20 April 2021

Reuters: Hundreds of customer networks breached in Codecov supply-chain attack


Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

It appears that the recent Codecove system breach is much more widespread than initially thought. As per Reuter’s report, hackers who modified Codecove’s Bash Uploader tool have used it to gain restricted access to hundreds of networks belonging to the company’s customers.

Last week, Codecov disclosed a security incident involving its Bash Uploader script, a tool that provides a framework and language-agnostic method for sending coverage reports to Codecov. The company said that an unauthorized party had gained access to Bash Uploader and modified it without permission. The attackers were able to gain access because of an error in Codecov’s Docker image creation process that allowed them to extract the credentials required to modify the Bash Uploader script. What’s more interesting, the hack went undetected for more than a month before it was discovered on April 1.

Citing unnamed sources familiar with the investigation, Reuters said the attackers deployed automation to use the collected customer credentials to get inside client’s networks, including other makers of software development programs, as well as companies that provide many customers with technology services, including IBM.

An IBM spokeswoman told Reuters that the company is “investigating the reported Codecov incident and have thus far found no modifications of code involving clients or IBM.”

Codecov has over 29,000 customers, including prominent names like GoDaddy, Atlassian, The Washington Post, Procter & Gamble (P&G), and Hewlett Packard Enterprise. The latter said that it was still trying to determine if the company or its customers were affected by the breach.


Back to the list

Latest Posts

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024
Sophisticated malware campaign targeting end-of-life routers and IoT devices

Sophisticated malware campaign targeting end-of-life routers and IoT devices

A recent campaign targeted over 6,000 ASUS routers in less than 72 hours.
27 March 2024
Chinese APT groups target Southeast Asian nations in cyberespionage campaigns

Chinese APT groups target Southeast Asian nations in cyberespionage campaigns

The observed cyberattack employed phishing emails as the primary method of infiltration.
27 March 2024