Cybersecurity firm Rapid7 on Thursday revealed that unidentified actors improperly managed to pay money for a small portion of its supply code repositories within the aftermath of the software program provide chain compromise focusing on Codecov earlier this 12 months.
“A small subset of our supply code repositories for inside tooling for our [Managed Detection and Response] service was accessed by an unauthorized occasion outdoors of Rapid7,” the Boston-based agency said in a disclosure. “These repositories contained some inside credentials, which have all been rotated, and alert-related information for a subset of our MDR clients.”
On April 15, software program auditing startup Codecov alerted clients that its Bash Uploader utility had been contaminated with a backdoor as early as January 31 by unknown events to realize entry to authentication tokens for varied inside software program accounts utilized by builders. The incident did not come to mild till April 1.
“The actor gained entry due to an error in Codecov’s Docker picture creation course of that allowed the actor to extract the credential required to switch our Bash Uploader script,” the corporate noted, including the adversary carried out “periodic, unauthorized alterations” to the code that enabled them to exfiltrate data saved in its customers’ steady integration (CI) environments to a third-party server.
Rapid7 reiterated there is no proof that different company programs or manufacturing environments had been accessed, or that any malicious adjustments had been made to these repositories. The corporate additionally added its use of the Uploader script was restricted to a single CI server that was used to check and construct some inside instruments for its MDR service.
As a part of its incident response investigation, the safety agency mentioned it notified a choose variety of clients who might have been impacted by the breach. With this improvement, Rapid7 joins the likes of HashiCorp, Confluent, and Twilio who’ve publicly confirmed the safety occasion thus far.
Codecov clients who’ve used the Bash Uploaders between January 31, 2021 and April 1, 2021 are really useful to re-roll all of their credentials, tokens, or keys situated within the setting variables of their CI processes.