U.S. federal investigators are investigating an intrusion into the Software auditing firm based at San Francisco Codecov which affected an unspecified portion of its 29,000 customers. Codecov stated in a statement it was looking into security breaches that could knock-on effects to other businesses.
Codecov declared in an announcement that hackers had begun to modify the software used by technology to check the code for weaknesses and errors at the time of January. 31. The intrusion was discovered at the beginning of the month after a smart user noticed that something was off in the software, Codecov said.
What the implications are of this incident are unclear. incident has drawn parallels to the recent hacking attack on Texas Software company SolarWinds (SWI.N) by believed Russian hackers, but not just because the breach could have negative consequences for many of the companies that employ Codecov and due to the duration when the software that was compromised was being used.
The company boasts on their website the presence of 29,000 clients, including the consumer goods firm Procter & Gamble Co, (PG.N) web hosting company GoDaddy Inc, (GDDY.N) The Washington Post, and Australian software company Atlassian Corporation PLC. (TEAM.O)
P&G, GoDaddy, and The Post did not immediately respond to requests for a response. Atlassian claimed they knew about the incident and were conducting an investigation.
“At this moment, we have not found any evidence that we have been impacted nor have identified signs of a compromise,” Atlassian stated in an email.
Codecov is used by “big enterprises, small companies and open source tools alike,” said Dor Atias, co-founder of the Israeli security company for Source codes Cycode.
A key reason to subvert Codecov will be “you can get a lot of data from a lot of big companies,” he said. “It’s an enormous deal. “
Codecov declared the existence of a national investigation into the issue, but the company declined to provide additional details regarding the statement.
Federal Bureau of Investigation and Department of Homeland Security’s cybersecurity division didn’t respond to a request asking for clarity on the matter last Friday.
US investigators probing breach at code testing company Codecov
Codecov, which provides tools to assess how much of an application’s code is subject to unit tests, reported that a script used to upload data to its servers was modified to export credentials to an attacker’s server. The company said it had “not been able to determine conclusively who carried out the event.”
Advice to users
Codecov users are advised to change all access codes used by their software and replace Codecov bash files with the latest versions, where the malicious code is removed. Codecov itself has, of course, also taken the necessary steps to ensure that the consequences of the hack are reversed as far as possible and that a similar incident cannot happen again in the future.
Possibly similar to SolarWinds attack
The hack may have similar consequences to the hack on SolarWinds. There, attackers managed to add a backdoor to SolarWinds’ software, which gave them access to all computers where the software was installed. Codecov’s hackers managed to gain similar access rights and were able to make unnoticed changes for months.
Investigations
The American government has now also become involved in the case, as Reuters is able to confirm. However, details of the investigation are not known. Atlassian also says that it has started an investigation into the situation but states that it has not yet found any signs of attacks. Reuters also contacted P&G, GoDaddy and The Post but received no immediate response.
