In a New York Times article released on January 6, 2021, JetBrains and their Continuous Integration / Continuous Deployment (CI/C) application Teamcity were confirmed to be used by recently hacked software company SolarWinds. JetBrains has officially denied any involvement or investigation from the government in this issue.
This begs the question, was a known vulneralbility used or could this be another 0 day possibly offered by the illusive Shadow Brokers? Taking a look at released CVEs for TeamCity, one gets the understanding that XSS and Remote Code Execution are very common threat vectors used when compromising TeamCity.
“JetBrains said on Wednesday that it had not been contacted by government officials and was not aware of any compromise. The exact software that investigators are examining is a JetBrains product called TeamCity, which allows developers to test and exchange software code before its release. By compromising TeamCity, or exploiting gaps in how customers use the tool, cybersecurity experts say the Russian hackers could have inconspicuously planted back doors in an untold number of JetBrain’s clients.”
Even though no contact had been made by government officials, a system like TeamCity, when implimented properly, is by nature involved 100% in the development and deployment of their software. Any vulnerability allowing for remote code to be executed would be suspect to investigation.