Codecov makes software auditing tools that allow developers to see how thoroughly their code is being tested, a process that can give the tool access to stored credentials for various internal software accounts.
Hackers who tampered with a software development tool from Codecov used that program to gain restricted access to hundreds of networks belonging to the San Francisco firm’s customers, investigators told Reuters.
“The attackers used automation to rapidly copy those credentials and raid additional resources”, the investigators said.
“The attackers responsible for the hack managed to exploit not only Codecov software but also potentially used the organization as a springboard to compromise a huge number of customer networks”.
It is possible that the supply chain attack, made possible by compromising a resource used by other organizations, may have resulted in the theft of credentials, tokens, and keys running through client CIs, as well as “services, datastores, and application code that could be accessed with these credentials,” according to Codecov.
Speaking on condition of anonymity to the news agency, one of the investigators said attackers used automation to collect credentials as well as “raid additional resources,” which may have included data hosted on the networks of other software development program vendors, including IBM.
IBM and other companies said that their code had not been altered, but did not address whether access credentials to their systems had been taken.
An IBM spokeswoman said, “We are investigating the reported Codecov incident and have thus far found no modifications of code involving clients or IBM”.
As dozens of possible victims were notified, the FBI’s San Francisco office is investigating the compromises.
Security experts involved in the case said the scale of the attack and the skills needed to be compared to last year’s SolarWinds attack.
The compromise of that company’s widely used network management program led hackers inside nine U.S. government agencies and about 100 private companies.
Experts say it is unclear who is behind the latest breach or if they are working for a national government, as was the case with SolarWinds.
Among Codecov’s 19,000 customers, including big tech services provider Hewlett Packard Enterprise (HPE.N), said they were still trying to determine if they or their customers had been damaged.
Hewlett Packard Enterprise spokesman Adam Bauer mentions, “HPE has a dedicated team of professionals investigating this matter, and customers should rest assured we will keep them informed of any impacts and necessary remedies as soon as we know more”.
In the case of Codecov users who had seen no evidence of hacking that was taking the breach seriously, a corporate cybersecurity official told Reuters.
He said his company was busy resetting its credentials and that his counterparts elsewhere were doing the same, as Codecov recommended.
Codecov’s website says its customers include consumer goods conglomerate Procter & Gamble Co, (PG.N) web hosting firm GoDaddy Inc, (GDDY.N) The Washington Post, and Australian software firm Atlassian Corporation PLC (TEAM.O). Atlassian said it had not yet seen any impact nor signs of a compromise.
Codecov said the issue has since been fixed and impacted customers were notified via email addresses on file on April 15. It is recommended that users roll their credentials if they have not already done so.
“Codecov maintains a variety of information security policies, procedures, practices, and controls,” commented Jerrod Engelberg, Codecov CEO.
“We continually monitor our network and systems for unusual activity, but Codecov, like any other company, is not immune to this type of event.”
Also Read
CISA Releases CHIRP Tool that Allows to Detect SolarWinds Malicious Activity
Centreon Says that Russian Hackers Hit Older Versions of the Software
