Security News > 2021 > May > Rapid7 Source Code Breached in Codecov Supply-Chain Attack
Cybersecurity company Rapid7 on Thursday revealed that unidentified actors improperly managed to get hold of a small portion of its source code repositories in the aftermath of the software supply chain compromise targeting Codecov earlier this year.
"A small subset of our source code repositories for internal tooling for our service was accessed by an unauthorized party outside of Rapid7," the Boston-based firm said in a disclosure.
On April 15, software auditing startup Codecov alerted customers that its Bash Uploader utility had been infected with a backdoor as early as January 31 by unknown parties to gain access to authentication tokens for various internal software accounts used by developers.
"The actor gained access because of an error in Codecov's Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script," the company noted, adding the adversary carried out "Periodic, unauthorized alterations" to the code that enabled them to exfiltrate information stored in its users' continuous integration environments to a third-party server.
Rapid7 reiterated there's no evidence that other corporate systems or production environments were accessed, or that any malicious changes were made to those repositories.
Codecov customers who have used the Bash Uploaders between January 31, 2021 and April 1, 2021 are recommended to re-roll all of their credentials, tokens, or keys located in the environment variables in their CI processes.
News URL
Related news
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)