*Note: This information is provided by the FBI to assist cyber security specialists protect against the persistent malicious actions of cyber criminals. The CCI is happy to share this information to further information sharing initiatives. The information is provided without any guaranty or warranty and is for use at the sole discretion of the recipients.

TLP: WHITE

This FLASH Report is is an update to the report the FBI released on 14 October 2020, Alert Number MU-000136-MW. The FLASH has been updated to include additional technical details and a blog post by SonarQube addressing this issue.

Since April 2020, unidentified cyber actors have actively targeted vulnerable SonarQube instances to access source code repositories of US government agencies and private businesses. The actors exploit known configuration vulnerabilities, allowing them to gain access to proprietary code, exfiltrate it, and post the data publicly. The FBI has identified multiple potential computer intrusions that correlate to leaks associated with SonarQube configuration vulnerabilities.

On 31 July 2020, SonarQube released a blog post addressing this issue, which can be accessed at https://blog.sonarsource.com/public-response-code-leaks

Download FBI Flash

The FBI encourages the reporting of information related to suspicious or criminal activity to your local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field-offices. CyWatch can be contacted by phone at (855) 292-3937 or by email at CyWatch@fbi.gov.

By reporting any related information to FBI CyWatch, you are assisting in sharing information that allows the FBI to track malicious actors and coordinate with private industry and the United States Government to prevent future intrusions and attacks.