Due Diligence Report: JetBrains

Active Targeting by Russian Foreign Intelligence Service (SVR) (critical) U.S. law enforcement and cybersecurity agencies accused Russian Foreign Intelligence Service (SVR) cyber-actors of targeting vulnerable JetBrains servers in a bid to access source code for potential SolarWinds-style supply chain operations. This warning was issued in a statement on December 13, 2023.. Critical Authentication Bypass Vulnerability in TeamCity (CVE-2024-27198) (critical) A critical vulnerability (CVE-2024-27198) was discovered in the TeamCity On-Premises CI/CD solution that could allow a remote unauthenticated attacker to take control of the server with administrative permissions. JetBrains urged customers to patch immediately.. IntelliJ IDE Bug Exposing GitHub Access Tokens (critical) JetBrains warned customers to patch a critical vulnerability impacting users of its IntelliJ integrated development environment (IDE) apps, which exposes GitHub access tokens.. Historical Implication in SolarWinds Supply Chain Attack (high) In January 2021, The New York Times stated that unknown parties might have embedded malware in JetBrains' TeamCity CI/CD software that led to the SolarWinds hack. The CEO of SolarWinds also 'asked about the possibility' of JetBrains tools being the pathway. JetBrains publicly denied involvement, attributing potential issues to misconfiguration.. Liquidation of Russian Legal Entity (medium) JetBrains suspended sales and R&D activities in Russia indefinitely following the 2022 invasion of Ukraine. The company's Russian legal entity was formally liquidated on February 21, 2023.. Recent CEO Transition (medium) Maxim Shafirov stepped down as CEO after 11.5 years, replaced by Kirill Skrygan (who previously led the IntelliJ Department), effective February 1, 2024. While presented as a positive transition, a recent change in top leadership (especially during a 'transformative time' involving AI) introduces execution risk.. Patent Infringement Lawsuit (Caddo Systems) (medium) JetBrains Americas, Inc. was named as a defendant in a patent infringement lawsuit (Caddo Systems, Inc. et al v. Jetbrains Americas, Inc.) filed in the Delaware District Court (Case 1:22-cv-01033). The case was filed on August 4, 2022, and was closed on May 7, 2025, with a recommendation to grant summary judgment in favor of JetBrains Americas Inc. on February 25, 2025.