Trellix source code breach claimed by RansomHouse hackers
Source: Bleeping Computer
Overview
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion.
Yesterday, the threat actor published screenshots on their data‑leak site indicating access to the cybersecurity company’s appliance management system. BleepingComputer could not confirm the authenticity of the data.
Breach details
- Date of intrusion: April 17, 2026
- Impact: Data encryption and unauthorized access to a portion of Trellix’s source code repository.
- Evidence: A limited set of images released by RansomHouse.
Company response
Trellix confirmed the breach in a statement on May 1, 2026 and said it was investigating the incident:
“Trellix recently identified unauthorized access to a portion of our source code repository. Upon learning of this matter, we immediately began working with leading forensic experts to resolve it,” the company said in a statement posted on its website.
“We have also notified law enforcement. Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited.”
After RansomHouse’s public claim, Trellix told BleepingComputer that it was “aware of claims of responsibility for the attack and are looking into it.” The investigation remains ongoing, and the company has pledged to share more details when available.
RansomHouse extortion portal
Trellix listed on the RansomHouse extortion portal
Source: BleepingComputer
RansomHouse is a cybercrime group that launched in 2022 as a data‑extortion operation, listing victims on a dark‑web portal and leaking or selling stolen data.
RansomHouse tools and activities
-
Mario – a dual‑encryption utility that applies two keys to target files.
Read more about Mario -
MrAgent – automates the deployment of encryptors on VMware ESXi hypervisors.
Read more about MrAgent
Recent high‑profile case
RansomHouse previously targeted Japanese e‑commerce giant Askul Corporation, stealing 740,000 customer records and other sensitive information.
Details on the Askul attack
Ongoing investigation
Trellix’s investigation is still underway. The company has indicated that it will share more details as they become available.
Reference: Trellix statement page