UPDATED 20:09 EDT / DECEMBER 20 2020

SECURITY

Cisco targeted in SolarWinds attack as Microsoft uncovers a second hacking group

Cisco Systems Inc. is the latest company targeted in the SolarWinds hack as Microsoft Corp. has discovered a second hacking group that was also targeting SolarWinds’ software.

The attack on Cisco, revealed Friday, involved internal machines used by Cisco researchers with the company saying that its security team moved quickly to address the issue and that the affected software had been mitigated. “At this time, there is no known impact to Cisco offers or products,” Cisco said in a statement. “We continue to investigate all aspects of this evolving situation with the highest priority.”

Cisco added that although it doesn’t use SolarWinds Orion for its enterprise network management or monitoring, “we have identified and mitigated affected software in a small number of lab environments and a limited number of employee endpoints. We continue to investigate all aspects of this evolving situation with the highest priority.”

Bloomberg reported that network management and monitoring are key parts of Cisco’s machinery and software and that access to that flow could provide a malicious actor with multiple avenues to cause harm.

Although much of the focus on the SolarWinds hack has been related to government departments, the number of private companies affected is likely to continue to grow. Forbes reported that both Equifax Inc. and General Electric Co. are currently investigating to determine if they were affected. An unconfirmed report also names Intel Corp. of possibly having been targeted in the attack as well.

Controversy erupted on Friday after President Trump claimed that China may be responsible for the hack, whereas others have pointed the finger at Russia. But it may have been both.

Microsoft has uncovered that there were not one but two “advanced persistent threat” groups targeting SolarWinds. “The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,” the Microsoft 365 Defender Research Team said in a blog post.

No one at Microsoft has said yet where the second APT group may have come from but it certainly hasn’t ruled out the possibility that it could be China. Microsoft’s language on the first detected hack being Russian is surprisingly cautious as well, unlike some parts of the media that reported that “cybersecurity experts, intel officials and policymakers universally agree the hack was the work of a unit of Russian cyber operators.”

In an interview with NPR Saturday, Microsoft President Brad Smith responded to a question about who was behind the first detected hack by stating that “what everyone is pointing towards right now is an intelligence agency in Russia. We have not seen any evidence that goes in a different direction but I think it’s a little too early to declare a verdict in the case.”

Photo: Cisco Amsterdam/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU