Cisco has confirmed that it is investigating reports of a data breach after a threat actor began offering allegedly stolen company data for sale on a hacking forum.
As per a report in BleepingComputer, the investigation was launched following claims made by a well-known hacker identified as “IntelBroker.”
“Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files,” a Cisco spokesperson said. “We have launched an investigation to assess this claim, and our investigation is ongoing.”
Detailed allegations of Cisco data breach
The allegations emerged after IntelBroker claimed, along with two others identified as “EnergyWeaponUser” and “zjj,” to have breached Cisco’s systems on 10 June 2024, obtaining a significant amount of developer-related data.
IntelBroker’s post on a hacking forum indicated that the compromised data includes “GitHub projects, GitLab projects, SonarQube projects, source code, hard-coded credentials, certificates, customer SRCs, Cisco confidential documents, Jira tickets, API tokens, AWS private buckets, Cisco technology SRCs, Docker builds, Azure storage buckets, private and public keys, SSL certificates, Cisco premium products, and more.” Samples shared by the hacker included a database, customer information, various documentation, and screenshots of customer management portals.
In a recent update, IntelBroker claimed that the breach also involved stealing sensitive information from other major global firms, including Verizon, AT&T, and Microsoft. The stolen data is now reportedly being offered for sale on the cybercrime platform Breach Forums, where IntelBroker specified that the transaction would be conducted in exchange for Monero (XMR), a cryptocurrency favoured for its privacy features.
The hacker indicated openness to using a middleman to facilitate the sale, ensuring anonymity for both the buyer and seller. This method is commonly used by cybercriminals to evade detection by authorities.
IntelBroker, notorious for high-profile data breaches, previously claimed responsibility for compromising other major companies. In June 2024, IntelBroker stated they had breached Apple, stealing source code for internal tools, and had also breached Advanced Micro Devices (AMD), acquiring employee and product information. In May 2024, IntelBroker also claimed to have hacked Europol, a breach that the agency later confirmed.
No specific details were provided by IntelBroker regarding the methods used to obtain the data. Sources familiar with the attacks told BleepingComputer that the stolen data came from a third-party managed services provider specialising in DevOps and software development.
It remains uncertain if the reported Cisco breach is related to the earlier incidents from June.
Read more: Cisco patches vulnerability allowing attackers to change admin passwords
