Register now for FREE and unlimited access to Reuters.com
SAN FRANCISCO, April 19 (Reuters) – Hackers who tampered with a software development tool from a company called Codecov used this program to gain restricted access to hundreds of networks owned by the company’s customers in San Francisco, investigators told Reuters.
Codecov creates software auditing tools that allow developers to see how well their own code is tested, a process that can give the tool access to stored credentials for various internal software accounts.
Attackers used automation to quickly copy those credentials and loot additional resources, investigators said, expanding the breach beyond Codecov’s initial disclosure on Thursday. Read more
Hackers have gone to additional efforts to use Codecov to break into other manufacturers of software development programs, as well as companies that themselves provide technology services to many customers, including IBM, one said. investigators on condition of anonymity.
The person said both methods would allow hackers to potentially obtain credentials for thousands of other restricted systems.
IBM and other companies said their code had not been changed, but did not indicate whether credentials to access their systems had been taken.
“We are investigating the reported Codecov incident and have so far found no code changes involving customers or IBM,” said an IBM spokesperson.
The FBI office in San Francisco is investigating the compromises and dozens of probable victims were notified on Monday. Private security companies were already starting to respond to help several clients, employees said.
Codecov did not respond to Reuters’ request for comment on Monday.
Security experts involved in the case have stated the scale of the attack and the skills needed in relation to last year’s SolarWinds attack. The compromise of this company’s widely used networking program led hackers inside nine US government agencies and over 100 private companies.
It is not known who is behind the latest violation or if they work for a national government, as was the case with SolarWinds. Read more
Others of Codecov’s 19,000 customers, including large technology services provider Hewlett Packard Enterprise (HPE.N), said they were still trying to determine whether they or their customers had been injured.
“HPE has a dedicated team of professionals investigating this matter, and customers should be assured that we will keep them informed of any impact and needed remedies as soon as we know more,” said the HPE spokesperson. , Adam Bauer.
Even Codecov users who had seen no evidence of the hack were taking the breach seriously, a cybersecurity official told Reuters. He said his company was busy resetting his credentials and his counterparts elsewhere were doing the same, as recommended by Codecov.
Codecov said earlier that hackers started tampering with its software on January 31. This was only detected earlier this month when a customer raised concerns.
Codecov’s website says its customers include consumer goods conglomerate Procter & Gamble Co, (PG.N) web hosting company GoDaddy Inc, (GDDY.N) The Washington Post and Australian software company Atlassian PLC Corporation (TEAM.O). Atlassian said he has yet to see any impact or sign of compromise.
The Department of Homeland Security’s cybersecurity arm and the FBI declined to comment.
Reporting by Joseph Menn, Raphael Satter and Christopher Bing; Editing by Sam Holmes
Our standards: Thomson Reuters Trust Principles.