Security News > 2021 > April > Codecov starts notifying customers affected by supply-chain attack
As of a few hours ago, Codecov has started notifying the maintainers of software repositories affected by the recent supply-chain attack.
Codecov has now disclosed multiple IP addresses as IOCs that were used by the threat actors to collect sensitive information from the affected customers.
Codecov alerts customers affected by supply-chain attack.
Codecov Bash Uploader scripts are used by thousands of Codecov customers in their software projects.
"We also have evidence on how these compromised variables may have been used. Please log-in to Codecov as soon as possible to see if you are in this affected population," said Codecov in their updated security incident advisory.
Codecov supply-chain attack has drawn comparisons to the SolarWinds breach, due to attackers targeting a developer/IT automation tool to simultaneously impact thousands of customers.
News URL
Related news
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (source)
- JAVS courtroom recording software backdoored in supply chain attack (source)
- Suspected supply chain attack backdoors courtroom recording software (source)
- Supply Chain Attack against Courtroom Software (source)