Cybersecurity vendor Rapid7 disclosed it was among the many victims of the Codecov software program provide chain assault and warned that information for a subset of its clients had been accessed within the breach.
Codecov Provide-Chain Assault
On April 15, 2021, the software program firm Codecov, a supplier of code protection options, introduced a provide chain incident by which a malicious celebration gained entry to Codecov’s Bash Uploader script and modified it, enabling the attacker to export information saved in atmosphere variables on Codecov clients’ steady integration (CI) techniques to an attacker-controlled server.
The malicious code would permit the attacker to intercept uploads and scan and gather any delicate data, together with credentials, tokens, or keys. A whole bunch of purchasers had been doubtlessly impacted, and now, Rapid7 has confirmed that the corporate was one in every of them.
Rapid7 says, “Our use of Codecov’s Bash Uploader script was restricted: it was arrange on a single CI server used to check and construct some inside tooling for our Managed Detection and Response (MDR) service. We weren’t utilizing Codecov on any CI server used for product code.”
After the disclosure of the Codecov provide chain assault, the corporate launched an inside investigation to find out the potential influence on its infrastructure.
The specialists found that:
- A small subset of supply code repositories for inside tooling for our MDR service was accessed by an unauthorized celebration outdoors of Rapid7
- These repositories contained some inside credentials, which have all been rotated, and alert-related information for a subset of our MDR clients
- No different company techniques or manufacturing environments had been accessed, and no unauthorized adjustments to those repositories had been made
The repositories accessed by third-party contained inside credentials and alert-related information for a subset of its MDR (Managed Detection and Response) clients. In response to the breach, the corporate reset the impacted credentials.
Codecov has eliminated the unauthorized actor from its techniques and is organising monitoring and auditing instruments to try and forestall one other provide chain assault from occurring sooner or later.
Rapid7 have contacted the small subset of shoppers who could also be impacted by this incident to make sure they take acceptable steps to mitigate any potential threat.
“We are going to replace this discover if we study new data that adjustments the scope of the influence described right here. If you’re a buyer and have any questions or want additional data, please contact your Account Crew or electronic mail [email protected]”, concludes Rapid7.