Is JetBrains Behind the SolarWinds Hack? Unpacking the Investigation

According to reports from The New York Times, JetBrains – the company behind IntelliJ IDEA and Kotlin – is being investigated by U.S. security agencies for a possible connection to the recent SolarWinds cyber‑attack.

Hack recap

On December 13, U.S. Treasury and Commerce departments were breached, potentially affecting 18,000 users. Analyses by FireEye and Microsoft identified a supply‑chain attack involving SolarWinds Orion software, prompting the Cybersecurity and Infrastructure Security Agency (CISA) to issue an emergency directive ordering non‑military government systems to stop using the software.

Multiple media outlets, including Reuters and The Washington Post, reported that the attack may have originated from Russia’s SVR intelligence service, characterizing it as espionage. The Russian embassy in Washington denied any involvement, stating that such cyber activities contradict Russia’s diplomatic policies.

SolarWinds is known to be a JetBrains customer, using JetBrains TeamCity for continuous integration and deployment. U.S. investigators suspect that the SolarWinds breach stemmed from a vulnerability in TeamCity.

JetBrains CEO Maxim Shafirov recently issued a statement asserting that JetBrains had no participation in the attack, and that SolarWinds has not contacted the company for details. Shafirov argued that TeamCity does not have a serious security flaw and that the breach was likely caused by improper configuration rather than a specific vulnerability. He also noted that no government or security agency has reached out to JetBrains, and the company is willing to cooperate with any investigations.

Earlier reports also highlighted that JetBrains, a Czech software firm with Russian‑origin founders, supplies tools to SolarWinds, which may have contributed to the suspicion surrounding the company.