It was clear from the start of an online attack by suspected Russian-led terrorists targeting large U.S. government offices will be bad. One revelation: National Security Adviser Robert O’Brien cut off his overseas trip earlier in the week to return to Washington to help with the crisis.
Cisco Systems Inc. adapted as part of a skeptical Russian statement that roiled the U.S. government and private businesses and leaves security professionals across the country racing to assess the extent of the damage.
Some internal machines used by Cisco researchers were targeted, the networking equipment maker said. The company said its security team moved quickly to address the issue and that the “affected software” has been “mitigated.”
“At this time, there is no known impact to Cisco offers or products,” the company said in a statement. “We continue to investigate all aspects of this evolving situation with the highest priority.”
Bloomberg News reported that at least three state governments were hacked. That was followed by reports of other breaches: the city network in Austin, Texas, and the U.S. nuclear weapons agency. Late in the day software giant Microsoft Corp. said its systems were exposed.
The U.S. Department of Energy and its National Nuclear Security Administration, which maintains the country’s nuclear stockpile, said that the malware was isolated to business networks and didn’t affect national security functions.
Cisco used a popular software internally from Texas-based SolarWinds Corp. that has been at the center of the attacks so far. Hackers inserted a malicious backdoor into SolarWinds’s Orion software that they then used as a staging ground for later attacks. SolarWinds customers who accessed updates between March and June were infected with the backdoor — as many as 18,000 customers, according to the company.
The number of Orion software users who were actually attacked by the hackers isn’t known but almost certainly far less.
“While Cisco does not use SolarWinds Orion for its enterprise network management or monitoring, we have identified and mitigated affected software in a small number of lab environments and a limited number of employee endpoints,” according to the company’s statement. Endpoints refer to employee devices such as computers.
Network management and monitoring are key parts of Cisco’s machinery and software that directly look at data traffic moving through a network. Access to that flow could provide a malicious actor with multiple avenues to cause harm.
About two dozen computers in a Cisco lab were compromised, according to a person familiar with the incident.
Cisco is the world’s biggest maker of networking equipment and provides hardware and software that are the backbone of the internet and central to corporate and government computer networks across the world.
A company spokesperson declined to comment beyond what Cisco said in a written statement.
The toll of victims compromised by a sophisticated suspected Russian cyber-attack has continued to rise since Dec. 8 when the cybersecurity company FireEye Inc. announced it had been hacked via SolarWinds’s software.
Cisco’s breach comes a day after Microsoft Corp. said its systems were exposed to the malicious update.
