Cisco confirms ongoing probe into alleged data breach

UPDATED Cisco has confirmed it’s investigating claims of stealing — and now promoting — knowledge belonging to the networking big.

This allegedly features a ton of delicate Switchzilla information, based on prolific extortionist IntelBroker — the moniker for one in every of a number of cyber criminals who allegedly personal and function BreachForums. 

On Monday, the info thief bragged about not too long ago breaching Cisco with some assist from a few different scumbag buddies, and provided on the market on the darkweb souk a laundry record of personal Cisco knowledge: GitHub and GitLab initiatives, SonarQube initiatives, supply code, hardcoded credentials, confidential paperwork, Jira tickets, API tokens, AWS non-public buckets, Docker builds, Azure storage buckets, non-public and public keys, SSL certificates, and product info. 

The Register reached out to Cisco to verify the breach, and a spokesperson despatched us the next assertion by way of electronic mail:

The spokesperson declined to reply particular questions concerning the alleged intrusion, together with when it occurred (if it occurred in any respect). 

IntelBroker, which claimed to be working with two different digital intruders who go by EnergyWeaponUser and zjj, stated the breach occurred June 10. IntelBroker and EnergyWeaponUser additionally purportedly labored collectively to steal and promote AMD inside communications again in August.

In the latest Cisco heist, the trio claimed to have scooped up a ton of main clients’ supply code — however, take into account, that is the phrase of a prison, so we aren’t suggesting it is essentially true. The Register has not verified the allegedly stolen information.

The handfuls of corporations that IntelBroker lists amongst these affected embody AT&T, Verizon, T-Cell US, Chevron, Microsoft, Vodafone and SAP, amongst many others. The Register reached out to the named orgs. We did not instantly hear again from anybody apart from SAP.

“SAP is conscious of the current publish on BreachForum Darkish Internet relating to the Cisco Information Breach from June 10, 2024 and our safety specialists are collaborating with enterprise companions to analyze these claims,” a spokesperson stated. “The investigation is ongoing.”

One other alleged sufferer on the BreachForums’ record stated there’s “no proof” that the crooks nabbed something from them within the supposed knowledge heist.

It is unclear if this newest break-in is said to a September CosmicSting assault throughout which criminals compromised Cisco’s Magento-based merch web site. On the time, a Cisco spokesperson informed us the flaw had since been mounted, “the difficulty impacted solely a restricted variety of web site customers, and people customers have been notified. No credentials have been compromised.”

No matter if the crooks’ boasts change into true, we now have to imagine that IntelBroker has painted a really massive goal on their again by now after additionally purporting to hawk delicate data belonging to AMD, the US Military Aviation and Missile Command, Europol, the Pentagon and different nationwide safety businesses. ®

UPDATED AT 22:00 UTC October sixteenth

Cisco has despatched The Reg the next assertion:

“Cisco is investigating reviews that an unauthorized actor is alleging to have gained entry to sure Cisco knowledge and knowledge of our clients. Cisco takes this allegation severely and we now have engaged regulation enforcement as a part of this investigation. Thus far, our investigation has discovered no proof of our methods being impacted. We are going to notify clients the place we verify that the actor has obtained their confidential info. Clients with issues can contact PSIRT@cisco.com.”