Security News > 2021 > April > Codecov starts notifying customers affected by supply-chain attack
As of a few hours ago, Codecov has started notifying the maintainers of software repositories affected by the recent supply-chain attack.
Codecov has now disclosed multiple IP addresses as IOCs that were used by the threat actors to collect sensitive information from the affected customers.
Codecov alerts customers affected by supply-chain attack.
Codecov Bash Uploader scripts are used by thousands of Codecov customers in their software projects.
"We also have evidence on how these compromised variables may have been used. Please log-in to Codecov as soon as possible to see if you are in this affected population," said Codecov in their updated security incident advisory.
Codecov supply-chain attack has drawn comparisons to the SolarWinds breach, due to attackers targeting a developer/IT automation tool to simultaneously impact thousands of customers.
News URL
Related news
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)