Share this article on:
Networking hardware and software manufacturer Cisco has informed media that it is aware of claims that threat actors breached its systems and exfiltrated data belonging to it and its customers.
Earlier this week, infamous threat actor IntelBroker posted on a popular dark web hacking forum, claiming to have breached the systems of Cisco with the assistance of two other threat actors, EnergyWeaponUser and zjj.
Now, Cisco has told several media outlets that it is aware of the incident and has launched an investigation.
“Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files,” said the Cisco spokesperson.
“We have launched an investigation to assess this claim, and our investigation is ongoing.”
According to reports, Cisco declined to answer any other questions relating to the incident, including whether or not it actually happened.
The breach allegedly occurred on 06/10/24 (likely 6 October, following the DD/MM/YY format Russia uses, the country where IntelBroker is based), and resulted in a wealth of data being leaked, including “Github projects, Gitlab Projects, SonarQube projects, source code, hard-coded credentials, certificates, customer SRCs, Cisco confidential documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!”
The production source code of a large number of organisations, including Vodafone Australia, National Australia Bank (NAB) and Microsoft, was also allegedly leaked. Cyber Daily has not been able to verify these claims.
This is a developing story. Cyber Daily will provide an update as the investigation progresses.