In the United States, unknown hackers stole the original year and personal data that government agencies and individuals were working with. They took advantage of a platform vulnerability to check for errors in the code.
The Federal Bureau of Investigation (FBI) sent out a warning to the security services of companies and government organizations – the document says that hackers are abusing misconfigured SonarQube applications to access source code repositories. This leads to data leaks from government agencies and private companies.
These attacks have been occurring since at least April 2020, according to a notice sent out by the FBI. The alert specifically alerts users of SonarQube, a platform that companies are integrating into their software build chains to test source code and detect bugs. Researchers insist that you need to test your code before deploying it.
SonarQube apps are installed on web servers and connect to source hosting systems such as BitBucket, GitHub, or GitLab accounts, or Azure DevOps systems.
The FBI claims hundreds of agencies have left these systems unsecured by running them in a default configuration with default administrator accounts.
FBI officials say attackers abused misconfigurations to gain access to SonarQube, navigate to connected source code repositories, and then access and steal proprietary or private applications.
“In August 2020, hackers merged the internal data of the two organizations through a publicly available repository tool. The stolen data was obtained from SonarQube, which used the default port settings and administrator credentials running in the networks of these organizations, ”the department noted.