Photographer: Andrew Harrer
Photographer: Andrew Harrer
Cisco Systems Inc. was compromised as part of a suspected Russian campaign that banned the US government and private sector and left security experts around the country to assess the extent of the damage.
Some internal machines used by Cisco researchers were targeted, the network equipment maker said. The company said the security team had moved quickly to address the issue and that the ‘affected software’ has been ‘mitigated’.
“At this time, there is no known impact on Cisco offerings or products,” the company said in a statement. “We continue to investigate all aspects of this changing situation with the highest priority.”
Cisco used popular Texas software internally SolarWinds Corp. that has been at the center of attacks so far. Hackers put a malicious back door in SolarWinds’ Orion software, which they then used as a stopover for later attacks. SolarWinds customers who had access to updates between March and June were infected with the back door – as many as 18,000 customers, according to the company.
The number of Orion software users who have actually been attacked by the hackers is unknown, but almost certainly much less.
“While Cisco SolarWinds does not use Orion to manage or monitor corporate networks, we have identified and limited the affected software in a small number of laboratory environments and a limited number of employee endpoints,” the company said. Endpoints refer to employee devices, such as computers.
Network management and monitoring are important parts of Cisco’s machines and software that look directly at data traffic passing through a network. Access to that flow can provide a malicious actor with multiple ways to do damage.
According to a person familiar with the incident, about two dozen computers in a Cisco lab have been compromised.
Cisco is the world’s largest manufacturer of networking equipment, providing hardware and software that are the backbone of the Internet and at the heart of corporate and government computer networks around the world.
A company spokesman declined to comment beyond what Cisco said in a written statement.
The number of victims compromised by an advanced suspected Russian cyberattack has continued to rise since December 8, when the cybersecurity firm FireEye Inc. announced it had been hacked through SolarWinds software.
Cisco’s breach comes a day later Microsoft Corp. said his systems were exposed to the malicious update.