Image: Stormshield, ZDNet, Bophomet Zhang
French cyber-security firm Stormshield, a major provider of security services and network security devices to the French government, said today that a threat actor gained access to one of its customer support portals and stole information on some of its clients.
The company is also reporting that attackers managed to steal parts of the source code for the Stormshield Network Security (SNS) firewall, a product certified to be used in sensitive French government networks, as part of the intrusion.
The company said it’s investigating the incident with French cyber-security agency ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), which is currently assessing the breach’s impact on government systems.
“As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised,” Stormshield said in a message posted earlier today on its website.
The Stormshield incident is currently being treated as a major security breach inside the French government. In its own press release, ANSSI officials said they’ve put Stormshield SNS and SNI products “under observation” for the duration of the investigation.
But in addition to reviewing the SNS source code, Stormshield said it also took other steps to prevent other forms of attacks, in case the intruders had access to other parts of its infrastructure.
The French company said it also replaced the digital certificates that they used prior to the incident to sign SNS software updates.
“New updates have been made available to customers and partners so that their products can work with this new certificate,” the company said.
Intruders also accessed some customer data
Furthermore, the French security firm said it also reset passwords for its tech support portal, which the attackers breached, and the Stormshield Institute portal, used for customer training courses, which wasn’t breached, but the company decided to reset passwords as a preventive measure.
Based on the results of its current investigation, Stormshield said the intruders appeared to have also accessed personal and technical data for some of its customers.
“All the support tickets and technical exchanges in the accounts concerned have been reviewed and the results have been communicated to the customers,” Stormshield said.
A Stormshield spokesperson told ZDNet that about 2% of accounts were affected in the security breach, which is “around 200 accounts out of more than 10,000.”
Stormshield, which is a fully-owned subsidiary of Airbus CyberSecurity, could say if the attack was conducted by a nation-state group at this point in the investigation, the company told ZDNet.
Article updated at 13:15 ET with comment from Stormshield.