New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Stormshield Announces Breach, Theft of Source Code

As originally reported by ZDNet, French cyber-security firm Stormshield announced that a threat actor gained access to one of its customer support portals. Stormshield provides security services and devices to the French government, and has resellers for its network security and endpoint security products throughout Europe, parts of Africa and Southeast Asia. In addition to stealing some client personal and technical support data, the threat actors also managed to steal source code for the Stormshield Network Security Firewall. Stormshield, working with the ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) has stated that they found no modifications of their source code. Additionally, they’ve replaced the digital certificates used to sign the SNS software updates.

Analyst Notes

Customers of Stormshield should be aware that Stormshield has issued password resets for all users as an additional preventative measure. Supply chain attacks are some of the most difficult to deal with, because software updates that are digitally signed by a trusted provider are usually assumed to be safe. The fact that Stormshield has proactively replaced their digital certificates suggests that they believe it is possible that the threat actors may have access to the keys used to sign software. Customers of Stormshield should take extra precautions to verify information about any updates and watch for announcements on the Stormshield customer portal, rather than just relying on email notifications. An attacker may use the stolen customer information to send a convincing phishing message by email, possibly even including details of a past technical support ticket, to convince customers to share sensitive information or install malware.

Read more in the article on ZDNet: