France-based cyber security firm Stormshield has revealed a leak of source code from its Stormshield Network Security and Network Security Industrial Firewall products following a cyber attack that saw malicious actors gain unauthorized access to a technical portal used by customers and partners to manage tech support tickets.
The incident understood in December 2020 also saw the personal data and technical exchanges associated with several customer accounts accessed, viewed, and possibly stolen. All the affected users have already been contacted. The firm has also notified the French authorities, reset all its account passwords, and strengthened security across its support portal. It has also shored up security on its Stormshield Institute portal, which customers use to access training courses. Stormshield is also replacing all certificates on the SNS product and has made updates available to customers and partners so that their installations can continue to work.
“Companies like Stormshield, that provide cyber security solutions against the explosion of cyber threats, would appear to be a new target for highly prepared and experienced attackers,” the firm said in a statement. “We will continue to bring visibility on this incident, depending on the elements that we can communicate.”
Contacted by Computer Weekly’s sister title LeMagIT, Stormshield CEO Pierre-Yves Hentzen said the firm’s investigation had identified several advanced techniques used in the attack, suggesting it was targeted and had been carefully prepared. He said only 2% of customer accounts were affected in the incident – 200 out of more than 10,000.