Cyberattack on Codecov exposes Rapid7 solution source code

An emergency alert from enterprise security firm Rapid7 notes that its systems were affected during the recent cyberattack on Codecov’s supply chain, a tool for code test analysis. The company confirmed that a set of sensitive data from its customers was compromised due to the attack.

In its message, Rapid7 notes that a small subset of its source code repositories for internal MDR service tools were unauthorized access by actors outside the company.

Company security teams mention that the affected repositories contained internal credentials and alert-related information for a subset of their MDR clients. The access credentials to the affected resources have been reset since the incident in Codecov.

On the attack on Codecov’s supply chain, this incident occurred in mid-January and was reported by a user of this software who identified that an unauthorized user accessed the Bash Uploader script, modifying it without permission. This malicious action exposed data such as tokens, keys, and access credentials. Subsequently, firms such as Rapid7, Twilio and HashiCorp co-signed that this incident also impacted their operations.

Rapid7 executives mentioned that the use of Codecov’s Bash Uploader script is limited and is only configured on a CI server used to access sensitive information and build some intermediate tools for the proper functioning of its services.

Among the consequences of this attack Rapid7 researchers found:

  • An unauthorized actor outside Rapid7 accessed a small subset of source code repositories
  • These repositories contained some internal credentials
  • No other corporate systems or production environments were accessed, and no unauthorized changes were made to these repositories

Rapid7 ensures that it contacted affected customers to ensure they take appropriate steps to mitigate any risks associated with this incident. The huge blast radius of the Attack on Codecov’s supply chain remains a mystery although organizations say the investigation continues to advance, however, victims continue to mention that information leaks are a latent risk.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

Similar Posts