Report: Cybercriminals steal source code from Cisco and its customers
After the supply chain attack on LiteLLM, attackers were able to access internal Cisco data, it is said. Source code from Cisco and customers was likely stolen.
(Image: Anucha Cheechang/Shutterstock.com)
Cisco Systems has reportedly fallen victim to a cyber attack in which criminals were able to access development department devices and steal source code from the US network specialist and its customers. This is reported by anonymous sources from a trade magazine. The attackers were reportedly able to gain access to internal Cisco data and devices after obtaining corresponding credentials from a recent attack on an open-source library.
Following this supply chain attack on LiteLLM, those affected should immediately change their credentials, but this apparently took too long for Cisco. Just last week, two LiteLLM packages in the Python Package Index (PyPI) were compromised and fitted with a credential stealer. This is designed to intercept data and searches for SSH keys, environment variables, cloud provider credentials (AWS, GCP, Azure), Kubernetes tokens, and database passwords.
Cisco victim of stolen GitHub credentials
This also impacts industry giants like Cisco, as sources from Bleeping Computer report. According to them, cybercriminals were able to carry out unauthorized activities on a limited number of Cisco's AWS accounts using stolen keys for Amazon Web Services (AWS). In addition, the attackers could access internal systems of Cisco's development department through the stolen credentials. It is unclear which products and customers are impacted by the stolen source codes.
Videos by heise
Cisco has not yet commented on the incident. However, the sources report that the attack could be contained through appropriate measures. The affected systems, such as developer workstations, are reportedly being reinstalled with the latest backups and credentials are being updated broadly. It is unclear whether the attacker is TeamPCP, which is responsible for the supply chain attack on LiteLLM. According to security experts, TeamPCP has been attacking since the end of February and is apparently moving from one project to the next with the help of stolen credentials.
During the recent cyberattack, more than 300 GitHub repositories were copied, it is said. This affects source code for artificial intelligence products such as AI assistants, AI security solutions, and previously unreleased products. Parts of the stolen repositories belong to Cisco's major customers, such as banks and US authorities.
(fds)
