Hot topics close

Cisco Hacked Through SolarWinds As Tech Casualties Mount

Internal machines used by Cisco researchers were targeted via SolarWinds as the impact of the colossal hacking campaign on the tech sector becomes apparent, Bloomberg reported.

Internal machines used by Cisco researchers were targeted via SolarWinds as the impact of the colossal hacking campaign on the tech sector becomes apparent, Bloomberg reported.

Roughly two dozen computers in a Cisco lab were compromised through malicious updates to SolarWinds’ Orion network monitoring platform, Bloomberg reported, citing a person familiar with the incident. The San Jose, Calif.-based networking giant told CRN its security team moved quickly to address the issue, and that there isn’t currently any known impact to Cisco offers or products.

“While Cisco does not use SolarWinds Orion for its enterprise network management or monitoring, we have identified and mitigated affected software in a small number of lab environments and a limited number of employee endpoints,” Cisco said in a statement. “We continue to investigate all aspects of this evolving situation with the highest priority.”

[Related: VMware Flaw Used To Hit Choice Targets In SolarWinds Hack: Report]

Network management and monitoring are key parts of Cisco’s machinery and software, which Bloomberg said directly look at data traffic moving through a network. Access to that flow could provide a malicious actor with multiple avenues to cause harm, according to Bloomberg. Cisco told CRN there’s no evidence at this time to indicate customer data has been exposed as a result of the compromise.

The company didn’t respond to CRN questions about the number of machines affected as well as who in the organization was using the compromised machines. Cisco is the third tech vendor to get publicly ensnared in the fallout from the SolarWinds hack in the past 24 hours, following in the footsteps of Microsoft and VMware.

Reuters reported late Thursday that Microsoft was compromised via SolarWinds, with suspected Russian hackers then using Microsoft’s own products to further the attacks on other victims. Microsoft told CRN Thursday that sources for the Reuters report are “misinformed or misinterpreting their information,“ but acknowledged the software giant had ”detected malicious SolarWinds binaries” in its environment.”

Then Friday afternoon, KrebsOnSecurity reported that a VMware vulnerability allowing federated authentication abuse and access to protected data was used by the SolarWinds hackers to attack high-value targets. VMware told CRN Friday that it had received no notification or indication that this vulnerability “was used in conjunction with the SolarWinds supply chain compromise.”

FireEye put the state-sponsored hacking campaign in the public consciousness Dec. 8 when the company disclosed that it was breached in an attack designed to gain information on some of the company’s government customers. The attacker was able to access some of FireEye’s internal systems but apparently didn’t exfiltrate data from the company’s primary systems that store customer information.

After FireEye, the next several organizations to be publicly identified as victims of the SolarWinds hack were all federal agencies, including the U.S. Departments of Defense, State, Treasury, Homeland Security and Commerce, according to reports from Reuters and others.

Contrary to public perception at the time, Microsoft President Brad Smith disclosed Thursday that a decisive plurality – 44 percent – of the company’s customers compromised through SolarWinds are actually in the IT sector, and includes software and security firms as well as IT services and equipment providers.

Some 18 percent of the compromised Microsoft customers are government agencies, another 18 percent are think tanks or non-governmental organizations (NGOs), and 9 percent are government contractors, according to Smith. He said that more than 40 Microsoft customers were precisely targeted and compromised through SolarWinds Orion, roughly 80 percent whom are located in the United States.

Similar news
  • Russian hackers hit 250 govt agencies, firms in US: Report
  • Microsoft Starts The New Year With A Somewhat Worrying News About Getting Hacked
  • A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
  • Russia's SolarWinds Hack Is a Historic Mess
  • 'Deeply damaging and dangerous:' List of victims of the Russian-linked SolarWinds hack keeps widening
  • Cisco Latest Victim of Russian Cyber-Attack Using SolarWinds
  • The SolarWinds Hack Is Unlike Anything We Have Ever Seen Before
  • Microsoft spots more than 40 organizations hit by SolarWinds hack
  • Microsoft (MSFT) Removed Malware From SolarWinds (SWI) Hack
  • JOYY Class Action Reminder
  • Suspected Russian hacking spree extends beyond original target, US officials admit
  • Russia suspected of hacking U.S. Homeland Security, thousands of businesses
  • Canada assessing SolarWinds hack as U.S. agencies lock down
  • Canada assessing SolarWinds hack as U.S. agencies lock down
  • US Treasury, Commerce Depts. Hacked Through SolarWinds Compromise
  • DHS, DOJ And DOD Are All Customers Of SolarWinds Orion, The Source Of The Huge US Government Hack
  • Malicious update to SolarWinds’ Orion platform blamed for global hacks, including FireEye
  • SolarWinds' Orion monitoring platform may have been tampered with by attackers
This week's most popular news