Codecov breach prompts fears of another SolarWinds-style hack

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)


A hack impacting software testing firm Codecov is expected to have resulted in hundreds of networks being compromised, prompting fears of a fallout similar to the recent SolarWinds attack.

Codecov has over 29,000 customers including companies such as IBM, Proctor & Gamble, Hewlett Packard Enterprise, Atlassian, Washington Post, and GoDaddy. The potential scale of the attack has led to a federal investigation.

“We are aware of the claims and we are investigating them,” a spokesperson for Atlassian said. “At this moment, we have not found any evidence that we have been impacted nor have identified signs of a compromise.”

According to Reuters’ sources, the hackers “put extra effort” into using Codecov’s tools to compromise makers of other software development programs. If they were successful, we may still be finding out the full extent of the attack months – if not years – down the line.

“We are investigating the reported Codecov incident and have thus far found no modifications of code involving clients or IBM,” an IBM spokesperson said.

The San Francisco office of the FBI is leading the investigation and notified dozens of suspected victims on Monday.

Codecov said the attackers exploited a flaw in a Docker image creation process to make “periodic, unauthorized” changes to the company’s Bash Uploader script. This tampering enabled the hackers to export customer data to an external server.

The perpetrators of the attack are not yet known. In the case of the SolarWinds attack, the hackers were determined to be part of the Russian state-linked group APT29, aka Cozy Bear.

In February 2021, Microsoft President Brad Smith called the SolarWinds attack “the largest and most sophisticated attack the world has ever seen.”

Codecov’s breach is unlikely to be as sizeable as the SolarWinds hack, but it could be some time before we get an idea of the full picture. Large companies are involved; each with tens of thousands of customers in some cases.

One thing is for sure, the situation once again shows the need to have absolute confidence in all external tools being used for software development.

(Photo by krakenimages on Unsplash)

Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.

Tags: , , , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *