and private networks

JetBrains said Wednesday it was unaware of any investigation or compromise The exact software that investigators are investigating is a JetBrains product called TeamCity, which allows developers to test and exchange software code before it is released. p>

By compromising TeamCity or exploiting loopholes in the use of the tool by customers, cybersecurity experts say the Russian hackers may have inconspicuously planted backdoors in an immense number of JetBrains customers due to the widespread use of TeamCity, according to experts It is imperative to determine whether the software contains a vulnerability or whether an attacker exploited TeamCity customers through stolen passwords or holes in unpatched, outdated software

Separately, the Justice Department announced that its email system had been compromised as part of the SolarWinds hacking This announcement expands the scope of government computers Russia has penetrated

Government officials aren’t sure how the JetBrains software compromise will affect the bigger hacking of SolarWinds, wanting to find out if or if it was a parallel way for Russia’s main intelligence agency to break into state and private systems The original option for Russian activists was to infiltrate SolarWinds first

On Tuesday, the office of the director of the National Intelligence Service, the FB.The Department of Homeland Security and the National Security Agency issued a joint statement formally stating that Russia was most likely the origin of the hacking, but the statement didn’t give any details and didn’t mention either the JetBrains software or the S.VR., Russia’s most competent secret service

JetBrains is considered a predominant software development tool Google, Hewlett-Packard and Citibank are among its customers, and the company is widely used by Android mobile software developers. Customers also include Siemens, a major technology provider for critical Infrastructures such as power and nuclear power plants, as well as VMware, a technology company that the National Security Agency warned about in December 7, have also been used by Russian hackers to break into networks

In a statement on its blog, JetBrains said it had not been contacted by the government or security agencies

“We have not been contacted by any government or security agency on this matter, and we do not know that an investigation is underway,” said Maxim Shafirov, the company’s executive director, in a post on Wednesday. “If such an investigation is carried out, it can The authorities count on our full cooperation ”

SolarWinds confirmed Wednesday that it is using TeamCity software to aid development of its software and is investigating the software as part of its investigation. The company said it has not yet confirmed a definitive link between JetBrains and the breach and compromise of its own software

SolarWinds announced that Jan.000 customers downloaded the compromised software Investigators are of the opinion, however, that Russia had access to which of these networks, which makes it difficult to assess the damage quickly

In the joint announcement, officials said they believed the Russian hackers stopped at 10 federal agencies, but an internal Amazon review examining the hackers’ tools estimates the total number of victims in government and government Private sector could be over 250 organizations

Microsoft also announced on December 31 that its network had been breached by the same intruders, and confirmed that they had viewed the company’s source code No mention of what products might have been compromised CrowdStrike, a security firm, confirmed last month that it has been unsuccessfully targeted by a company that sells software on behalf of Microsoft. These resellers help set up Microsoft software and often have full access to customer systems that Russia’s hackers could exploit on countless Microsoft customers. p>

The Department of Justice only learned of the vulnerability in its Microsoft Outlook email system on December 24, about 10 days after the SolarWinds compromise on government computers was published, officials said

Marc Raimondi, a Justice Department spokesman, said that about 3 percent of the department’s email accounts that use specific Microsoft software have been compromised by the breach. He said no classified systems appear to have been affected , but that the episode was labeled as an important one

Regarding the method by which the hackers infiltrated victims’ systems, Dmitri Alperovitch, a founder of CrowdStrike, who now runs Silverado Policy Accelerator, said compromising and introducing a backdoor into a product like TeamCity “ the holy grail of a supply chain hack ”

“It can allow an opponent to have thousands of SolarWinds-style backdoors in all kinds of products that are used by victims around the world,” Mr. Alperovitch added, “This is a very big deal”

New York Times

World News – UK – Widely used software company may be the entry point for Huge U.S. Chop

Source: https://www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html