News

Rapid7 source code leaked due to Codecov hack

Rapid7 representatives reported about a leaked source code: attackers gained access to the company’s infrastructure after a recent hack of Codecov, an online software testing platform.

Previously, a compromise due to this attack on the supply chain was also reported by software developers from Hashicorp, cloud provider Confluent and voice call service Twilio.

Let me remind you that in January of this year, unknown attackers managed to compromise Codecov and added a credential collector to one of the tools. The compromise affected the Bash Uploader product, which allows Codecov customers to submit code coverage reports for analysis. At the same time, the hack was discovered only on April 1, 2021.

The hacker gained access to the Bash Uploader script on January 31 and gradually made changes to it, adding malicious code that intercepted downloads, detected and collected any sensitive information, including credentials, tokens and keys. The entry point for the attacker was an error made by the developers during the creation of the Docker Codecov image, which allowed the attacker to extract the credentials needed to make changes to the Bash Uploader.

Rapid7 said this week that the company used just one instance of the Codecov Bash Uploader, which was used “on a single CI server to test and build a number of internal tools for the Managed Detection and Response service.” However, one server was enough for the attackers.

An unauthorized party has gained access to a small subset of our source code repositories for internal MDR tools. These repositories contained internal credentials that had already been updated, as well as alert-related data for a number of our customers using MDR.the company said.

Although the attackers are known to have accessed the company’s source code, they reportedly did not modify the source code or interfere with other corporate systems and production environments.

It looks like Rapid7 was hit harder by the Codecov hack than any other company. So, earlier it was reported that Hashicorp had to change the private GPG key; In the case of Confluent, hackers gained access to a read-only GitHub account; and Twilio stated that the attackers did not gain access to confidential data at all.

However, even last month, cybersecurity experts warned that a hack from Codecov could affect hundreds or even thousands of companies, but detecting and investigating these intrusions could take weeks or months.

Let me remind you that we also wrote that North Korean hackers attack cybersecurity experts on social network.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button