Case study 1 – the Codecov security incident
One example of a security incident related to IaC involves a company called Codecov, which provides code coverage tools for software developers. In April 2021, Codecov announced that their infrastructure had been compromised by an attacker, resulting in a supply chain attack that affected many of their customers.
The attack involved the theft of Codecov’s credentials for an Amazon Web Services (AWS) account, which contained a code signing key for their Bash Uploader tool. This tool is used by many of Codecov’s customers to upload code coverage reports to their platform.
The attacker used the stolen credentials to modify the Bash Uploader code and add a malicious script that collected environment variables, including sensitive data such as access tokens and credentials, and sent them to a remote server controlled by the attacker. This allowed the attacker to gain unauthorized access to many of Codecov’s customers...