French cyber-security firm Stormshield, a major provider of security services and network security devices to the French government disclosed a data breach in which a threat actor obtained access to one of its customer support portals and stole information on some of its clients.
The company also states that the cybercriminals managed to steal parts of the source code for the Stormshield Network Security (SNS) firewall, a product certified to be used in sensitive French government networks.
The company together with French cyber-security agency ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) is currently investigating the security incident.
Stormshield posted a message on their website stating that the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised.
This security incident is considered as a major security breach inside the French government. The ANSSI officials stated in a press release that they have put Stormshield SNS and SNI products “under observation” for the duration of the investigation.
Stormshield said that besides reviewing the SNS source code, they have also taken other steps to prevent any other kinds of attacks, in case the intruders had access to other parts of its infrastructure.
The company has also replaced the digital certificates which they used prior to the incident to sign SNS software updates.
The new updates have been made available to customers and partners so that their products can work with this new certificate.
The French security firm had also reset passwords for its tech support portal, which was breached by the attackers and the Stormshield Institute portal, used for customer training courses, that wasn’t breached. Th passwords were changed as a preventive measure.
Based upon the investigation, the company said that the attackers have also accessed personal and technical data for some of its customers.
They stated that all the support tickets and technical exchanges in the accounts concerned have been reviewed and the results have been communicated to the customers.
However, they did not specify the actual number of the customers that were affected by this breach.