Cybersecurity firm Trellix has confirmed that unauthorized individuals gained access to part of its source code repository. The incident is currently under investigation with the support of external digital forensics specialists.
The company, which was formed in 2021 through the merger of McAfee Enterprise and FireEye, serves tens of thousands of organizations and governments worldwide. Trellix claims its security solutions protect hundreds of millions of systems.
In a statement on its website, Trellix announced that it recently detected unauthorized access to part of its source code environment. Upon discovery, an investigation was launched immediately in collaboration with forensic experts, and the authorities were notified. Based on current findings, the company states it has no indication that processes related to the release or distribution of source code have been compromised, nor that the source code itself has been misused. Trellix also states that, once the investigation is complete, it will share additional information with the broader security community as appropriate.
Limited details on the data breach
It remains unclear exactly when the breach was discovered and whether, in addition to source code, other data was compromised, such as internal company information or customer data. Nor has it been confirmed whether the attackers demanded a ransom.
According to BleepingComputer, the report fits into a broader trend in which other security companies have also recently been targeted by cyberattacks. For example, Checkmarx announced that data from an internal GitHub environment was leaked by the hacker group LAPSUS$. Cisco also previously reported that attackers gained access to an internal development environment and obtained source code, partly due to compromised login credentials following an attack on the Trivy tool’s supply chain.
Additionally, in March, it was revealed that HackerOne employees fell victim to a data breach after an external service provider, Navia, was compromised.