Hackers accessed Stormshield data, including source code of ANSSI certified products

The provider of network security products Stormshield discloses data breach, threat actors stole information on some of its clients.

Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks.

Stormshield is a French publisher of software specialized in computer security, its products are certified and qualified by ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information).

Attackers breached one of the customer support portals and stole information on some of its clients.

The company also admitted that threat actors managed to steal the source code for the Stormshield Network Security (SNS) firewall, which is one of the products certified by the ANSSI to be used in sensitive French government environments.

“Recently, the Stormshield teams detected a security incident that resulted in an unauthorized access to a technical portal used, in particular, by our customers and partners for the management of their support tickets on our products.” reads the data breach notification published the vendor.

“Personal data and technical exchanges associated with certain accounts may have been consulted.”

The company reported the incident to the authorities and launched an investigation with the support of the ANSSI agency.

In response to the intrusion, as a precaution, the Stormshild experts reset the passwords of all accounts and enhanced the security measures to protect the portal. The IT staff reviewed all the support tickets and technical exchanges in the impacted accounts and shared the results with the customers.

At the time of this writing, it is not clear the impact of the security breach on government networks.

“Further investigations in the context of this incident have revealed the leakage of some parts of the SNS (Stormshield Network Security) source code.” continues Stormshield.

“As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised.” 

The ANSSI announced to have put Stormshield SNS and SNI products “under observation” for the duration of the investigation.

“Although the incident has no immediate operational impact for its customers, Stormshield has published an update that we recommend that you apply as a precaution.” reads a press release published by the ANSSI.
“Furthermore, for the duration of the investigations and also as a precautionary measure, ANSSI has decided to place the qualifications and approvals of SNS and SNI products under observation.”

The French security provider announced to have anticipated the replacement of the trusted certificate that signs and ensures the integrity of the SNS (Stormshield Network Security) releases and updates. This measure was necessary to prevent supply chain attacks that could employ the update mechanisms to deliver tained updates.

The company released updates to customers and partners to deploy new certificates. 

The company also reset passwords for the accounts registered on the Stormshield Institute portal, which is used for customer training courses.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Stormshield)

[adrotate banner=”5″]

[adrotate banner=”13″]