Cisco and VMware have emerged as the latest confirmed victims of the high-profile SolarWinds hack, in line with previous reports that tech companies make up a large proportion of those affected.
According to Bloomberg, Cisco moved quickly to eliminate the threat and is confident that its products have not been compromised. “At this time, there is no known impact to Cisco offers or products,” claims the firm. “We continue to investigate all aspects of this evolving situation with the highest priority.”
VMware also issued a short statement, saying that it, too, was compromised by the malware-laced Orion patch, but found no evidence of criminals exploiting the malware for further attacks. It also denied reports that a zero-day vulnerability, found in some of its products, was used as an additional attack vector.
It’s likely that other high-profile companies will soon emerge as victims of the incident. Some sections of the media are reporting that both Equifax and General Electric are currently investigating a potential breach.
The hack was first discovered by cybersecurity experts at FireEye, which was also affected. Further investigation unveiled that a (most likely state-sponsored) hacking group used compromised Office 365 accounts to infiltrate SolarWinds and embed malicious code into an upcoming patch for its Orion software.
It is thought that Russian cybercriminal syndicate APT29 was behind the attack. In a recent tweet, however, US President Donald Trump suggested China may be responsible.