Trellix breach: Cybergang RansomHouse claims data theft
New findings in the case of unauthorized access to Trellix source codes: The criminal gang RansomHouse claims responsibility for the data theft.
(Image: heise medien)
Last week, Trellix, the IT security company formed from the merger of FireEye and McAfee, reported an IT incident: attackers gained access to source code repositories. At the time, it was unclear who was responsible. Now, the criminal organization RansomHouse has claimed responsibility for the data theft on its darknet website.
The entry on RansomHouse's darknet page about the Trellix breach provides no details about the stolen data.
(Image:Â heise medien)
The specific darknet entry provides a download link to a sample. The gang allegedly “encrypted” McAfee's data on April 17, 2026. However, Trellix does not mention this. Trellix's carefully worded statements do not rule out the encryption of the repositories. The company merely states that there is no evidence that source code releases or the distribution process were affected or that the source code was misused.
At least RansomHouse's confession sheds some light on who broke into the IT security company and obtained the source code of the software. However, the extent of the copied data remains unclear, as does which repositories and thus which information are now exposed.
Videos by heise
At least clarity about the perpetrators
Last week, Trellix wrote that the company had noticed unauthorized access to a portion of its source code repositories. It then involved leading forensic experts to clarify the matter, according to the company. Trellix also informed law enforcement agencies. At that time, it was unclear who was responsible for the IT breach.
(dmk)
