Codecov hackers infiltrate hundreds of customer networks

The Codecov breach is turning out to be SolarWinds-style supply chain attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The FBI has discovered theCodecov breachreported earlier this week has led to the compromise of hundreds of restricted networks belonging to the company’s clients.

Earlier, the San Francisco-based firm announced that an unscrupulous user had broken through itsdigital defensesand modified its Bash Uploader script. In a statement, Codecov warned that customers that had executed the booby-trapped script ran the risk of losing their credentials, tokens, or keys stored in their continuous integration (CI) environments.

It now appears it’s worst fears have come true. Investigators from the FBI’s San Francisco office toldReutersthat the hackers used an automated mechanism to copy the credentials of Codecov’s customers.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

Supply chain attack

While Codecov said it had taken steps to address the breach, news of the incident triggered fears of a SolarWinds-scale supply chain attack, primarily because of the length of time the tampered script remained in use and given the size of Codecov’s customer base.

An anonymous investigator toldReutersthat, in typical supply chain attack fashion, the hackers put extra effort into using Codecov to infiltrate other “makers of software development programs” as well as companies that themselves provide many customers with technology services.

One of the companies the investigator highlighted was IBM. While an IBM spokeswoman toldReutersthat it was investigating the incident, the software giant had “thus far found no modifications of code involving clients or IBM". Notably, however, she did not address whether access credentials to the company’s systems had been pilfered.

Meanwhile, it isn’t clear whether the investigators, in light of the new development, will now expand their investigation beyond Codecov.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaReuters

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

One more AMD eGPU docking station goes on sale — but it doesn’t have USB 4.0, can’t accommodate an M.2 SSD and requires an OCuLink connector to feed the RX 7600M XT chip