GoKawiilThe attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion.
Yesterday, the threat actor published on their data leak site screenshots indicating access to the cybersecurity company's appliance management system. However, BleepingComputer could not confirm the authenticity of the data.
Trellix is an international cybersecurity firm with global Fortune 100 customers. In 2025, the company had more than 53,000 customers in 185 countries and 3,500 employees.
The company confirmed the breach in a statement on May 1st and said that it was investigating the incident. "Trellix recently identified unauthorized access to a portion of our source code repository. Upon learning of this matter, we immediately began working with leading forensic experts to resolve it," stated Trellix.
"We have also notified law enforcement. Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited."
At the time, BleepingComputer’s request for details went unanswered, and the company did not disclose any information about the perpetrators.
Following a new request for comments after RansomHouse’s disclosure, Trellix told BleepingComputer that it was "aware of claims of responsibility for the attack and are looking into it."
According to the threat actor, the intrusion occurred on April 17 and resulted in data encryption.
Trellix listed on the RansomHouse extortion portal
Source: BleepingComputer
... continue reading