Cisco Source Code Stolen After Dev Environment Breach Linked to Trivy Supply Chain Attack

Cisco has confirmed a cyberattack in which threat actors used credentials stolen during the recent Trivy supply chain compromise to breach its internal development environment and steal source code belonging to the company and its corporate customers. According to BleepingComputer, Cisco's Unified Intelligence Center, CSIRT, and EOC teams contained the breach, which involved a malicious GitHub Action plugin introduced during the Trivy compromise. Attackers used this plugin to steal credentials and data from the company's build environment, impacting dozens of devices including developer workstations and lab machines. ## What Was Compromised More than 300 GitHub repositories were cloned during the incident, including source code for Cisco's AI-powered products such as AI Assistants and AI Defense, as well as unreleased products. A portion of the stolen repositories belonged to corporate customers, including banks, BPOs, and US government agencies. Multiple AWS keys were also stolen and later used for unauthorized activities across a small number of Cisco AWS accounts. The company isolated affected systems, began reimaging them, and performed wide-scale credential rotation. ## The Root Cause: The Trivy Attack Trivy is a widely used security scanning tool for containers and repositories. In the attack preceding the Cisco breach, threat actors compromised Trivy's GitHub pipeline to distribute credential-stealing malware through official releases and GitHub Actions. This enabled the theft of CI/CD credentials from organizations using the tool, giving attackers access to thousands of internal build environments worldwide. The attacks were linked to the TeamPCP threat group, which uses its own "TeamPCP Cloud Stealer" infostealer. The group also compromised the LiteLLM PyPI package, affecting tens of thousands of devices, and the Checkmarx KICS project using the same malware. Multiple threat actors were reportedly involved in the Cisco CI/CD and AWS account breaches. ## Why This Attack Is Different Cisco wasn't compromised through a direct vulnerability in its production systems. It was compromised because it trusted a third-party tool that was poisoned in the distribution chain. This is the defining pattern of sophisticated supply chain attacks from SolarWinds in 2020 to XZ Utils in 2024. The fact that customer repositories were also cloned significantly expands the blast radius. Proprietary code from banks and government agencies in attackers' hands represents risk of future exploitation, reverse engineering for vulnerability discovery, and highly targeted follow-on attacks. Development, staging, and CI/CD environments must be treated with the same security rigor as production environments. Least privilege applied to build pipelines, continuous monitoring for anomalous activity, and regular auditing of GitHub Actions and third-party dependencies are layers of defense that need to be routine, not post-incident checklists.