Hackers have published data claimed to have been stolen from a Cisco developer resource, after an alleged misconfiguration left software artifacts available on the public internet.
A well known threat actor has leaked 2.9 TB of data on the dark web, said to be part of a larger 4.5TB dataset, following up on their claims to have found an unprotected Cisco database which contained sensitive information relating to major telecommunications firms and banks.
On 14 October, notorious purveyor of stolen data IntelBroker listed Cisco on the underground dark web forum BreachForums, claiming it had stolen data from the networking giant that included production source code from a number of major organizations.
The list of companies affected by the breach includes Verizon, AT&T, Bank of America, Barclays, BT, Chevron, Microsoft, SAP, and Sprint Telecom.
IntelBroker stated the compromised data included GitHub, GitLab, and SonarQube projects; source code as well as confidential Cisco documents.
The hacker claimed to have stolen hard-coded credentials, SSL certificates, Jira tickers, API tokens, AWS private buckets, Azure storage buckets, and private keys.
Responding to IntelBroker’s claims, Cisco stated the incident was the result of a misconfiguration of its public-facing DevHub resource that meant attackers could access files that were not intended for public download.
Cisco said it immediately removed public access to the DevHub and launched an investigation into the incident, adding it found none of its internal systems or enterprise environments were compromised.
IntelBroker, who argued it still had access to the data until 18 October, provided evidence to one outlet showing that it used an exposed JFrog token to access the data.
On 17 December, Intel Broker made 2.9GB of the data publicly available, stating the leaked files also contained information linked to a number of Cisco products.
This includes code relating to Cisco’s secure access service edge (SASE), its cloud-delivered identity services engine (ISE), Webex collaboration suite, Umbrella cloud-based DNS security product, IOS XE & XR networking operating systems, and its Catalyst series networking equipment.
This is part of a larger 4.5TB tranche of data IntelBroker claims to have in its possession, stating it hoped the 2.9GB sample “proves the legitimacy of the breach to others wanting to buy the full version”.
Cisco responded to the claims, maintaining that it was still confident there was no breach to its systems, and the information did not pose a threat to its products.
“As noted in prior updates, we are confident that there has been no breach of our systems, and we have not identified any information in the content that an actor could have used to access any of our production or enterprise environments.”
ITPro has approached Cisco for comment on these most recent developments but did not immediately receive a response.
-
Why are many men in tech blind to the gender divide?In-depth From bias to better recognition, male allies in tech must challenge the status quo to advance gender equality
-
BenQ PD3226G monitor reviewReviews This 32-inch monitor aims to provide the best of all possible worlds – 4K resolution, 144Hz refresh rate and pro-class color accuracy – and it mostly succeeds
