Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers.
A source, who asked to remain anonymous, told BleepingComputer that Cisco’s Unified Intelligence Center, CSIRT, and EOC teams contained the breach involving a malicious “GitHub Action plugin” from the recent Trivy compromise.
The attackers used the malicious GitHub Action to steal credentials and data from the company’s build and development environment, impacting dozens of devices, including some developer and lab workstations.
While the initial breach has been contained, BleepingComputer was told that the company expects continued fallout from the follow-on LiteLLM and Checkmarx supply chain attacks.
As part of the breach, multiple AWS keys were reportedly stolen and later used to perform unauthorized activities across a small number of Cisco AWS accounts. Cisco has isolated affected systems, begun reimaging them, and is performing wide-scale credential rotation.
BleepingComputer has learned that more than 300 GitHub repositories were also cloned during the incident, including source code for its AI-powered products, such as AI Assistants, AI Defense, and unreleased products.
A portion of the stolen repositories allegedly belongs to corporate customers, including banks, BPOs, and US government agencies.
Multiple sources told BleepingComputer that more than one threat actor was involved in the Cisco CI/CD and AWS account breaches, with varying degrees of activity.
BleepingComputer contacted Cisco with questions regarding the breach, but has not received a reply to our emails.
The Trivy supply chain attack
Cisco’s breach was caused by this month’s Trivy vulnerability scanner supply chain attack, in which threat actors compromised the project’s GitHub pipeline to distribute credential-stealing malware through official releases and GitHub Actions.
That attack enabled the theft of CI/CD credentials from organizations using the tool, giving attackers access to thousands of internal build environments.
Security researchers linked these supply chain attacks to the TeamPCP threat group based on the use of their self-titled “TeamPCP Cloud Stealer” infostealer. TeamPCP has been conducting a series of supply chain attacks targeting developer code platforms, such as GitHub, PyPi, NPM, and Docker.
The group also compromised the LiteLLM PyPI package, which impacted tens of thousands of devices, and the Checkmarx KICS project to deploy the same information-stealing malware.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
