20 April 2021

Reuters: Hundreds of customer networks breached in Codecov supply-chain attack


Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

It appears that the recent Codecove system breach is much more widespread than initially thought. As per Reuter’s report, hackers who modified Codecove’s Bash Uploader tool have used it to gain restricted access to hundreds of networks belonging to the company’s customers.

Last week, Codecov disclosed a security incident involving its Bash Uploader script, a tool that provides a framework and language-agnostic method for sending coverage reports to Codecov. The company said that an unauthorized party had gained access to Bash Uploader and modified it without permission. The attackers were able to gain access because of an error in Codecov’s Docker image creation process that allowed them to extract the credentials required to modify the Bash Uploader script. What’s more interesting, the hack went undetected for more than a month before it was discovered on April 1.

Citing unnamed sources familiar with the investigation, Reuters said the attackers deployed automation to use the collected customer credentials to get inside client’s networks, including other makers of software development programs, as well as companies that provide many customers with technology services, including IBM.

An IBM spokeswoman told Reuters that the company is “investigating the reported Codecov incident and have thus far found no modifications of code involving clients or IBM.”

Codecov has over 29,000 customers, including prominent names like GoDaddy, Atlassian, The Washington Post, Procter & Gamble (P&G), and Hewlett Packard Enterprise. The latter said that it was still trying to determine if the company or its customers were affected by the breach.


Back to the list

Latest Posts

One of the US’ largest pipelines halts operations after a ransomware attack

One of the US’ largest pipelines halts operations after a ransomware attack

The "DarkSide" criminal group is believed to be behind the ransomware attack.
10 May 2021
TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

The attacks were highly targeted and delivered to less than 10 victims around the world, including large diplomatic organizations in South-East Asia and Africa.
10 May 2021
A bio research institute got infected with Ryuk ransomware because of pirated software

A bio research institute got infected with Ryuk ransomware because of pirated software

The student who wouldn’t pay for licensed software unwittingly opened a door to the ransomware.
10 May 2021