Rapid7 source code, credentials accessed in Codecov supply-chain attack

Who else might be impacted?…:

US cybersecurity firm Rapid7 has disclosed that some source code repositories were accessed in a security incident linked to the supply-chain attack that recently impacted customers of the popular Codecov code coverage tool.

Codecov, the company behind a popular code coverage solution used by over 29,000 enterprises, disclosed on April 15th that unknown attackers maliciously altered its Bash Uploader script.

The compromised tool allowed the threat actors to harvest sensitive information (e.g., credentials, tokens, or API keys) from customers’ continuous integration (CI) environments and send it to attacker-controlled servers for more than two months.

A few days later, federal investigators reportedly discovered that the threat actors behind the Codecov hack automated the process of testing the stolen credentials, managing to breach the networks of hundreds of Codecov clients.

Two weeks after disclosing the breach discovered on April 1st, Codecov began notifying customers affected by the supply-chain attack, informing them that the unknown attackers might have downloaded their source code repositories.


Original Article