Cisco has confirmed it’s investigating reports a hacker accessed networks and stole files, leaking them online, but says it has found no evidence so far.
The hacker, known as "IntelBroker", made the claim on BreachForums, a black-hat hacking site, suggesting the data was stolen on October 6, 2024.
“Today, I am selling the Cisco breach that recently happened (6/10/2024). Breached by IntelBroker, EnergyWeaponUser, and zjj," the post read.
According to the thread, the information for sale includes everything from GitHub and GitLab projects, source code, confidential documents, credentials and certificates, as well as AWS and Azure buckets, private and public keys, and much more. The data will be sold in exchange for cryptocurrency Monero.
It's unclear how the hack happened — if it indeed did — as Cisco is still investigating, and IntelBroker didn't divulge such details.
However, reports on Tuesday 15th suggested that the data was stolen by targeting a third-party managed services provider, which could explain why Cisco isn't seeing any evidence of the attack.
According to a BreachForums statement, the impact is far beyond Cisco, with a wide range of companies listed as being affected by the data breach.
This includes Verizon, AT&T, Bank of America, Barclays, British Telecom, Microsoft, Vodafone, and Chevron.
In a statement given to ITPro, a spokesperson for Cisco said it’s still in the process of probing the claims.
"Cisco is investigating reports that an unauthorized actor is alleging to have gained access to certain Cisco data and data of our customers," a Cisco spokesperson told ITPro.
"Cisco takes this allegation seriously and we have engaged law enforcement as part of this investigation.
RELATED WHITEPAPER
"To date, our investigation has found no evidence of our systems being impacted. We will notify customers where we confirm that the actor has obtained their confidential information,” the spokesperson added.
Earlier this year, Cisco admitted that state-sponsored attackers used zero-days in its firewalls to target government networks, and a cyber attack on a supplier for Cisco Duo's SMS and VOIP authentication service leaked customer data after being targeted by hackers.
Can IntelBroker be trusted on the Cisco claims?
While such claims aren't inherently trustworthy, the criminal operating under the IntelBroker brand has previously listed 80 tranches of leaked data for sale on BreachForums.
A June 2024 hack of AMD is attributed to IntelBroker, though the company said the breach was limited in scope.
The same month, IntelBroker claimed to have gotten hold of source code for internal Apple tools, while in May managed to nab data from Europol. Again though, the agency said the leak was limited and didn't contain operational details.
It's believed IntelBroker is based in Russia but is Serbian. Beyond that, IntelBroker reportedly now owns BreachForums as of August, as the site has changed hands multiple times amid targeting by authorities.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Cisco claims new smart switches provide next-level perimeter defenseNews Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
-
Cisco is jailbreaking AI models so you don’t have to worry about itNews Cisco's new AI Defense security solution helps organizations shore up LLM security by identifying potential flaws.
-
Cisco dispels Kraken data breach claims, insists stolen data came from old attackNews Cisco has refuted claims it has suffered a data breach after the Kraken threat group posted stolen data online.
-
Cisco patches critical flaws in Identity Services EngineNews Cisco has issued patches for a pair of critical vulnerabilities affecting its Identity Service Engine (ISE).
-
Your office is now absolutely riddled with surveillance equipmentNews While workplace monitoring is shown to have a detrimental effect on morale, many firms are still charging ahead
-
Cisco confirms attackers stole data, shuts down access to compromised DevHub environmentNews The tech giant insists that no sensitive customer information has been compromised
-
Rubrik partners with Cisco to bolster cyber resilience
News Rubrik now integrates with Cisco XDR and is listed on the connectivity giant’s SolutionsPlus program
-
Cisco: “AI is changing everything” – including securityNews Cisco has unveiled a series of updates to its security and monitoring software
