The Prague based company JetBrains published a statement on its blog from CEO Maxim Shafirov denying reports that it is under investigation for possibly being involved in the SolarWinds hack. But that the company is ready to cooperate fully in any investigation, he said. Reuters and The New York Times reported on Wednesday that hackers were able to penetrate the network of American technology companies and governments using software from JetBrains.
JetBrains provides development tools for professional developers. In 2000 it was founded in Prague by three Russian programmers as a startup project. JetBrains currently employs over 1,250 people. “First and foremost, JetBrains did not participate in this attack in any way, nor was it involved in any way,” said Shafirov.
According to the NYT, security experts warn that the attacks, which lasted months, could be the most significant disruption of American networks in history. Reuters reported that the FBI is investigating whether hackers have also infiltrated JetBrains software. According to Safirov, no government or security authorities have contacted the company in this matter yet, and he does not know about the investigation. “If such an investigation is launched, the authorities can rely on our full cooperation,” he added.
According to the NYT, network management software from the American company SolarWinds, which uses JetBrains’ services, played a central role in the penetration of hackers into the networks of the US government and private companies. According to Safirov, SolarWinds is a JetBrains customer and uses the TeamCity system, which checks whether developers’ changes will cause problems in previously created software. If the TeamCity system was abused in any way, it could have been its incorrect settings, not its vulnerabilities, added Safirov.
According to the information available so far, the hackers managed to get malicious code into the systems of several US ministries, including national laboratories or the National Office for Nuclear Safety (NNSA), which oversees US nuclear weapons, through the US network tool SolarWinds. The hackers also gained access to the networks of many private companies. For example, Microsoft has admitted that hackers have accessed its source code.