Security News > 2020 > October > FBI: Hackers stole government source code via SonarQube instances
The Federal Bureau of Investigation issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via internet-exposed and insecure SonarQube instances.
Vulnerable SonarQube servers have been actively exploited by attackers since April 2020 to gain access to data source code repositories owned by both government and corporate entities, later exfiltrating it and leaking it publicly.
"Beginning in April 2020, the FBI observed source code leaks associated with insecure SonarQube instances from US government agencies and private US companies in the technology, finance, retail, food, eCommerce, and manufacturing sectors," the FBI says in the TLP:WHITE flash alert.
The threat actors start their attacks by first scanning for Internet-exposed SonarQube instances using the default port number the FBI explains.
In July 2020, an identified cyber actor exfiltrated proprietary source code from enterprises through poorly secured SonarQube instances and published the exfiltrated source code on a self-hosted public repository.