There’s probably something to the JetBrains coverage. We’re left to make decisions based on unsourced rumours that pre-date these stories and firm, repeated denials from JetBrains’ CEO. Without them, the news isn’t actionable for policy makers or infosec teams. None of these crucially important details appear in any of the three stories. We don’t even know if SolarWinds was using a hosted account or an on-premise server. Do they allege SVR operators hacked into JetBrains’ network to take over multiple JetBrains accounts, including SolarWinds’? Again, no, not specifically. Do these articles allege that JetBrains staff knowingly helped compromise SolarWinds’ TeamCity instance? Not specifically. None of the three stories, however, specified what was compromised or how. The Wall Street Journal took a little more caution, conceding that its sources weren’t sure how SolarWinds’ TeamCity server was accessed, while Reuters only added that the FBI was investigating the matter. Readers could easily be left with the impression that JetBrains was either compromised – much in the same manner as SolarWinds – or a party to the compromise.
TEAMCITY HACK SOFTWARE
The New York Times promoted its story with the fact that JetBrains CEO was born in Russia, and that its operations are based in the Czech Republic, just as previous New York Times stories made much of SolarWinds employing software engineers in Central Europe. JetBrains acknowledges that SolarWinds is a TeamCity customer.
TEAMCITY HACK UPDATE
It makes for a juicy target for attackers intent on modifying a software update in the final stages of the build process. Software developers use JetBrains, typically in combination with a version control system, to manage and automate the testing and compilation process. JetBrains’ TeamCity is a build management and continuous integration server. The thinly sourced and somewhat confusing stories were published in New York Times and the Wall Street Journal and repeated by Reuters. Two of America’s most respected mastheads allege that attackers were able to poison a SolarWinds software update in early 2020 via the company’s use of JetBrains TeamCity. JetBrains stories generate heat, shed little light
0 kommentar(er)
