Hackers Launch Second Batch of Stolen Cisco Information

IN THIS ARTICLE:

• Hackers’ Claims: IntelBroker launched a second batch of extracted Cisco information, amounting to 4.84 GB, from the October 2024 breach, claiming it’s a part of a 4.5 TB trove.

• Leaked Information Contents: The information consists of delicate recordsdata equivalent to software program artifacts, community configurations, testing logs, cloud server photographs, and cryptographic signatures, exposing mental property and operational insights.

• Misconfigured Useful resource Exploitation: The information originated from a misconfigured, public-facing DevHub useful resource left uncovered with out password safety, permitting hackers to obtain it.

• Cisco’s Response: Cisco acknowledged the incident, said public entry was disabled, and confirmed no servers have been breached or delicate information compromised, although hackers contest this declare.

• IntelBroker’s Monitor Document: The hacker, recognized for breaching Apple, AMD, Europol, and others, highlights ongoing exploitation of misconfigured techniques, a persistent situation in cybersecurity.

Hackers have launched what they declare to be the second batch of information stolen within the alleged Cisco information incident from October 2024. In keeping with IntelBroker, the hacker behind the breach, the most recent leak, printed on Christmas Eve on Breach Boards, accommodates 4.84 GB of information, a part of an allegedly stolen 4.5 TB.

As seen by Hackread.com, the leaked information features a trove of delicate recordsdata, equivalent to proprietary software program growth artifacts like Java binaries, supply code, and utility archives; network-related recordsdata together with Cisco XRv9K digital router photographs and configurations; testing logs and scripts; operational information equivalent to Zero Contact Provisioning (ZTP) logs and packages; cloud server disk photographs; and cryptographic signatures for fee SDKs like Weixin Pay.

Moreover, the leak accommodates configuration recordsdata, inner mission archives, and different miscellaneous paperwork, probably exposing mental property, community configurations, and operational insights.

Background

Notably, the leaked information originates from a misconfigured, public-facing DevHub useful resource that Cisco reportedly left uncovered with out password safety or safety authentication, enabling the hackers to obtain your complete dataset in October 2024.

IntelBroker who accessed the misconfigured server claims they managed to extract 4.5TB of knowledge. The primary a part of the info leak, which included 2.9 GB of recordsdata, was printed on December 17, 2024.

Cisco’s Response

Cisco acknowledged (PDF) the October 2024 incident and said that public entry was disabled. The corporate additionally confirmed that none of its servers have been breached and no delicate information was compromised. Nevertheless, the hackers declare in any other case, notably concerning the extracted information.

Concerning the most recent leak, Cisco famous on its incident response web page that it’s conscious of the claims made by IntelBroker, asserting that the info printed this time additionally stems from the October 14, 2024, incident.

“On Wednesday, December 25, 2024, at 17:07 EST, the threat actor IntelBroker posted on X about releasing more data. At 17:40 EST, IntelBroker released 4.45 GB of data for free on BreachForums. We have analyzed the post data, and it aligns with the known data set from October 14, 2024.”

Cisco

Intel Dealer and Earlier Breaches

Intel Dealer is understood for high-profile information breaches. In June 2024, the hacker claimed to have breached Apple Inc., stealing supply code for inner instruments. The identical hacker boasted about breaching AMD (Superior Micro Units, Inc.), and stealing worker and product data.

In Could 2024, Intel Dealer hacked Europol, a breach that the company later confirmed. A number of the hacker’s earlier information breaches are listed beneath:

However, the partial leak goes on to indicate ongoing exploitation of misconfigured techniques and uncovered information. The size of exploitation is obvious, as even high-profile hackers like ShinyHunters and Nemesis have focused misconfigured servers and S3 buckets.

RELATED TOPICS

1. IntelBroker Declare Entry to Nokia Inner Information, Promoting for $20K
2. Europol Hacked: IntelBroker Claims Main Legislation Enforcement Breach
3. IntelBroker Area-Eyes Breach, Concentrating on US Nationwide Safety Information
4. IntelBroker Claims Breach of High Cybersecurity Agency, Promoting Entry
5. AMD Information Breach: IntelBroker Claims Theft of Worker, Product Data