HQ/EMEAFind out how we can help your business
The Cisco store that sells company-themed products is now down and under maintenance after threat actors compromised the domain using malicious JavaScript malware that stole sensitive customer information submitted at checkout.
Based on initial reports, the company’s website for selling company-themed products is temporarily unavailable and under maintenance since a security breach involving JS code that steals critical details submitted upon checkout.
Researchers have yet to determine how the malicious JavaScript infiltrated Cisco’s shop, but a separate research group claimed that the attack was caused by the CosmicSting operation, which exploited a vulnerability.
The affected website is a gift shop that sells Cisco-branded clothes and accessories. After the disruption, various domains from different countries became accessible. The countries confirmed to have suffered include the United States, Japan, China, the Asia Pacific, and European nations.
The attackers who used the malicious JavaScript to compromise the Cisco store might have executed the campaign over the weekend.
Investigations revealed that the Cisco store attackers heavily concealed the malicious JavaScript and delivered it through the domain dubbed rextension.[net]. The attackers allegedly released the domain on August 30, implying the compromise happened over the weekend.
In addition, the researchers claimed that the primary goal of the attack was to steal data provided by customers during the checkout process. Hence, the targeted data could include credit card information since the site requires online purchases.
Still, further assessment of the campaign revealed that it can steal other details, such as the user’s postal address, phone number, email address, and login credentials. Separate research also believes that the threat actors most likely exploited the CosmicSting vulnerability to inject malicious JavaScript into Cisco’s store.
CosmicSting is a critical-severity security flaw that impacts the Adobe Commerce e-commerce platform. An attack is affected if it can inject HTML or JavaScript code into CMS blocks rendered throughout the checkout sequence.
Since employees frequently use the Cisco store to purchase products for themselves or as gifts, an attack could allow malicious operators to acquire Cisco employee credentials. As of now, Cisco has yet to release a statement regarding this incident; therefore, potentially compromised employees or users should stay updated about this developing story.
