Trellix: Attackers gained access to source code
Trellix, formed from FireEye and McAfee, has reported an IT incident. Attackers gained access to source code.
(Image: Trellix / Bearbeitung heise medien)
Cybercriminals have gained access to the source code repositories of Trellix, the IT security company formed from the merger of FireEye and McAfee. The company is currently investigating the incident.
Trellix announced this on its website. According to the company, Trellix noticed unauthorized access to a portion of its source code repositories. After becoming aware of this, the company engaged leading forensic experts to clarify the matter. Trellix has also informed law enforcement agencies.
According to initial investigations, the company has found no evidence that source code releases or the distribution process have been affected or that the source code has been misused. Trellix plans to release further details once the investigations are complete.
No indications of authorship
The company has not provided any details about the IT incident. It is unclear who is behind this attack. There has been no claim of responsibility on the darknet pages of more well-known cyber gangs. Trellix's wording is extremely carefully chosen; for example, it is not clearly deducible whether attackers have potentially injected their code into the repositories.
Videos by heise
It remains unclear how the attackers were able to gain access to Trellix's protected company source codes. Cyberattacks are commonplace. For instance, cybercriminals from the ShinyHunters gang recently exfiltrated data from Vimeo during a breach at service provider Anodot and have since made it available for free download on the darknet. Additionally, attackers can currently exploit a vulnerability in cPanel/WHM and take over authentication, which they have likely already done for more than 4,000 instances in Germany.
(dmk)
