WASHINGTON (Reuters) - The FBI is investigating whether the hackers behind a series of intrusions at U.S. federal agencies and companies also broke into project-management software created by the Czech-based company JetBrains in order to breach its customers, two people familiar with the investigation told Reuters on Wednesday.
Privately held JetBrains produces software called TeamCity that is used by tens of thousands of customers to construct other software. Among its customers is SolarWinds, JetBrains Chief Executive Maxim Shafirov said from St. Petersburg, Russia, where JetBrains has offices.
SolarWinds revealed last month that someone with access to its system for developing network-management software had inserted back doors into two updates of its flagship Orion products.
Dozens of SolarWinds customers, including at least a half-dozen U.S. agencies, were then exploited by the same hackers.
U.S. intelligence agencies said Tuesday that Russia was likely behind the damaging spree, though Russian officials denied it.
The FBI and cybersecurity officials at the Department of Homeland Security had no immediate comment.
Shafirov said his company had fielded questions from SolarWinds but that he had not heard anything about JetBrains software being the hackers’ route into SolarWinds or other customers.
“We are not aware of any investigation nor have we been contacted by any agencies,” a JetBrains spokesman said. “We are not aware of any vulnerabilities in the product or breaches that would allow for this, nor that any of our customers were affected.”
Vulnerabilities in TeamCity have been publicly reported and rated “critical” in the past, as is true with most big software.
Reporting by Joseph Menn, Jack Stubbs and Christopeher Bing; Editing by Leslie Adler and Lisa Shumaker
Our Standards: The Thomson Reuters Trust Principles.