Cisco Systems Inc. was compromised as part of a suspected Russian campaign that damaged the US government and the private sector and left security experts across the country to assess the extent of the damage.
Some internal machines used by researchers at Cisco, a networking equipment company, were targeted. The company said that its security team moved quickly to resolve the issue and “affected software” was “truncated”.
“At this time, there are no known implications for Cisco offers or products,” the company said in a statement. “We continue to examine all aspects of this evolving situation with the highest priority.”
Cisco used a popular software internally from Texas-based SolarWind Corp which has been at the center of the attacks till now. Hackers inserted a malicious backdoor into SolarWinds’ Orion software, which was later used as a platform for attacks. According to the company, SolarWind customers receiving updates between March and June were infected by backdoor – 18,000 customers.
The number of Orion software users actually attacked by hackers is not known, but almost certainly much less.
“While Cisco does not use SolarWinds Orion for its enterprise network management or monitoring, we have identified and mitigated software affected by a small number of lab environments and limited workforce, according to the company’s statement.” Endpoints refer to employee devices such as computers.
Network management and monitoring are key parts of Cisco’s machinery and software that look at data traffic moving directly through the network. Access to that flow can provide multiple avenues for a malicious actor to cause harm.
According to a person familiar with the incident, about two dozen computers were compromised at the Cisco Lab.
Cisco is the world’s largest manufacturer of networking equipment and provides hardware and software that are the backbone of the Internet and central to corporate and government computer networks worldwide.
A company spokesperson declined to comment beyond what Cisco had said in a written statement.
The toll of victims of a sophisticated suspected Russian cyber attack continues to increase from December 8 when the cyber security company FireEye Inc. Announced that it was hacked through the software of SolarWinds.
Cisco violation comes a day later Microsoft Corp. Said that its systems were exposed to malicious updates.