Cisco confirms cyber attack but says systems were not breached
Cisco confirmed that data was stolen in a cyberattack last month after malicious actors claimed to have accessed its systems.
Last month, IntelBroker, a notorious threat actor and leader of the CyberN—–s threat group, claimed to have accessed Cisco systems and exfiltrated data belonging to the company and its customers.
Today, Cisco said that while the threat actors did not breach its systems, they downloaded data belonging to a number of its customers after accessing a public DevHub environment.
This environment allows Cisco to make scripts and software code more easily accessible to customers.
“We determined that the data in question was hosted on our public DevHub site – a Cisco resource center that allows us to support our community by making software code, scripts, etc., publicly available to customers and other users from DevHub. » Cisco said.
“The vast majority of information on our DevHub site are software artifacts (e.g., software code, templates, and scripts) that we intentionally make publicly available.”
Although Cisco did not name the customers, IntelBroker named a number of companies that allegedly “had their production source codes confiscated”, including Vodafone Australia, National Australia Bank (NAB), Microsoft, Bank of America, AT&T , etc. It’s unclear whether this is the “limited set” of customers that Cisco is referring to.
Cisco also added that it identified exfiltrated and published files “that were not intended for public upload” but were published to the DevHub environment as a “configuration error”, which has since been corrected.
“These files could not be discovered or indexed by search engines, such as Google,” he said.
Access to the DevHub has since been disabled.
Cisco continues to review the incident, adding that it has not yet “identified any information in the content that an actor could have used to access any of our production or enterprise environments.”