Second threat actor claims Cisco data breach
Cisco’s network was allegedly breached for a second time a few weeks after the company’s data was put up for sale online.
Last month, IntelBroker, a notorious threat actor and leader of the CyberN—–s threat group, claimed to have accessed Cisco systems and exfiltrated data belonging to the company and its customers.
IntelBroker has listed a handful of companies whose production source codes were allegedly confiscated, including Vodafone Australia, National Australia Bank (NAB), Microsoft, Bank of America, AT&T, and more.
Today, a malicious actor going by the nickname “Cas” claimed to have breached Cisco’s systems in a post on a popular hacking forum.
“Yeah, I hacked Cisco after IntelBroker,” the threat actor said.
“I’m here to sell user/netuser access to everyone. It contains many elements, such as templates containing network credentials, keys and much more. I didn’t dig deep.
Cas also released proof of the breach, which was inaccessible at the time of writing.
Although Cyber Daily has not been able to verify whether or not the latest incident is related to the IntelBroker breach, the data that Cas claims was exfiltrated varies from the previous incident.
In reference to the IntelBroker data breach, Cisco confirmed the incident but emphasized that its own network was secure and that the threat actors had breached a third party.
“We determined that the data in question was hosted on our public DevHub site – a Cisco resource center that allows us to support our community by making software code, scripts, etc. available. publicly available to customers and other DevHub users.” Cisco said.
“The vast majority of information on our DevHub site are software artifacts (e.g., software code, templates, and scripts) that we intentionally make publicly available.”
Access to the DevHub has since been disabled.
Cisco continues to review the incident, adding that it has not yet “identified any information in the content that an actor could have used to access any of our production or enterprise environments.”