Recently, Cisco has initiated an investigation into claims of a potential data breach following reports that a threat actor is attempting to sell stolen Cisco-related data on a hacking forum.
According to a Cisco representative, "Cisco is aware of reports alleging unauthorised access to specific Cisco-related files. We are actively investigating this claim, and our investigation is ongoing."
The situation emerged after a well-known threat actor, "IntelBroker," alongside collaborators “EnergyWeaponUser” and “zjj,” asserted that they had breached Cisco’s systems on June 10, 2024. Allegedly, the breach exposed a significant amount of sensitive developer data, as detailed in IntelBroker’s forum post.
The post lists a wide range of potentially compromised assets, including:
• GitHub and GitLab projects
• SonarQube data
• Source code and hard-coded credentials
• SSL certificates and API tokens
• Private and public encryption keys
• Various Cisco confidential documents and customer management data
IntelBroker provided sample data purportedly taken from Cisco’s systems, including screenshots of customer portals and customer-related documentation. However, specific details on how the data was accessed have not been disclosed by the threat actor.
IntelBroker's recent activity is part of a broader trend observed in June, when the actor began distributing data linked to companies like T-Mobile, AMD, and Apple. Sources familiar with the situation indicate that the data may have been accessed through a third-party managed services provider specialising in DevOps and software development support.
It remains unclear if the Cisco incident is connected to these previous breaches. Cisco’s ongoing investigation aims to uncover the origin and impact of the alleged breach, while BleepingComputer has reached out to the third-party vendor for additional information but has yet to receive a response.
As Cisco’s investigation unfolds, IT professionals and organisations using Cisco’s technologies should stay vigilant, reviewing security configurations and monitoring any unusual activity in their environments.
