Codecov hackers infiltrate hundreds of customer networks

By published

The Codecov breach is turning out to be SolarWinds-style supply chain attack

cybercriminal
(Image credit: Pixabay)
Audio player loading…

The FBI has discovered the Codecov breach (opens in new tab) reported earlier this week has led to the compromise of hundreds of restricted networks belonging to the company’s clients.

Earlier, the San Francisco-based firm announced that an unscrupulous user had broken through its digital defenses (opens in new tab) and modified its Bash Uploader script. In a statement, Codecov warned that customers that had executed the booby-trapped script ran the risk of losing their credentials, tokens, or keys stored in their continuous integration (CI) environments.

It now appears it’s worst fears have come true. Investigators from the FBI's San Francisco office told Reuters that the hackers used an automated mechanism to copy the credentials of Codecov’s customers.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

Supply chain attack

While Codecov said it had taken steps to address the breach, news of the incident triggered fears of a SolarWinds-scale supply chain attack, primarily because of the length of time the tampered script remained in use and given the size of Codecov’s customer base.

An anonymous investigator told Reuters that, in typical supply chain attack fashion, the hackers put extra effort into using Codecov to infiltrate other “makers of software development programs” as well as companies that themselves provide many customers with technology services.

One of the companies the investigator highlighted was IBM. While an IBM spokeswoman told Reuters that it was investigating the incident, the software giant had “thus far found no modifications of code involving clients or IBM". Notably, however, she did not address whether access credentials to the company's systems had been pilfered.

Meanwhile, it isn’t clear whether the investigators, in light of the new development, will now expand their investigation beyond Codecov.

Via Reuters (opens in new tab)

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
See more Computing news