Cisco has confirmed that it is currently investigating after threat actors claimed to have stolen a large amount of confidential data in a cyberattack on October 6, 2024. The attackers offered the allegedly stolen data for sale on a hacker forum.
A spokesperson for the US technology company told BleepingComputer: “Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files. We have launched an investigation to assess this claim, and our investigation is ongoing.”
According to the threat actors, the stolen data encompasses a wide range of sensitive information, including Github and Gitlab projects, source code, hardcoded credentials, certificates, custom SRCs, confidential Cisco documents, Jira tickets, API tokens, private AWS buckets, Docker builds, Azure storage buckets, private and public keys, SSL certificates, and Cisco premium products.
To substantiate their claims, IntelBroker shared samples of the allegedly stolen data on the hacker forum, comprising a database, customer information, various customer documentation, and screenshots of customer management portals. However, they did not disclose any further details regarding the execution of the attack.
Possible connection to previous attacks
Interestingly, this incident may be linked to a series of cyberattacks that occurred in June, when IntelBroker began selling or leaking data from several companies, including T-Mobile, AMD, and Apple. According to BleepingComputer, Industry experts suspect that the data from these attacks was obtained through a breach of a third-party provider of DevOps and software development services. However, it remains unclear whether the current incident at Cisco is connected to these previous attacks.