Cisco Data Breach: Source Code Allegedly Leaked!
In October, the infamous hacker IntelBroker claimed to have infiltrated Cisco’s systems, gaining access to source code, certificates, credentials, confidential documents, encryption keys, and other sensitive information. The hacker alleged that the obtained source code was linked to several major companies.
However, Cisco’s investigation determined that its systems were not breached. Instead, the data was accessed from a public-facing DevHub environment, a resource hub where customers can download source code, scripts, and other materials. While most of the content on the DevHub was public, Cisco acknowledged that some files, intended to remain private, were mistakenly made accessible due to a configuration error. Among the accessed files were materials related to certain CX Professional Services customers.
Initially, Cisco stated there was no evidence that confidential or sensitive personal information had been compromised. However, this statement has since been removed from their incident reports.
In an effort to validate their claims and attract buyers for the remaining data, IntelBroker released a portion of the dataset. The 2.9GB leak reportedly contains sensitive components, including:
Cisco ISE (Identity Services Engine): Network access control and identity management.
Cisco SASE (Secure Access Service Edge): Cloud-based secure networking and access solutions.
Cisco Webex: Collaboration tools for video conferencing and messaging.
Cisco Umbrella: DNS security platform to block malicious domains.
Cisco IOS XE & XR: Operating systems for advanced network programmability.
Cisco C9800-SW-iosxe-wlc.16.11.01: Wireless LAN Controller software for Catalyst platforms.
A screenshot shared on Breach Forums highlights the leaked files and IntelBroker's claims, adding credibility to the incident.
The hacker further claimed to have downloaded 4.5 TB of data from the DevHub. IntelBroker previously asserted that a total of 800 GB of files were acquired, though the hacker is known for exaggerating such claims.
Following IntelBroker’s latest leak, Cisco stated on Tuesday that it is aware of the hacker’s claims and believes the referenced files match those identified in their prior investigation.
“As noted in earlier updates, we remain confident that our systems were not breached. Furthermore, we have found no information in the leaked content that could have been used to access our production or enterprise environments,” Cisco emphasized.
IntelBroker is a threat actor known for orchestrating high-profile data breaches targeting companies like Apple, Zscaler, and Facebook Marketplace. They have a reputation for selling access to compromised systems and data on underground forums like BreachForums. IntelBroker has claimed responsibility for breaches involving government agencies such as Europol, the U.S. Department of Transportation, and the Pentagon, leaking sensitive information and classified documents. The actor has been linked to breaches at companies like Acuity, General Electric, and Home Depot, showcasing a pattern of targeting critical infrastructure and major corporations.
Cyber Security Professional || Project & Product Manager || Product Designer || Digital Strategist || Campus Activities Coordinator at Google Developers Group Bangla (GDG Bangla)
3hThis incident highlights the critical need for secure configuration management and regular audits of public-facing systems. It serves as a reminder that even minor misconfigurations can be exploited by threat actors like IntelBroker, emphasizing the importance of vigilance in protecting sensitive data.
As someone pivoting into cybersecurity, I approach the field with a fresh perspective shaped by years of experience in employee management, administration, and stakeholder relations. My focus has always been on ensuring organizational efficiency and meeting business objectives. One observation I’ve made in my career is that as businesses scale, they prioritize customer satisfaction by making services more accessible and seamless. While this is a natural and essential evolution, it also introduces significant vulnerabilities, creating entry points for potential threats. Cybersecurity, in my view, must strike a balance between accessibility and robust protection. My goal is to bring this business-minded perspective into the cybersecurity space, understanding that effective solutions must not only secure systems but also align with the business’s growth and customer experience goals.
Clastran's Customer Service Manager | Notary Public, Logistics, Customer Service
9hDebriefing is very important when an employee is terminated is very important. It is imperative only cleared and vetted eyes are exposed to sensitive information. Those parameters should be taken seriously when it comes to exposure.
Author, Writer, Speaker
11hRegardless of whether the event was real or merely faked for reasons of notoriety, this story underscores the importance of open-source software. The old "security through obscurity" adage has long since been debunked. While measures of obscurity including on-the-fly-decryption during execution protects proprietary software from casual snooping and pilfering, it does not protect it from reverse engineering. Kerckhoffs' principle is based on the idea that an enemy can steal a secure military system and not be able to compromise the information. His ideas were the basis for many modern security practices, and followed that security through obscurity is a bad practice." Meanwhile, open-source software has made considerable advances in security. With an abundances of white hat eyes looking into the code, hidden issues are quickly discovered. Final point: Much of the best software running the world is open-source, including my favorite example, PostgreSQL.