Cybersecurity firm Trellix says part of its supply code repository was lately breached, however shared little different details about the incident.
Trellix stated it has been working with forensic specialists to research the intrusion, and regulation enforcement has been notified.
“Primarily based on our investigation to this point, we have now discovered no proof that our supply code launch or distribution course of was affected, or that our supply code has been exploited,” Trellix stated in an announcement.
The security agency has promised to share extra particulars after it completes its probe.
Till then, the business is left to take a position on the precise window of intrusion, who was behind the assault, and which particular merchandise had their supply code uncovered.
The timing, nevertheless, suggests the breach could also be associated to a significant provide chain assault concentrating on varied open supply functions to realize entry to quite a few firms.
Linked to the profit-driven hacker teams TeamPCP and Lapsus$, this marketing campaign has impacted a number of cybersecurity corporations, together with Checkmarx, Aqua Safety, and Bitwarden.
The hackers exploited belief in software program improvement and security infrastructure, compromising CI/CD pipelines to distribute trojanized updates and malicious extensions, which enabled large-scale exfiltration of credentials and supply code from affected enterprise environments.
