Technology giant Cisco Systems, Inc. has confirmed that it is investigating recent allegations of a significant data breach after a threat actor started selling what is claimed to be stolen data on a hacking forum, according to a new report from BleepingComputer.
“Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files. We have launched an investigation to assess this claim, and our investigation is ongoing,โ aย Cisco spokesperson told BleepingComputer without disclosing specific information regarding the nature or extent of the alleged breach.
This confirmation statement from Cisco comes after “IntelBroker,” a well-known threat actor behind high-profile data breaches, alleged that he, along with two other hackers named “EnergyWeaponUser” and “zjj,” carried out a cyberattack and gained unauthorized access to Cisco Systems on June 10, 2024.
In a post on the cybercrime platformย Breach Forums, the hacker stated that a large amount of sensitive information was stolen from the companyโs systems during the breach.
“Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!,” reads the post to a hacking forum.
To prove its claim, IntelBroker shared samples of the alleged stolen data, which included a database, customer information, various customer documentation, andย screenshots of customer management portals. However, the threat actor did not provide further information regarding the methods used to gain access to Ciscoโs systems.
In a recent update, IntelBroker also shared a list of major global firms, including Verizon, AT&T, and Microsoft, from where it has stolen sensitive information during the breach, which is reportedly now being offered on sale on Breach Forums in exchange for Monero (XMR), a cryptocurrency known for its privacy features.
The hacker also indicated that they are open to using a middleman to facilitate the sale, ensuring anonymity for both the buyer and seller. Cybercriminals frequently use this method to ensure anonymity during the sale process and avoid detection and tracking by authorities.
In June, IntelBroker allegedly stole data from several companies, includingย T-Mobile,ย AMD, and Apple.
This apparently resulted from an intrusion through a third-party managed services provider for DevOps and software development, said the sources familiar with the attack on BleepingComputer.
It is unknown if the previous June breaches are related to the current Cisco breach.