Security News > 2021 > April > Codecov starts notifying customers affected by supply-chain attack
As of a few hours ago, Codecov has started notifying the maintainers of software repositories affected by the recent supply-chain attack.
Codecov has now disclosed multiple IP addresses as IOCs that were used by the threat actors to collect sensitive information from the affected customers.
Codecov alerts customers affected by supply-chain attack.
Codecov Bash Uploader scripts are used by thousands of Codecov customers in their software projects.
"We also have evidence on how these compromised variables may have been used. Please log-in to Codecov as soon as possible to see if you are in this affected population," said Codecov in their updated security incident advisory.
Codecov supply-chain attack has drawn comparisons to the SolarWinds breach, due to attackers targeting a developer/IT automation tool to simultaneously impact thousands of customers.
News URL
Related news
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)