Security Firm Stormshield Discloses Data Breach, Theft of Source Code


Stormshield is a French based leading cyber-security firm that provides network security services and security equipment to the government. Recently the firm discovered that malicious actors have used one of its customer support portals and stole sensitive credentials of some of its customers. While reporting the same to the press, the firm also said that hackers successfully managed to steal parts of the source code for the Stromshield Network Security (SNS) firewall, a product certified for use in sensitive government networks, as part of infiltration. 

The organization told that its team is investigating the attack and assessing the impact of the breach on government systems with the French cyber-security agency ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information). 

"As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised," Stormshield said in a message posted earlier today on its website. 

The cybersecurity department of the French government is taking this cyberattack as a major data breach. The French cyber-security agency ANSSI noted in its own press release that "Stormshield SNS and SNI products have been 'under observation' for the duration of the investigation." 

Additionally, Stromshield has informed that its department is reviewing the SNS source code and has also taken some major steps to prevent further attacks on the firm. The Company has also replaced the digital certificates which were used to sign SNS software updates. 

"New updates have been made available to customers and partners so that their products can work with this new certificate, all the support tickets and technical exchanges in the accounts concerned have been reviewed and the results have been communicated to the customers," Stormshield spokesperson said. 

“Only about 2% of customer’s accounts were affected in the breach, which is "around 200 accounts out of more than 10,000." He added. 

Furthermore, the French security firm said “it also reset passwords for its tech support portal, which the attackers breached, and the Stormshield Institute portal, used for customer training courses, which weren’t breached, but the company decided to reset passwords as a preventive measure”.