Security News > 2021 > May > Rapid7 source code, credentials accessed in Codecov supply-chain attack
US cybersecurity firm Rapid7 has disclosed that some source code repositories were accessed in a security incident linked to the supply-chain attack that recently impacted customers of the popular Codecov code coverage tool.
Only internal credentials and tooling source code accessed.
The cybersecurity firm added that the Codecov tools compromised in last month's supply-chain attack were not used to work with production code.
A few days later, federal investigators reportedly discovered that the threat actors behind the Codecov hack automated the process of testing the stolen credentials, managing to breach the networks of hundreds of Codecov clients.
Two weeks after disclosing the breach discovered on April 1st, Codecov began notifying customers affected by the supply-chain attack, informing them that the unknown attackers might have downloaded their source code repositories.
As first reported by BleepingComputer, Codecov customer and open-source software maker HashiCorp disclosed that the code-signing GPG private key used for signing and verifying software releases was exposed in the attack.
News URL
Related news
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)