Codecov, a popular automated code testing and auditing tool, was the target of an attack on its supply chain last week (4/15). According to the company, cybercriminals modified a Bash Uploader script, which resulted in the exposure of confidential customer and user information.
In a statement published on Thursday (04/15) the company told that noticed the presence of cybercriminals on his network on Thursday (04/01) and immediately started investigating the case and found that cybercriminals broke into the network at the end of January this year (01/31).
“Our investigation determined that, as of January 31, 2021, there were unauthorized periodic changes to our Bash Uploader script by third parties, which allowed them to export potentially information stored in our users’ continuous integration (CI) environments. This information was then sent to a third server, outside Codecov’s infrastructure “, writes the company.
Now, according to Reuters, which heard security experts involved in the case, it is possible that the attack came from the attack on the SolarWinds supply chain, from the end of 2020, due to the scale of the attack and the skill level, which compares with the attack on SolarWinds.
Cybercriminal operation
According to BleepingComputer, in this attack, cybercriminals gained access to Codecov credentials on the container platform, Docker, which was used to alter the Bash Uploader script, used by the company’s customers.
With access to the system, cybercriminals replaced Codecov’s IP with their IP, paving the way for steal sensitive data and information like Codecov customer credentials, in addition to tokens, API keys, and any other information stored as a variable customers’ continuous integration (CI) environments.
With the doors open, criminals have automated data extraction processes, accessing hundreds of customer networks, expanding the scope of the attack.
“Hackers try harder to use Codecov to contact other manufacturers of software development programs, as well as companies that provide technology services to many customers, including IBM“an anonymous federal investigator told Reuters.
Sources: Codecov; frog; Reuters; BleepingComputer.
See the original post at: https://thehack.com.br/software-de-teste-de-codigo-sofre-ataque-a-cadeia-de-suprimentos-fbi-acredita-em-relacao-com-solarwinds/?rand=48873
