Small Business Security Solutions
CCI-GoogleSitesBanner-v1.png

Center for Cyber Intelligence

Blog

Explore expert insights on cybersecurity trends, best practices, and compliance strategies. Led by industry veterans, our posts offer in-depth analyses and practical guidance to help professionals and small businesses fortify their cyber defenses. We openly welcome submissions for guest blogger articles. Interested in submitting? Submit your topic here to let us know.


 

Cyber Actors Target Misconfigured SonarQube Instances to Access Proprietary Source Code of US Government Agencies and Businesses


*Note: This information is provided by the FBI to assist cyber security specialists protect against the persistent malicious actions of cyber criminals. The CCI is happy to share this information to further information sharing initiatives. The information is provided without any guaranty or warranty and is for use at the sole discretion of the recipients.

TLP: WHITE

This FLASH Report is is an update to the report the FBI released on 14 October 2020, Alert Number MU-000136-MW. The FLASH has been updated to include additional technical details and a blog post by SonarQube addressing this issue.

Since April 2020, unidentified cyber actors have actively targeted vulnerable SonarQube instances to access source code repositories of US government agencies and private businesses. The actors exploit known configuration vulnerabilities, allowing them to gain access to proprietary code, exfiltrate it, and post the data publicly. The FBI has identified multiple potential computer intrusions that correlate to leaks associated with SonarQube configuration vulnerabilities.

On 31 July 2020, SonarQube released a blog post addressing this issue, which can be accessed at https://blog.sonarsource.com/public-response-code-leaks

Download FBI Flash

The FBI encourages the reporting of information related to suspicious or criminal activity to your local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field-offices. CyWatch can be contacted by phone at (855) 292-3937 or by email at CyWatch@fbi.gov.

By reporting any related information to FBI CyWatch, you are assisting in sharing information that allows the FBI to track malicious actors and coordinate with private industry and the United States Government to prevent future intrusions and attacks.