Cisco was compromised as part of a suspected Russian campaign that has roiled the US government and private sector and left security experts across the country racing to assess the extent of the damage.
Some internal machines used by Cisco researchers were targeted, the networking equipment maker said. The company said its security team moved quickly to address the issue and that the “affected software” has been “mitigated.”
“At this time, there is no known impact to Cisco offers or products,” the company said in a statement. “We continue to investigate all aspects of this evolving situation with the highest priority.”
Cisco used a popular software internally from Texas-based SolarWinds that has been at the center of the attacks so far. Hackers inserted a malicious backdoor into SolarWinds’s Orion software that they then used as a staging ground for later attacks. SolarWinds customers who accessed updates between March and June were infected with the backdoor — as many as 18,000 customers, according to the company.
The number of Orion software users who were actually attacked by the hackers isn’t known but almost certainly far less.
“While Cisco does not use SolarWinds Orion for its enterprise network management or monitoring, we have identified and mitigated affected software in a small number of lab environments and a limited number of employee endpoints,” according to the company’s statement. Endpoints refer to employee devices such as computers.
Network management and monitoring are key parts of Cisco’s machinery and software that directly look at data traffic moving through a network. Access to that flow could provide a malicious actor with multiple avenues to cause harm.
About two dozen computers in a Cisco lab were compromised, according to a person familiar with the incident.
Cisco is the world’s biggest maker of networking equipment and provides hardware and software that are the backbone of the internet and central to corporate and government computer networks across the world.
A company spokesperson declined to comment beyond what Cisco said in a written statement.
The toll of victims compromised by a sophisticated suspected Russian cyber-attack has continued to rise since December 8 when the cybersecurity company FireEye Inc. announced it had been hacked via SolarWinds’s software.
Cisco’s breach comes a day after Microsoft said its systems were exposed to the malicious update.