SolarWinds Hack Investigation Now Points to JetBrains as a Possible Weak Link in the Cyber Kill Chain, New York Times Reports

JetBrains, a software company that builds tools for numerous partners worldwide, is now under investigation for a possible role in the massive SolarWinds hack, according to a New York Times report. The SolarWinds hack is likely one of the most prominent supply-chain cybersecurity compromises in history.

One of the company’s products is Orion, a management tool used by thousands of organizations and corporations. Hackers figured out a way to infect several Orion updates, which in turn allowed threat actors to compromise SolarWinds clients’ systems.

Law enforcement agencies and cybersecurity experts are still figuring out how it was done. New information flows in steadily as institutions and organizations discover they were compromised. According to a New York Times report, the investigation appears to be taking another direction, towards a Czech-based company named JetBrains that makes a tool used by SolarWinds to build Orion.

TeamCity is a tool built by JetBrains that lets developers test code before the release of a product. Any vulnerability in TeamCity would spread to products using it, including SolarWinds. Or at least that’s the current investigation line.

“Officials are investigating whether the company, founded by three Russian engineers in the Czech Republic with research labs in Russia, was breached and used as a pathway for hackers to insert back doors into the software of an untold number of technology companies,” states the NY Times report.

It’s worth pointing out that the report doesn’t cite anyone and gives no indication as to where this information comes from. The only fact that gives some credence to the story is that SolarWinds is a JetBrains customer. This is worrying because 79 of the Fortune 100 companies are also JetBrains customers.

On the other hand, JetBrains completely denied that it’s part of any investigation and directly said it hasn’t been contacted by SolarWinds, cybersecurity experts or law enforcement agencies.

“SolarWinds has not contacted us with any details regarding the breach and the only information we have is what has been made publicly available,” said JetBrains. “It’s important to stress that TeamCity is a complex product that requires proper configuration. If TeamCity has somehow been used in this process, it could very well be due to misconfiguration, and not a specific vulnerability.”

“Secondly, we have not been contacted by any government or security agency regarding this matter, nor are we aware of being under any investigation,” the company concluded. “If such an investigation is undertaken, the authorities can count on our full cooperation.”