Rapid7 representatives reported about a leaked source code: attackers gained access to the company’s infrastructure after a recent hack of Codecov, an online software testing platform.
Previously, a compromise due to this attack on the supply chain was also reported by software developers from Hashicorp, cloud provider Confluent and voice call service Twilio.Let me remind you that in January of this year, unknown attackers managed to compromise Codecov and added a credential collector to one of the tools. The compromise affected the Bash Uploader product, which allows Codecov customers to submit code coverage reports for analysis. At the same time, the hack was discovered only on April 1, 2021.
The hacker gained access to the Bash Uploader script on January 31 and gradually made changes to it, adding malicious code that intercepted downloads, detected and collected any sensitive information, including credentials, tokens and keys. The entry point for the attacker was an error made by the developers during the creation of the Docker Codecov image, which allowed the attacker to extract the credentials needed to make changes to the Bash Uploader.
Rapid7 said this week that the company used just one instance of the Codecov Bash Uploader, which was used “on a single CI server to test and build a number of internal tools for the Managed Detection and Response service.” However, one server was enough for the attackers.
Although the attackers are known to have accessed the company’s source code, they reportedly did not modify the source code or interfere with other corporate systems and production environments.
It looks like Rapid7 was hit harder by the Codecov hack than any other company. So, earlier it was reported that Hashicorp had to change the private GPG key; In the case of Confluent, hackers gained access to a read-only GitHub account; and Twilio stated that the attackers did not gain access to confidential data at all.
However, even last month, cybersecurity experts warned that a hack from Codecov could affect hundreds or even thousands of companies, but detecting and investigating these intrusions could take weeks or months.
Let me remind you that we also wrote that North Korean hackers attack cybersecurity experts on social network.
User Review
( votes)
