it

Trellix source code breach claimed by RansomHouse hackers or RansomHouse hackers claim Trellix source code breach

Published: (May 8, 2026 at 09:23 AM EDT)
2 min read
Source: Bleeping Computer

Source: Bleeping Computer

Overview

The RansomHouse threat group has claimed responsibility for the recent attack on Trellix’s source‑code repository, leaking a small set of images as proof. The group posted screenshots on its data‑leak site that appear to show access to the cybersecurity company’s appliance management system, though BleepingComputer could not verify the authenticity of the material.

Trellix’s Response

  • Breach confirmation: Trellix announced the breach on May 1, stating that unauthorized access was detected in a portion of its source‑code repository.
  • Investigation: The company engaged forensic experts and notified law enforcement. It reported no evidence that the source‑code release or distribution process was compromised, nor that the code had been exploited.
  • Comments on claims: After RansomHouse’s public claim, Trellix told BleepingComputer it was “aware of claims of responsibility for the attack and are looking into it.”

“Trellix recently identified unauthorized access to a portion of our source code repository. Upon learning of this matter, we immediately began working with leading forensic experts to resolve it,” — Trellix statement.

The intrusion is reported to have occurred on April 17 and resulted in data encryption.

RansomHouse Background

RansomHouse emerged in 2022 as a data‑extortion operation, publishing victim lists on a dark‑web portal and leaking or selling stolen data. Over time, the group expanded its toolkit with advanced encryption utilities:

  • Mario: Performs a dual‑encryption pass with two keys on target files.
    (Details)
  • MrAgent: Automates deployment of encryptors on VMware ESXi hypervisors.
    (Details)

Notable RansomHouse Incidents

  • Askul Corporation: The Japanese e‑commerce giant suffered a breach in which RansomHouse stole 740,000 customer records and other sensitive data.
    (Source)


Trellix listed on the RansomHouse extortion portal
Source: BleepingComputer

Ongoing Investigation

Trellix’s investigation remains active, and the company has pledged to share additional details as they become available.

Official Trellix statement page

0 views
#Trellix #source code breach #RansomHouse #cybersecurity #ransomware #data leak #threat actors
View source
Share:
Back to Blog

Related posts

Read more »