Cybersecurity company Trellix has confirmed that it suffered a breach that enabled unauthorised access to a portion of its source code, while saying there is no evidence so far that its source code release or distribution process was affected or that the code was exploited.
The company said it recently identified the compromise of its source code repository and began working with leading forensic experts to resolve the matter immediately. Trellix also said it had notified law enforcement about the incident.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Unauthorised Access to Source Code Repository
Trellix did not disclose the exact nature of the data that may have been accessed by the attackers. The company also did not share details about who may have been behind the incident or how long the attackers had access to its systems.
The company said additional information would be shared as appropriate once its investigation is complete. The matter remains under review, and the available information indicates that the breach involved unauthorised repository access rather than any confirmed exploitation of the code.
Company Says No Evidence of Exploitation
Trellix said its investigation to date had found no evidence that the source code release or distribution process was affected, or that the source code had been exploited.
The company’s statement suggests that while unauthorised access was detected, Trellix has not found indications that the compromised repository access altered its code distribution pipeline or led to abuse of the source code. The full scope of the incident has not yet been disclosed.
Trellix Background and Ongoing Investigation
Trellix is owned by Symphony Technology Group and was founded in January 2022 after the merger of McAfee Enterprise and FireEye. Around the same time, Mandiant, which was owned by FireEye, was acquired by Google in a deal worth $5.4 billion.
