One of France’s leading cybersecurity companies, StormShield, has recently revealed that its systems had been hacked. The penetration resulted in an unknown threat operator being able to gain access to the firm’s system for support tickets and then steal the source code belonging to StormShield’s firewall security software.

Experts in cybersecurity solutions in France

A respected French cybersecurity company, StormShield currently develops Unified Threat Management (UTM) firewall options and solutions for secure file management and endpoint protection.

At present, SNi40, devised by StormShield, is the only industrial-strength firewall that has been awarded First Level Security Certification (CSPN) by the French National Agency for the Security of Information Systems (ANSSI).

In a recent security advisory that was released by StormShield, the company disclosed that its technical portal, which was being utilised in a support ticket capacity, had been compromised. Furthermore, it stated that the threat actors responsible for the penetration could potentially have reviewed exchanges of a technical nature.

The advisory stated:

“Recently, the Stormshield teams detected a security incident that resulted in an unauthorised access to a technical portal used, in particular, by our customers and partners for the management of their support tickets on our products. Personal data and technical exchanges associated with certain accounts may have been consulted.”

The firm confirmed that it had immediately informed all account owners using the portal, along with the French authorities, of the breach. As an added precaution, it also commented that all account passwords had been reset and that additional measures were taken to reinforce the security of the portal. It added:

“All the support tickets and technical exchanges in the accounts concerned have been reviewed and the results have been communicated to the customers.”

Network security source code accessed

During an in-depth investigation following the incident, StormShield later discovered that the malicious actors who made the assault also accessed a segment of the source code associated with the Stormshield Network Security firmware. However, under inspection by security teams, the findings didn’t indicate that any of the source code was tampered with or changed in the attack. Despite this, all customers were also informed of the source code leak.

The potential danger of threat actors accessing the Stormshield Network Security firmware is that it powers the cybersecurity company’s Unified Threat Management firewalls. With access to its source code, the hackers may find it easier to discover bugs and other vulnerabilities that other attackers may be able to use in future campaigns, exploiting the devices using the UTM firewalls.

Perhaps what makes this recent leak particularly troubling is that StormShield SNS devices are a favoured choice of France’s government and defence agencies, as well as many small to medium businesses based throughout Europe.

For added security, StormShield plans significantly altering the certificate for code signing employed in upcoming updates and releases.

After it was informed of the recent attack, the French National Agency for the Security of Information Systems released an advisory of its own, stating that approvals and qualifications for SNS products would be placed under observation.