Trellix discloses data breach after supply code repository hack

Cybersecurity agency Trellix disclosed a data breach after attackers gained entry to “a portion” of its supply code repository.

Trellix is a worldwide cybersecurity firm shaped from the October 2021 merger of McAfee Enterprise and FireEye. It offers providers to over 50,000 enterprise and authorities prospects worldwide, defending greater than 200 million endpoints.

In response to an official assertion up to date on Monday, the corporate is now investigating the incident with the assistance of out of doors forensic consultants.

For the time being, Trellix mentioned it has but to seek out proof that the risk actors have exploited or altered the supply code they accessed.

“Trellix just lately recognized unauthorized entry to a portion of our supply code repository. Upon studying of this matter, we instantly started working with main forensic consultants to resolve it,” Trellix says.

“We have now additionally notified regulation enforcement. Based mostly on our investigation thus far, we’ve got discovered no proof that our supply code launch or distribution course of was affected, or that our supply code has been exploited.”

A Trellix spokesperson shared the identical assertion when BleepingComputer requested for extra particulars concerning the breach, together with when it was detected, whether or not the attackers had additionally stolen company or buyer information, and whether or not they had despatched a ransom demand.

Whereas Trellix has but to answer to a subsequent e-mail requesting extra info concerning this security incident, the corporate says in its official assertion that it intends “to share additional particulars as applicable” after the investigation ends.

Trellix is not the primary cybersecurity firm whose programs had been breached for the reason that begin of the 12 months.

Utility security firm Checkmarx confirmed final week that the LAPSUS$ hacking group leaked information stolen from its non-public GitHub repository, whereas Cisco revealed final month that hackers breached its inner improvement setting and stole supply code utilizing credentials compromised within the current Trivy provide chain assault.

Bug bounty platform HackerOne additionally notified tons of of staff in March that their private info had been stolen by attackers who hacked Navia, considered one of its U.S. advantages directors.