Cisco Source Code Compromised in Trivy Supply Chain Attack

Post Views: 7

Cisco Source Code Compromised in Supply Chain Intrusion

In a concerning development, threat actors have reportedly gained unauthorized access to Cisco’s source code following a supply chain attack on Aqua Security’s Trivy vulnerability scanner.

How the Attack Unfolded

According to sources, the attackers exploited an illicit GitHub Action plugin from the Trivy hack to compromise Cisco’s build and development environment. This enabled the theft of sensitive credentials and data from multiple devices, including AWS keys that were subsequently used to infiltrate a limited number of Cisco AWS accounts.

The attackers also cloned over 300 Cisco GitHub repositories, including source code for various AI-based offerings such as the AI Assistant and AI Defense. Additionally, repositories purportedly owned by U.S. government agencies, banks, and business process outsourcing firms were compromised.

Cisco’s Response and Implications

Cisco has acknowledged that it expects further compromise from related supply chain incidents, specifically mentioning potential vulnerabilities stemming from the LiteLLM and Checkmarx breaches. Experts warn that the use of compromised plugins and dependencies can have far-reaching consequences, allowing attackers to gain unfettered access to sensitive systems and data.

By prioritizing security best practices and staying vigilant in the face of emerging threats, organizations can minimize the risk of similar incidents occurring in the future. It is essential for organizations to adopt a proactive approach to identifying and mitigating potential risks in their software supply chains.