Trellix disclosed an incident where an unauthorized party gained access to a portion of its source code repository, in a post on its corporate home page.
The California-based cybersecurity firm, which serves more than 50,000 business and government customers, has retained outside forensic experts and notified law enforcement about the attack.
An investigation found no evidence that source code has been released or of any impact on its distribution process. Trellix also confirmed there is no immediate indication of its source code being exploited.
A Trellix spokesperson confirmed the details of the incident but did not respond to a request for additional details.
Industry analysts warned that even without evidence of initial compromise, the incident highlights the potential near-term impacts on the software supply chain.
Access to the source code repository could offer valuable insight into a company’s detection logic, product architecture and engineering assumptions, Deepak Mishra, senior director analyst at Gartner, told Cybersecurity Dive.
“Such knowledge is typically leveraged over time to refine evasion techniques, rather than drive immediate disruption,” Mishra added. “Importantly, at this stage, the absence of observed exploitation should not be interpreted as absence of risk, given the lag between exposure and downstream attacker use.”
Trellix was formed in late 2021 in the merger of McAfee Enterprise and FireEye.
Trellix said it will share additional updates on the breach when the investigation is completed.
