Cisco acknowledges some of its systems compromised by SolarWinds malware
But none of the company's products or services were affected, Cisco says
Nearly two dozen computer systems used by Cisco researchers in the company lab were compromised through SolarWinds-related malware that was used by a state-backed hacking group to target multiple government agencies in the US.
That is according to Bloomberg, which says Cisco has acknowledged the security incident, claiming that appropriate steps were taken immediately to address the issue and to isolate the "affected software".
The networking equipment maker also said that none of its products or services was affected by the incident.
"At this time, there is no known impact to Cisco offers or products," Cisco told Bloomberg.
It also clarified that the company does not use SolarWinds Orion software for network management or monitoring and that the malicious code was found only in lab environments and on a limited number of employee endpoints.
Nearly two dozen machines in a Cisco lab were infected by hackers, Bloomberg claimed, citing a person familiar with the matter.
"We continue to investigate all aspects of this evolving situation with the highest priority," Cisco said.
The news comes as Microsoft revealed last week that it had found evidence suggesting that a different threat actor was also targeting SolarWinds' software through a second piece of malware.
The second backdoor was different from the Sunburst attack, according to Microsoft researchers, raising the possibility that multiple adversaries have been launching parallel attacks to target US federal agencies.
Last week, Microsoft acknowledged that it had found compromised SolarWinds code on its systems, but added that the breach did not impact customer data or outward-facing systems. However, Microsoft has so far identified more than 40 customers who were targeted more precisely by attackers and compromised through "additional and sophisticated measures".
In a report, Forbes claimed that both General Electric (GE) and Equifax are conducting their own reviews to determine if they were targeted or affected by the espionage campaign.
While most security experts have so far pointed the finger at Russia, President Trump took another tack last week by claiming that China might be behind this cyber espionage campaign and that it's effects have been overstated.
"The Cyber Hack is far greater in the Fake News Media than in actuality," Trump tweeted.
"I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!)."
"There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA."
Trump's comments contradict Secretary of State Mike Pompeo, who said that Russia was "pretty clearly" behind the attack.
Meanwhile, US President-elect Joe Biden has expressed concerns over the hacking incident.
"We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place," Biden said last week.
"We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners," he added.