Trivy Supply Chain Compromise Leads to Cisco Dev Environment Breach

Published Date: April 3, 2026

Category: ShadowOpsIntel

A supply chain compromise of the open-source security scanner Trivy served as the initial access vector into Cisco’s internal development and build environment. A subsequent extortion campaign by threat group ShinyHunters has escalated the incident’s potential scope significantly.

Severity: High

Incident Details

Stage 1: Initial Credential Theft
Credentials were stolen on or around March 1, 2026, giving attackers an early foothold.
Stage 2: Trivy Supply Chain Poisoning (March 20, 2026)
Aqua Security confirmed that threat actors used those compromised credentials to publish a malicious Trivy v0.69.4 release and tamper with two related components: trivy-action and setup-trivy. Attribution points to a group called TeamPCP.
Stage 3: Cisco Environment Breach
Attackers leveraged credentials exposed through the poisoned Trivy pipeline to penetrate Cisco’s internal dev/build environment. Reported impact: AWS keys stolen, 300+ GitHub repositories cloned, including source code tied to AI projects and repositories allegedly linked to corporate customers.
Stage 4: ShinyHunters Extortion (March 31, 2026)
ShinyHunters published an extortion post with an April 3, 2026, deadline, claiming three distinct breach vectors against Cisco: UNC6040, Salesforce Aura, and AWS accounts.

Threat Actor Profiles

Actor	Role	Notes
TeamPCP	Supply chain attacker	Attributed by multiple security teams to the Trivy compromise
ShinyHunters	Extortion group	Known recidivist group; published leak-site post with April 3 deadline
UNC6040	Access broker/vector	Referenced as one of three breach paths in ShinyHunters’ post

Alleged Stolen Assets

Asset Type	Claimed Volume	Verification Status
Salesforce records (PII)	3M+ records	Unverified – threat actor claims only
GitHub repositories	300+ cloned	Partially confirmed via Trivy breach disclosure
AWS keys/EC2/S3 buckets	Unspecified	Screenshots only – dated March 16–17, 2026
AI-related source code	Unspecified	Reported, not independently confirmed

Broader Impact & Lateral Risk

The campaign was not limited to Cisco. Any organization with Trivy embedded in their CI/CD pipeline during the compromise window is a potential victim. The poisoned component could have exfiltrated secrets, tokens, and cloud credentials across many downstream environments.

Recommendations

Ensure all CI/CD pipelines have purged Trivy v0.69.4 and associated tampered actions (trivy-action, setup-trivy). Roll back to a known-secure version or move to the latest patched release after verifying its checksum.
Immediately rotate all AWS access keys, GitHub Personal Access Tokens (PATs), and Salesforce OAuth tokens. Prioritize any credentials that were present in CI/CD environment variables during the March 2026 window.
Terminate all active Salesforce and AWS sessions for administrative and developer accounts to clear potential “foothold” access maintained via stolen session tokens.
Monitor dark web and leak sites for Cisco-related data appearing in underground markets (ShinyHunters deadline passed April 3).
Assess Salesforce environments for anomalous Aura API activity if Cisco is a platform partner.
Review self-hosted runners and connected cloud environments for unauthorized access.
Tighten third-party build dependency controls. Enforce version pinning and integrity verification.

Source:

https://socradar.io/blog/trivy-cisco-breach-shinyhunters/
https://socradar.io/blog/salesforce-data-breach-affecting-multiple-companies/
https://sec.cloudapps.cisco.com/security/center/resources/CRM-vishing

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.