The French cybersecurity company Stormshield, a leading security services provider to the French government, disclosed that a threat operator had breached one of its customer support networks and had stolen information from some of its clients.
Stormshield developed the Stormshield Network Security (SNS) firewall, a product certified with First Level Security Certification (CSPN) by France's cybersecurity agency Agence Nationale de la sécurité des systèmes d'information (ANSSI).
The company claims that, as part of the breach, attackers succeeded in stealing some of the source code for the SNS firewall to be used in sensitive French government networks.
Inside the French government, the Stormshield incident is reportedly being regarded as a critical security breach. StormShield posted an advisory on its website about the security breach incident.
“Recently, the Stormshield teams detected a security incident that resulted in an unauthorized access to a technical portal used, in particular, by our customers and partners for the management of their support tickets on our products.”
The company is reviewing the incident with ANSSI, which is now analyzing the effect of the breach on government networks. ANSSI issued a press release saying that the SNS and SNI services from Stormshield are “under observation”.
"Personal data and technical exchanges associated with certain accounts may have been consulted. We immediately alerted the account owners on the portal and we notified the French authorities,” the company says.
According to ZDNet, a business technology news website, a Stormshield spokesperson told them that "around 200 accounts out of more than 10,000." were affected in the security breach.
In addition to checking the source code of the SNS, Stormshield has claimed that it had taken other precautions to avoid other types of attacks if intruders had access to other areas of its infrastructure.
Stormshield states, “As a precaution, the passwords of all accounts were reset and we applied additional measures to the portal in order to reinforce its security.”
“All the support tickets and technical exchanges in the accounts concerned have been reviewed and the results have been communicated to the customers."
As an additional precautionary measure, the company also replaced the digital certificates used before the incident to sign SNS software updates.
"New updates have been made available to customers and partners so that their products can work with this new certificate," Stormshield says.
Cybersecurity companies, like Stormshield, tend to be seen as the priority target of highly skilled and experienced hackers.
