430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hackers accessed Stormshield data, including source code of ANSSI certified products

The provider of network security products Stormshield discloses data breach, threat actors stole information on some of its clients. Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks. Stormshield is a French publisher of software specialized in computer security, its products are certified […]

stormshield

The provider of network security products Stormshield discloses data breach, threat actors stole information on some of its clients.

Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks.

Stormshield is a French publisher of software specialized in computer security, its products are certified and qualified by ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information).

Attackers breached one of the customer support portals and stole information on some of its clients.

The company also admitted that threat actors managed to steal the source code for the Stormshield Network Security (SNS) firewall, which is one of the products certified by the ANSSI to be used in sensitive French government environments.

“Recently, the Stormshield teams detected a security incident that resulted in an unauthorized access to a technical portal used, in particular, by our customers and partners for the management of their support tickets on our products.” reads the data breach notification published the vendor.

“Personal data and technical exchanges associated with certain accounts may have been consulted.”

The company reported the incident to the authorities and launched an investigation with the support of the ANSSI agency.

In response to the intrusion, as a precaution, the Stormshild experts reset the passwords of all accounts and enhanced the security measures to protect the portal. The IT staff reviewed all the support tickets and technical exchanges in the impacted accounts and shared the results with the customers.

At the time of this writing, it is not clear the impact of the security breach on government networks.

“Further investigations in the context of this incident have revealed the leakage of some parts of the SNS (Stormshield Network Security) source code.” continues Stormshield.

“As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised.” 

The ANSSI announced to have put Stormshield SNS and SNI products “under observation” for the duration of the investigation.

“Although the incident has no immediate operational impact for its customers, Stormshield has published an update that we recommend that you apply as a precaution.” reads a press release published by the ANSSI.
“Furthermore, for the duration of the investigations and also as a precautionary measure, ANSSI has decided to place the qualifications and approvals of SNS and SNI products under observation.”

stormshield

The French security provider announced to have anticipated the replacement of the trusted certificate that signs and ensures the integrity of the SNS (Stormshield Network Security) releases and updates. This measure was necessary to prevent supply chain attacks that could employ the update mechanisms to deliver tained updates.

The company released updates to customers and partners to deploy new certificates. 

The company also reset passwords for the accounts registered on the Stormshield Institute portal, which is used for customer training courses.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Stormshield)

[adrotate banner=”5″]

[adrotate banner=”13″]