TeamHood 
A new supply chain attack was seen on Monday.com which can also impact multiple customers.
Monday.com is an online workflow management platform used by various project managers. Some of the prominent customers of platforms are Coca-Cola, Unilever, Adobe.
This attack can also be correlated to the last month Codecov attack. The attacker had accessed the Codecov environment for the last two months and they are able to modify the Codecov Bash Uploadet tool to exfiltrate the environment variables ( sensitive information like codes, tokens and credentials) from Codecov customer environments.
Using the credentials harvested from the tampered Bash Uploader, Codecov attackers reportedly breached hundreds of customer networks.
Monday.com which is also a Codecov customer has recently announced that it was impacted by the Codecov supply-chain attack.
In an F-1 form filed this week with the U.S. Securities and Exchange Commission (SEC) for Monday.com’s proposed Initial Public Offering (IPO), the company shared details on the extent of the Codecov breach.
After their investigation into the Codecov breach, Monday.com found that unauthorized actors had gained access to a read-only copy of their source code.
However, as per company there is no evidence that the source code of monday.com has been tampered by the attackers.
As per company spokesperson “the attacker did access a file containing a list of certain URLs pointing to publicly broadcasted customer forms and views hosted on our platform and we have contacted the relevant customers to inform them how to regenerate these URLs,”.
At this time, there is also no indication that Monday.com customers’ data was affected by this incident, although the company continues to investigate.
Prior to the disclosure made in the SEC filing this week, Monday.com had previously stated that following the Codecov incident, they removed Codecov’s access to their environment and discontinued the service’s use altogether:
“Upon learning of this issue, we took immediate mitigation steps, including revoking Codecov access, discontinuing our use of Codecov’s service, rotating keys for all of monday.com’s production and development environments, and retaining leading cybersecurity forensic experts to assist with our investigation,” said Monday.com’s security team in last week’s blog post.
