Hackers who manipulated a software development tool from a company called Codecov used that program to gain restricted access to hundreds of networks that belonged to San Francisco firm’s customers, researchers told Reuters.
Codecov manufactures software audit tools that allow developers to see the extent to which their own code is being tested, a process that can give the tool access to credentials stored for various internal software accounts.
The attackers used automation to quickly copy these credentials and attack additional resources, investigators said, extending the violation beyond Codecov’s initial disclosure on Thursday.
Hackers made an extra effort by using Codecov to join other software development software manufacturers, as well as companies that themselves provide many customers with technology services, including IBM, said one of the investigators on condition of anonymity.
The person said both methods would allow hackers to potentially obtain credentials for thousands of other restricted systems.
IBM and other companies said their code had not changed, but did not discuss whether access credentials had been taken from their systems.
“We are investigating the reported Codecov incident and so far we have not found any code changes involving customers or IBM,” an IBM spokeswoman said.
He FBIThe San Francisco office is investigating the compromises and dozens of likely victims were alerted Monday. Private security companies were already beginning to respond to help various customers, employees said.
Codecov did not respond to Reuters’ request for comment Monday.
The security experts involved in the case said the magnitude of the attack and the skills needed compared to last year’s SolarWinds attack. The commitment of this company’s widely used network management program led hackers to nine U.S. government agencies and about 100 private companies.
It is unclear who is behind the latest rape or whether it works for a national government, as was the case with SolarWinds.
Others among Codecov’s 19,000 customers, including major technology service provider Hewlett Packard Enterprise, said they were still trying to determine if they or their customers had been injured.
“HPE has a dedicated team of professionals investigating this matter and customers should be assured that we will keep them informed of any necessary impacts and remedies as soon as we know more,” HPE spokesman Adam Bauer said.
Even Codecov users who had not seen evidence of piracy were taking the breach seriously, a corporate cybersecurity official told Reuters. He said his company was busy resetting his credentials and that his counterparts elsewhere were doing the same, as Codecov recommended.
Codecov said earlier that hackers began manipulating their software on Jan. 31. It was only detected earlier this month when a customer raised concerns.
Codecov’s website says its clients include consumer goods conglomerate Procter & Gamble Co., web hosting firm GoDaddy Inc, The Washington Post and Australian software firm Atlassian Corporation PLC. Atlassian said he had not yet seen any impact or signs of commitment.
The Department of Homeland Security cybersecurity group and the FBI declined to comment.