Cybersecurity Provider ‘Stormshield’ Hacked by Sophisticated Actors

  • French cybersecurity solutions provider ‘Stormshield’ suffered a security and data breach.
  • The actors accessed customer portal data and also exfiltrated parts of product source code.
  • The firm has taken all possible precautionary measures and is now carrying out an investigation.

‘Stormshield’ has announced a security incident that has resulted in unauthorized access to its technical portal, exposing the support tickets submitted by their customers and partners. These tickets, unfortunately, also involved sensitive personal and technical data.

The French company and subsidiary of Airbus has responded by notifying the country’s authorities and also reset all user passwords out of precaution. The customers who have been affected by this incident should have already received a personal notification, while additional preventive measures on Stormshield’s customer portal have been placed.

The cybersecurity solutions and software provider launched an investigation to figure out what was compromised, and they found that some parts of the SNS (Stormshield Network Security) product source code were leaked out. However, the firm assures the public that there’s no evidence of code modification that could have gone downstream to clients, so the possibility for a catastrophic supply chain attack has been ruled out for now.

The SNS trusted certificates have been revoked now, and the firm replaced them with new ones. This is to prevent the chances of having malicious updates planting backdoors onto the systems of clients. Considering that the firm's clientele includes the French state, among other high profile EU-based companies, applying all precautions that make sense is crucial. France’s National Information Systems Security Agency has also published a relevant advisory, urging all Stormshield product users to take the appropriate measures now.

We have seen no signs of the source code leaking on the dark web yet, and it’s quite likely that we won’t see this happening any time soon. This attack appears to be the work of highly sophisticated, possibly state-supported actors, as the targeting goes to the utmost level. These hackers aren't interested in selling stuff on the dark web, as their motives are to collect information, not make money.

At the moment, Stormshield keeps all its systems up and running, so the customers shouldn’t experience any disruptions. As a spokesperson stated, only about 2% of customer accounts were affected by this incident, which accounts for about 200 in absolute numbers. That’s still significant when we’re talking about government accounts, but since we’re too early in the investigation process, we can’t determine this event's significance just yet.

Latest
How to Watch Grammys 2023 Online: Live Stream the Awards from Anywhere
The 2023 Grammys are around the corner, and you will find the date, time, performers, presenters, host, nominees, and everything else you...
Italy vs. France Live Stream: How to Watch Six Nations 2023 Online from Anywhere
Excitement among spectators has reached new heights as the Six Nations Rugby Championship 2023 draws near. France, the reigning champs, will get...
How to Watch ‘Murf the Surf: Jewels, Jesus, and Mayhem in the USA’ Online from Anywhere
Murf the Surf is a 2023 true-crime docuseries that pulls back the curtain on America's most infamous jewel thief, Jack Roland Murphy....
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari