A supply chain compromise of the open-source security scanner Trivy served as the initial access vector into Cisco’s internal development and build environment. A subsequent extortion campaign by threat group ShinyHunters has escalated the incident’s potential scope significantly.
Severity: High
Incident Details
- Stage 1: Initial Credential Theft
Credentials were stolen on or around March 1, 2026, giving attackers an early foothold. - Stage 2: Trivy Supply Chain Poisoning (March 20, 2026)
Aqua Security confirmed that threat actors used those compromised credentials to publish a malicious Trivy v0.69.4 release and tamper with two related components: trivy-action and setup-trivy. Attribution points to a group called TeamPCP. - Stage 3: Cisco Environment Breach
Attackers leveraged credentials exposed through the poisoned Trivy pipeline to penetrate Cisco’s internal dev/build environment. Reported impact: AWS keys stolen, 300+ GitHub repositories cloned, including source code tied to AI projects and repositories allegedly linked to corporate customers. - Stage 4: ShinyHunters Extortion (March 31, 2026)
ShinyHunters published an extortion post with an April 3, 2026, deadline, claiming three distinct breach vectors against Cisco: UNC6040, Salesforce Aura, and AWS accounts.
Threat Actor Profiles
| Actor | Role | Notes |
| TeamPCP | Supply chain attacker | Attributed by multiple security teams to the Trivy compromise |
| ShinyHunters | Extortion group | Known recidivist group; published leak-site post with April 3 deadline |
| UNC6040 | Access broker/vector | Referenced as one of three breach paths in ShinyHunters’ post |
Alleged Stolen Assets
| Asset Type | Claimed Volume | Verification Status |
| Salesforce records (PII) | 3M+ records | Unverified – threat actor claims only |
| GitHub repositories | 300+ cloned | Partially confirmed via Trivy breach disclosure |
| AWS keys/EC2/S3 buckets | Unspecified | Screenshots only – dated March 16–17, 2026 |
| AI-related source code | Unspecified | Reported, not independently confirmed |
Broader Impact & Lateral Risk
The campaign was not limited to Cisco. Any organization with Trivy embedded in their CI/CD pipeline during the compromise window is a potential victim. The poisoned component could have exfiltrated secrets, tokens, and cloud credentials across many downstream environments.
Recommendations
- Ensure all CI/CD pipelines have purged Trivy v0.69.4 and associated tampered actions (trivy-action, setup-trivy). Roll back to a known-secure version or move to the latest patched release after verifying its checksum.
- Immediately rotate all AWS access keys, GitHub Personal Access Tokens (PATs), and Salesforce OAuth tokens. Prioritize any credentials that were present in CI/CD environment variables during the March 2026 window.
- Terminate all active Salesforce and AWS sessions for administrative and developer accounts to clear potential “foothold” access maintained via stolen session tokens.
- Monitor dark web and leak sites for Cisco-related data appearing in underground markets (ShinyHunters deadline passed April 3).
- Assess Salesforce environments for anomalous Aura API activity if Cisco is a platform partner.
- Review self-hosted runners and connected cloud environments for unauthorized access.
- Tighten third-party build dependency controls. Enforce version pinning and integrity verification.
Source:
- https://socradar.io/blog/trivy-cisco-breach-shinyhunters/
- https://socradar.io/blog/salesforce-data-breach-affecting-multiple-companies/
- https://sec.cloudapps.cisco.com/security/center/resources/CRM-vishing
Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn
No related posts found.