JetBrains, makers of Phpstorm, one of the most popular IDEs for PHP developers, has published a statement denying any involvement in the SolarWinds attack, which compromised multiple US federal agencies and private companies. The company stated that it has not been the subject of an official investigation:
JetBrains has not taken part or been involved in this attack in any way. SolarWinds is one of our customers and uses TeamCity, which is a Continuous Integration and Deployment System, used as part of building software. SolarWinds has not contacted us with any details regarding the breach and the only information we have is what has been made publicly available.
This statement contradicts a recent New York Times article that claimed unspecified officials were investigating the company’s TeamCity continuous integration software as a possible entry point for the attack:
By compromising TeamCity, or exploiting gaps in how customers use the tool, cybersecurity experts say the Russian hackers could have inconspicuously planted back doors in an untold number of JetBrains’ clients. Because TeamCity is so widely deployed, experts said, it is imperative to determine whether its software contains a vulnerability, or if attackers exploited TeamCity customers via stolen passwords or gaps in unpatched, outdated software.
The New York Times did not specify which officials and “cybersecurity experts” were the source for this information but claimed that SolarWinds was also investigating the software internally. A previous version of the article referred to JetBrains as “an obscure software company,” which ruffled the feathers of the company’s most ardent customers. SolarWinds told both the Times and The Wall Street Journal that it has not confirmed a definitive link between JetBrains and the breach of its own software.
A joint statement from the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI) and the National Security Agency (NSA) released this week points to Russia as the origin of the attacks:
This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.
Phpstorm is widely used among WordPress developers, especially since version 8 added official support for WordPress in 2014. JetBrains users took to Twitter with questions and concerns about claims that the company was under investigation. Today, JetBrains published another update that clarifies its previous statement. It states that the company’s IDEs are standalone tools with no relation to TeamCity and that there is no evidence that any of their servers or tools have been tampered with.
JetBrains is organizing an independent security audit of TeamCity and has promised a transparent report of any vulnerabilities found that may have led to a breach.
“For over 20 years, one of our pillars has been to be transparent, honest, and truthful with our customers, and nothing hurts us more than seeing unfounded allegations that damage our reputation and instill doubt on our customers,” JetBrains CEO Maxim Shafirov said.