Cisco confirms investigation amid data breach claims

Cisco logo pictured at the SK telecom booth on day 1 of the GSMA Mobile World Congress on February 28, 2022 in Barcelona, Spain
(Image credit: Getty Images)

Cisco has confirmed it’s investigating reports a hacker accessed networks and stole files, leaking them online, but says it has found no evidence so far.

The hacker, known as "IntelBroker", made the claim on BreachForums, a black-hat hacking site, suggesting the data was stolen on October 6, 2024.

“Today, I am selling the Cisco breach that recently happened (6/10/2024). Breached by IntelBroker, EnergyWeaponUser, and zjj," the post read.

According to the thread, the information for sale includes everything from GitHub and GitLab projects, source code, confidential documents, credentials and certificates, as well as AWS and Azure buckets, private and public keys, and much more. The data will be sold in exchange for cryptocurrency Monero.

It's unclear how the hack happened — if it indeed did — as Cisco is still investigating, and IntelBroker didn't divulge such details.

However, reports on Tuesday 15th suggested that the data was stolen by targeting a third-party managed services provider, which could explain why Cisco isn't seeing any evidence of the attack.

According to a BreachForums statement, the impact is far beyond Cisco, with a wide range of companies listed as being affected by the data breach.

This includes Verizon, AT&T, Bank of America, Barclays, British Telecom, Microsoft, Vodafone, and Chevron.

In a statement given to ITPro, a spokesperson for Cisco said it’s still in the process of probing the claims.

"Cisco is investigating reports that an unauthorized actor is alleging to have gained access to certain Cisco data and data of our customers," a Cisco spokesperson told ITPro.

"Cisco takes this allegation seriously and we have engaged law enforcement as part of this investigation.

RELATED WHITEPAPER

"To date, our investigation has found no evidence of our systems being impacted. We will notify customers where we confirm that the actor has obtained their confidential information,” the spokesperson added.

Earlier this year, Cisco admitted that state-sponsored attackers used zero-days in its firewalls to target government networks, and a cyber attack on a supplier for Cisco Duo's SMS and VOIP authentication service leaked customer data after being targeted by hackers.

Can IntelBroker be trusted on the Cisco claims?

While such claims aren't inherently trustworthy, the criminal operating under the IntelBroker brand has previously listed 80 tranches of leaked data for sale on BreachForums.

A June 2024 hack of AMD is attributed to IntelBroker, though the company said the breach was limited in scope.

The same month, IntelBroker claimed to have gotten hold of source code for internal Apple tools, while in May managed to nab data from Europol. Again though, the agency said the leak was limited and didn't contain operational details.

It's believed IntelBroker is based in Russia but is Serbian. Beyond that, IntelBroker reportedly now owns BreachForums as of August, as the site has changed hands multiple times amid targeting by authorities.

TOPICS