Cybersecurity Provider ‘Stormshield’ Hacked by Sophisticated Actors

  • French cybersecurity solutions provider ‘Stormshield’ suffered a security and data breach.
  • The actors accessed customer portal data and also exfiltrated parts of product source code.
  • The firm has taken all possible precautionary measures and is now carrying out an investigation.

‘Stormshield’ has announced a security incident that has resulted in unauthorized access to its technical portal, exposing the support tickets submitted by their customers and partners. These tickets, unfortunately, also involved sensitive personal and technical data.

The French company and subsidiary of Airbus has responded by notifying the country’s authorities and also reset all user passwords out of precaution. The customers who have been affected by this incident should have already received a personal notification, while additional preventive measures on Stormshield’s customer portal have been placed.

The cybersecurity solutions and software provider launched an investigation to figure out what was compromised, and they found that some parts of the SNS (Stormshield Network Security) product source code were leaked out. However, the firm assures the public that there’s no evidence of code modification that could have gone downstream to clients, so the possibility for a catastrophic supply chain attack has been ruled out for now.

The SNS trusted certificates have been revoked now, and the firm replaced them with new ones. This is to prevent the chances of having malicious updates planting backdoors onto the systems of clients. Considering that the firm's clientele includes the French state, among other high profile EU-based companies, applying all precautions that make sense is crucial. France’s National Information Systems Security Agency has also published a relevant advisory, urging all Stormshield product users to take the appropriate measures now.

We have seen no signs of the source code leaking on the dark web yet, and it’s quite likely that we won’t see this happening any time soon. This attack appears to be the work of highly sophisticated, possibly state-supported actors, as the targeting goes to the utmost level. These hackers aren't interested in selling stuff on the dark web, as their motives are to collect information, not make money.

At the moment, Stormshield keeps all its systems up and running, so the customers shouldn’t experience any disruptions. As a spokesperson stated, only about 2% of customer accounts were affected by this incident, which accounts for about 200 in absolute numbers. That’s still significant when we’re talking about government accounts, but since we’re too early in the investigation process, we can’t determine this event's significance just yet.

REVIEW OVERVIEW

Latest

Will There Be a Money Heist Season 6 on Netflix?

As Money Heist came to an end on December 3, it left fans wondering what would happen next. Even though this was...

How to Watch Atlanta Hawks Games Online Without Cable

The Atlanta Hawks are one of the most exciting teams in the NBA, with a great core of talented young players and...

Android Users Now Have Access to Google Photos’ Locked Folder

The Google Photos 'Locked Folder' is rolling out to Android and older Pixel devices that didn't get it at launch.This feature lets...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari