Cisco recently confirmed that it has investigated reports of a hacker who allegedly accessed networks and stole files and has purportedly leaked them online, and it says it has found no evidence of a breach.
The alleged breach pertains to the actions of the hacker known as "IntelBroker” who claimed in a post on a dark web site BreachForums that it committed the breach on October 6, 2024
According to the thread, the information for sale includes everything from GitHub and GitLab projects, source code, confidential documents, credentials and certificates, as well as AWS and Azure buckets, private and public keys, and much more. The data will be sold in exchange for cryptocurrency Monero.
Subsequent reports suggested that the data was stolen by targeting a third-party managed services provider, which could explain why Cisco has not seen any evidence of the attack. The BreachForums statement added that the breach’s impact goes far beyond Cisco, with companies such as Verizon, AT&T, Bank of America, Barclays, British Telecom, Microsoft, Vodafone, and Chevron said to be affected as well.
However, Cisco stated that in its investigation, the incident was not a breach but an error wherein certain files not intended for public download were inadvertently published on Cisco’s site as a result of a configuration error. Cisco, in its investigation, concluded that there was no breach and the information that was inadvertently published did not contain information that an actor could have used to access any of its production or enterprise environments.
It must be noted that in early 2024, Cisco admitted that state-sponsored attackers used zero-days in its firewalls to target government networks, and a cyber attack on a supplier for Cisco Duo's SMS and VOIP authentication service leaked customer data after being targeted by hackers.
And while Cisco has vehemently refuted IntelBroker’s claims, IntelBroker has previously listed 80 tranches of leaked data for sale on BreachForums, such a tranche in June 2024 linked to AMD’s data, which the company admitted but stated that the breach was limited in scope. IntelBroker also claimed to have gotten hold of source code for internal Apple tools, as well as data from Europol. Again though, authorities stated that the leak was limited and didn't contain operational details.
It's believed IntelBroker is a Serbian based in Russia and reportedly now owns BreachForums as of Augus 2024, as the site has changed hands multiple times amid targeting by authorities.
Comments