US federal authorities are investigating a security breach suffered by software auditing company Codecov.
According to a statement put out by the San Francisco-based firm, an unscrupulous user broke through its digital defenses and modified its Bash Uploader script.
While Codecov has emailed all affected users, the nature of the changes to the script potentially puts thousands of customers at risk.
- Protect your devices with these best antivirus software
- These are some of the best endpoint protection software
- We’ve also rounded up the best ransomware protection tools
Analysis of the breach suggests the threat actor took advantage of a shortcoming in Codecov’s Docker image creation process, which allowed them to extract the credentials necessary to modify the Bash Uploader script.
Another SolarWinds?
Worryingly, it has emerged that the script was tampered with several times and the earliest unauthorized modification dates back to January 31, 2021.
As per reports, the intrusion was only detected several months later on April 1, thanks to a customer who noticed that there was something amiss.
In its statement, Codecov warns that any customers that have executed the tampered Bash Uploader script run the risk of losing their credentials, tokens, or keys stored in their continuous integration (CI) environments.
While Codecov has taken a number of steps to address the breach, the attack has triggered fears of a SolarWinds-scale supply chain attack, primarily because of the length of time the tampered script remained in use and given the size of Codecov’s customer base.
Codecov has announced that a federal investigation into the incident is in progress.
- Here's our choice of the best malware removal software on the market
Via Reuters
