Hundreds of customer networks hacked in Codecov supply-chain attack

From bleepingcomputer.com

codecov bash uploader

More details have emerged on the recent Codecov system breach which is now being likened to the SolarWinds hack.

Sources state hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov’s systems.

As reported by BleepingComputer last week, Codecov had suffered a supply-chain attack that went undetected for over 2-months.

In this attack, threat actors had gained Codecov’s credentials from their flawed Docker image that the actors then used to alter Codecov’s Bash Uploader script, used by the company’s clients.

Read more…