Stormshield suspects that there is a possibility that the attacker has the Technical Exchanges and Personal Data of the users.
A French cybersecurity firm Stormsheild has identified a security breach. The breach affected their technical portal which is used by the users for the management of their support tickets on their products.
Stormshield says that they have alerted the French authorities and suspect that there is a possibility that the attacker has the Technical Exchanges and Personal Data of the users on the portal. Pertaining to this the company has notified customers and their passwords have been reset as a precaution.
What’s alarming about the beach is that the cybersecurity firm also provides security for French Government Networks from its Stormshield Network Security Firewall. They have declared that some of the source code for this firewall has also been stolen.
French cyber-security agency ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) is assisting Stormshield in its investigation to find out if any of the government systems are compromised.
According to the analysis published on their official site, Stormshield confirms that the source code of their firewall has not tampered and none of their products have been compromised. Stormshield said:
“As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised.”
The breach is still being treated as a major security threat for the French Government. For this reason, ANSSI has considered it best to place their products i.e. SNS and SNI “under observation” until the investigation is complete.
Attackers may have access to other parts of their infrastructure, therefore the company is taking steps to ensure security and prevent future attacks if the attackers are trying to find holes in their system. Doing so they have changed their digital certificate for signing SNS software updates.
Regarding this preventive measure, they said:
“New updates have been made available to customers and partners so that their products can work with this new certificate.”
Along with a Technical Portal, Stormshield also has an Institute Portal that is used by customers for training purposes. As a security measure, they have reset the passwords for this portal as well even though it was breached.
The nature of the attack seems to be highly targeted as information of only two percent (2%) of the accounts were stolen in the security breach. The Spokesperson confirmed that out of more than ten thousand accounts only two hundred were affected.
Despite the attack, all their products are operating as usual. They have not stopped any of the technical resources and support throughout the investigation.
The origin and purpose of the attack are still unknown. Stormshield says that experienced and highly trained hackers are now targeting cybersecurity companies. The company confirms that it will update the details if any new information is revealed about the attack.