Photographer: Andrew Harrer
Photographer: Andrew Harrer
Cisco Systems Inc. was compromised as part of a suspected Russian campaign that flew the US government and the private sector and allowed security experts from across the country to compete to assess the extent of the damage.
Some of the internal machines used by Cisco researchers were targeted, the network equipment maker said. The company said its security team moved quickly to address the issue and that the “affected software” was “attenuated”.
“At this time, there is no known impact on Cisco offerings or products,” the company said in a statement. “We continue to investigate all aspects of this evolving situation with the highest priority.”
Cisco used popular internal Texas software SolarWinds Corp. which has been at the center of attacks so far. The hackers introduced a malicious backdoor into SolarWinds’ Orion software, which they then used as a training ground for further attacks. SolarWinds customers who accessed the updates between March and June were infected with the back door – up to 18,000 customers, according to the company.
The number of Orion software users who have actually been attacked by hackers is not known, but almost certainly, much less.
“While Cisco does not use SolarWinds Orion to manage or monitor its enterprise network, we have identified and mitigated the affected software in a small number of lab environments and a limited number of employee endpoints,” the company said. Endpoints refer to employees’ devices, such as computers.
Network administration and monitoring are key parts of Cisco machines and software that directly analyze data traffic that travels through a network. Access to this flow could provide a malicious actor with several ways to cause harm.
About two dozen computers in a Cisco lab were compromised, according to a person familiar with the incident.
Cisco is the world’s largest manufacturer of network equipment and provides hardware and software that are the backbone of the Internet and central to corporate and governmental computer networks around the world.
A company spokesman declined to comment beyond what Cisco said in a written statement.
The number of victims compromised by a sophisticated suspected Russian cyber attack has continued to rise since December 8, when the cyber security company FireEye Inc. announced that it was broken through SolarWinds software.
Cisco’s violation comes a day later Microsoft Corp. stated that its systems were exposed to malicious updates.