"Hundreds of Networks Reportedly Hacked In Codecov Supply-Chain Attack"

Additional details have been shared about the recent Codecov system breach, which is now being compared to the SolarWinds hack. Codecov is a San Francisco-based company that offers code coverage and software testing tools. The scope of this system breach extends beyond Codecov's systems, as hundreds of customer networks have been breached in the incident. The supply chain attack faced by Codecov went undetected for more than two months. The threat actors obtained Codecov's credentials from the company's flawed Docker image, which they then used to alter the Codecov's Bash Uploader script used by clients. They replaced Codecov's IP address with their own in the Bash Uploader script to silently collect credentials, tokens, API keys, and anything else that has been stored as environment variables in the customers' continuous integration (CI) environments. Codecov has over 29,000 customers, including Atlassian, GoDaddy, Washington Post, Procter & Gamble (P & G), and other prominent names, thus making this a significant supply chain incident. Federal investigators found that the Codecov attackers deployed automation to use the collected customer credentials to infiltrate hundreds of client networks. This article continues to discuss the investigation and impact of the breach at the code testing company Codecov.

Bleeping Computer reports "Hundreds of Networks Reportedly Hacked In Codecov Supply-Chain Attack"