20 April 2021

Reuters: Hundreds of customer networks breached in Codecov supply-chain attack


Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

It appears that the recent Codecove system breach is much more widespread than initially thought. As per Reuter’s report, hackers who modified Codecove’s Bash Uploader tool have used it to gain restricted access to hundreds of networks belonging to the company’s customers.

Last week, Codecov disclosed a security incident involving its Bash Uploader script, a tool that provides a framework and language-agnostic method for sending coverage reports to Codecov. The company said that an unauthorized party had gained access to Bash Uploader and modified it without permission. The attackers were able to gain access because of an error in Codecov’s Docker image creation process that allowed them to extract the credentials required to modify the Bash Uploader script. What’s more interesting, the hack went undetected for more than a month before it was discovered on April 1.

Citing unnamed sources familiar with the investigation, Reuters said the attackers deployed automation to use the collected customer credentials to get inside client’s networks, including other makers of software development programs, as well as companies that provide many customers with technology services, including IBM.

An IBM spokeswoman told Reuters that the company is “investigating the reported Codecov incident and have thus far found no modifications of code involving clients or IBM.”

Codecov has over 29,000 customers, including prominent names like GoDaddy, Atlassian, The Washington Post, Procter & Gamble (P&G), and Hewlett Packard Enterprise. The latter said that it was still trying to determine if the company or its customers were affected by the breach.


Back to the list

Latest Posts

Fujitsu discloses malware infection, warns of possible data leak

Fujitsu discloses malware infection, warns of possible data leak

The tech giant did not specify what kind of malware its systems have been infected with.
19 March 2024
ShadowSyndicate ransomware group targeting Aiohttp flaw

ShadowSyndicate ransomware group targeting Aiohttp flaw

Organizations are urged to update to Aiohttp v3.9.
18 March 2024
The International Monetary Fund discloses cyberattack affecting 11 email accounts

The International Monetary Fund discloses cyberattack affecting 11 email accounts

The organization did not share any additional details regarding the nature of the attack.
18 March 2024