An investigation of the Codecov attack revealed intruders accessed Rapid7 source code repositories containing internal credentials and alert-related data.
Security firm Rapid7 has confirmed attackers have accessed a subset of its source code, which contained internal credentials and alert-related data, following an investigation launched after the Codecov supply chain attack.
Codecov, which provides tools to verify how well software tests cover code in development, announced the attack on April 15. Attackers had modified its Bash Uploader Script to export sensitive data, including credentials, software tokens, and keys, Codecov said. It advised clients to create a list of credentials that its software could access and consider them compromised.
Rapid7 launched an incident response process. It notes its use of the Bash Uploader script was limited; it had been deployed on a continuous integration server used to test and build internal tooling for its managed detection and response (MDR) service.
The investigation revealed unauthorized attackers accessed "a small subset" of Rapid7 source code repositories for internal tooling for its MDR service. Repositories contained some internal credentials, which the company says have been rotated, as well as alert-related data for some of its MDR customers. No other corporate systems or production environments were accessed.
Affected clients have been notified.
Read Rapid7's full blog post for more information.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024