(Reuters) – Hackers who manipulated a software development tool from a company called Codecov used that program to gain limited access to hundreds of networks belonging to the San Francisco company's customers, investigators told Reuters.
Codecov makes software review tools that allow developers to see how carefully their own code is being tested, a process that can give the tool access to stored references for various internal software accounts.
The attackers used automation to quickly copy these references and raid additional resources, investigators said, expanding the crime beyond Codecov's first revelation on Thursday.
The hackers invested extra in using Codecov to get into other software development software makers, as well as companies that themselves provide many customers with technology services, including IBM, one of the investigators said on condition of anonymity.
The person said that both methods would allow hackers to potentially get references for thousands of other limited systems.
IBM and other companies said that their code had not been changed, but did not mention whether access data to their system had been taken.
"We are investigating the reported Codecov incident and have so far not found any changes to the code involving customers or IBM," said an IBM spokeswoman.
The FBI office in San Francisco is investigating the compromises and dozens of potential victims were notified Private security companies have already begun responding to help more clients, employees said.
Codecov did not respond to Reuters' request for comment on Monday.
Security experts involved in the case said the scale of the attack and the skills needed compared to last year's SolarWinds attack.The compromise with the company's widely used network management program led hackers in nine US agencies and about 1
It is unclear who is behind the latest breach or if they work for a national government, as it were the case of SolarWinds.
Others among Codecov's 19,000 customers, including the large technical t service provider Hewlett Packard Enterprise said they were still trying to determine if they or their customers had been harmed.
"HPE has a dedicated team of professionals investigating this issue, and customers should be assured that we will keep them informed of any consequences and necessary action as soon as we know more," said HPE spokesman Adam Bauer.
Even Codecov users who did not see any evidence of hacking took the breach seriously, a corporate cybersecurity representative told Reuters, saying his company was busy restoring its data and that his counterparts elsewhere were doing the same, as Codecov recommended
Codecov previously said that hackers began manipulating their software on January 31. It was only discovered earlier this month when a customer
Codecov's website says that its customers include consumer goods conglomerate Procter & Gamble Co., web host GoDaddy Inc., Washington Post and the Australian software company Atlassian Corporation PLC, Atlassian said it had not yet seen any rkan or sign of a compromise.
The Department of Homeland Security's cyber security arm and the FBI declined to comment. Catalog