The FBI issued a flash alert warning that hackers are targeting SonarQube instances to access source code repositories of U.S. government agencies and private businesses. The alert was originally distributed to organizations as a private alert in October, but published publicly Tuesday to the bureau’s Internet Crime Complaint Center. The FBI notes that the activity was similar to a previous data leak in July where unidentified hackers exfiltrated proprietary source code from enterprises and published the stolen source code on a self-hosted public repository (see: Intel Investigating Possible Leak of Internal Data)”]
Source: https://www.cuinfosecurity.com/federal-source-code-accessed-via-misconfigured-sonarqube-a-15303