[BreachExchange] Rapid7 Source Code Accessed in Supply Chain Attack

[Destry Winant]

https://www.darkreading.com/operations/rapid7-source-code-accessed-in-supply-chain-attack/d/d-id/1341022?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

An investigation of the Codecov attack revealed intruders accessed Rapid7
source code repositories containing internal credentials and alert-related
data.
Security firm Rapid7 has confirmed attackers have accessed a subset of its
source code, which contained internal credentials and alert-related data,
following an investigation launched after the Codecov supply chain attack.

Codecov, which provides tools to verify how well software tests cover code
in development, announced the attack on April 15. Attackers had modified
its Bash Uploader Script to export sensitive data, including credentials,
software tokens, and keys, Codecov said. It advised clients to create a
list of credentials that its software could access and consider them
compromised.

Rapid7 launched an incident response process. It notes its use of the Bash
Uploader script was limited; it had been deployed on a continuous
integration server used to test and build internal tooling for its managed
detection and response (MDR) service.

The investigation revealed unauthorized attackers accessed "a small subset"
of Rapid7 source code repositories for internal tooling for its MDR
service. Repositories contained some internal credentials, which the
company says have been rotated, as well as alert-related data for some of
its MDR customers. No other corporate systems or production environments
were accessed.

Affected clients have been notified.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210517/fed750a2/attachment.html>