Cisco is investigating claims that hackers led by IntelBroker caused a data breach at the company. Meanwhile, the hackers allegedly offered stolen data from the tech giant for sale on a hacker forum.
Well-known hacker group IntelBroker, along with criminal colleagues EnergyWeaponUser and Zjj, allegedly hacked Cisco in June, Bleeping Computer writes. According to themselves on a hacker forum, they allegedly captured a large amount of developer data in this attack.
This included data from GitHub, GitLab, and SonarQube projects, source code, hard-coded login credentials, certificates, customer SRCs, confidential Cisco documents, Jira tickets, API tokens, AWS private buckets, Cisco Technology SRCs, Docker builds, Azure Storage buckets, private and public keys, SSL certificates, Cisco Premium products and more.
As evidence, IntelBroker posted examples of the stolen data online, including a database, customer information, various customer documents, and screenshots of CRM portals. How the hackers gained access to Cisco’s systems is not known.
Cisco response
In response, Cisco confirms that it is currently investigating a possible data breach caused by the claimed attack. The company states that it is familiar with hackers’ attempts to gain access to Cisco-related documents.
IntelBroker allegedly stole data from several companies in June of this year through a series of large attacks. Among others, T-Mobile, AMD, and Apple were targets. These attacks allegedly resulted from an intrusion through a third-party provider of managed services for DevOps and software development. Whether these earlier attacks are related to the current Cisco hack is unknown.
Also read: Two hacker groups break into AMD and put data up for sale