Cisco breach linked to supply chain attack exposes source code and AWS credentials

Cisco Systems, a U.S.-based networking and cybersecurity technology company, experienced a cyberattack in which threat actors infiltrated its internal development environment using stolen credentials obtained through a recent supply chain compromise, resulting in the theft of source code and unauthorized access to cloud resources.

The intrusion stemmed from a compromised GitHub Actions component tied to the Trivy vulnerability scanning tool, which had been tampered with to distribute credential-stealing malware. Attackers leveraged the malicious component to extract sensitive credentials and data from Cisco’s build and development systems, affecting dozens of devices, including developer and lab workstations.

Cisco’s internal security and incident response teams identified and contained the breach. Affected systems were isolated, reimaged, and subjected to extensive credential rotation efforts to prevent further unauthorized access.

During the incident, attackers obtained multiple Amazon Web Services keys and used them to carry out unauthorized activities across a limited number of Cisco cloud accounts. The company has since secured those environments and continues remediation efforts.

The breach also involved the cloning of more than 300 GitHub repositories. The exposed data included source code related to Cisco’s artificial intelligence offerings, such as AI Assistants and AI Defense, as well as unreleased products still under development. Some of the compromised repositories contained code associated with enterprise customers, including financial institutions, business process outsourcing firms, and U.S. government entities.

Investigations into the attack indicate the involvement of multiple threat actors operating with varying levels of access across Cisco’s CI/CD pipelines and cloud infrastructure.

The incident traces back to a broader supply chain attack targeting the Trivy open source security tool. Attackers compromised the project’s software delivery pipeline, embedding malware into official releases and GitHub Actions integrations. This enabled widespread credential theft from organizations using the tool and provided unauthorized access to numerous internal development environments.

The same campaign has also affected other widely used developer tools and platforms. The attackers deployed similar malware through the LiteLLM Python package and the Checkmarx KICS project, expanding the scope of the compromise across software development ecosystems.

Security analysts have linked the activity to the TeamPCP threat group, which has conducted a series of supply chain attacks targeting developer platforms including GitHub, PyPI, npm, and Docker. The group is known for deploying a credential-harvesting tool referred to as the TeamPCP Cloud Stealer.