Security News > 2021 > April > Codecov starts notifying customers affected by supply-chain attack
As of a few hours ago, Codecov has started notifying the maintainers of software repositories affected by the recent supply-chain attack.
Codecov has now disclosed multiple IP addresses as IOCs that were used by the threat actors to collect sensitive information from the affected customers.
Codecov alerts customers affected by supply-chain attack.
Codecov Bash Uploader scripts are used by thousands of Codecov customers in their software projects.
"We also have evidence on how these compromised variables may have been used. Please log-in to Codecov as soon as possible to see if you are in this affected population," said Codecov in their updated security incident advisory.
Codecov supply-chain attack has drawn comparisons to the SolarWinds breach, due to attackers targeting a developer/IT automation tool to simultaneously impact thousands of customers.
News URL
Related news
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)