Stormshield, a French cyber security firm, is the latest cyber security firm to suffer a breach. While not the first cyber security firm to be hacked, and certainly not the last, the Stormshield breach is important as they are a major cyber security provider to the French government.
You may recall in December 2020, SolarWinds announced a major breach of its systems. As a provider to many U.S. Government agencies, the SolarWinds breach was blamed for compromising email traffic at the U.S. Treasury and Commerce departments. Ruled a nation-state attack, the SolarWinds breach has affected many government agencies and businesses who use their software. The damage from this attack is still being actively remediated as more vulnerabilities are being found.
In Stormshield’s case, it is not yet known who breached their systems or why. What is know so far is that the hackers breached one of its customer support portals and stole information on some of its clients. The company also reported that the hackers managed to steal parts of the source code for the Stormshield Network Security (SNS) firewall. This is troubling because this firewall is certified to be used in sensitive French government networks.
Stormshield has been forthcoming with the announcement of this breach and is working with the French cyber-security agency ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), to assess the breach’s impact on government systems.
“As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised,” Stormshield said in a message posted on its website February 3rd.
In addition to working with the authorities, Stormshield has taken steps to prevent further attacks. The digital certificates that they used prior to the incident to sign SNS software updates have been replaced. Furthermore, the French security firm said it also reset passwords for its tech support portal, which the attackers breached, and the Stormshield Institute portal, used for customer training courses, which wasn’t breached, but reset the passwords anyway as a preventive measure.
Hackers love to target cyber security companies in many cases just to feed their own egos, but there seems to be a growing trend of state-sponsored hackers succeeding in compromising cyber security firms that do business with the government. While cyber espionage is nothing new, the fact that it seems to be growing, and that the hacks are getting more successful is concerning.