SolarWinds confirmed Wednesday that it used TeamCity software to assist with the development of its software and was investigating the software as part of its continuing investigation. The company said it had yet to confirm a definitive link between JetBrains and the breach and compromise of its own software.
SolarWinds previously said that 18,000 customers downloaded its compromised software, but investigators believe Russia was judicious in which of those networks it gained access to, making it difficult to quickly assess the damage.
In the joint announcement, officials said they believed the Russian hackers stopped at 10 federal agencies, but an internal assessment by Amazon, which has been examining hackers’ tools, believe the total number of victims in government and the private sector could be upward of 250 organizations.
Microsoft also announced on Dec. 31 that its network was breached by the same attackers, and confirmed that the intruders viewed the company’s source code. It has not said which products may have been compromised. CrowdStrike, a security firm, confirmed last month that it was targeted, unsuccessfully, through a Microsoft reseller, a company that sells software on behalf of Microsoft. Resellers help set up Microsoft software and often maintain broad access to clients’ systems, which Russia’s hackers could exploit on untold numbers of Microsoft customers.
The Justice Department did not learn of, and close off, the vulnerability in its Microsoft Outlook email system until Dec. 24, some 10 days after the SolarWinds compromise of government computers became public, officials said.
Marc Raimondi, a Justice Department spokesman, said that about 3 percent of the department’s email mailboxes that use the specific Microsoft software were compromised by the hack. He said no classified systems appear to be affected, but said that the episode had been designated as a major one.
“Compromising and introducing a back door into a build environment such as TeamCity is the holy grail of a supply chain hack,” said Dmitri Alperovitch, a co-founder of CrowdStrike who now runs Silverado Policy Accelerator, referring to the method Russian hackers used to enter victims’ systems through their supply chains, software vendors.