Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Cisco confirms cyber attack but says systems not breached

Cisco has confirmed that data was stolen in a cyber attack last month after threat actors claimed to have accessed its systems.

user icon Daniel Croft
Wed, 06 Nov 2024
Cisco confirms cyber attack but says systems not breached
expand image

Last month, IntelBroker, an infamous threat actor and leader of the CyberN-----s threat group, claimed to have accessed Cisco’s systems and exfiltrated data belonging to the company and its clients.

Now, Cisco has said that while threat actors did not breach its systems, the threat actor downloaded data belonging to a number of its customers after accessing a public-facing DevHub environment.

This environment allows Cisco to make scripts and software code more readily available for customers.

============
============

“We have determined that the data in question was hosted on our public-facing DevHub site – a Cisco resource centre that enables us to support our community by making software code, scripts, etc., publicly available for customers and other DevHub users,” said Cisco.

“The vast majority of the information on our DevHub site is software artifacts (e.g., software code, templates, and scripts) that we intentionally make publicly available.”

While Cisco did not name the customers, IntelBroker did name a number of companies that allegedly “had their production source codes taken”, including Vodafone Australia, National Australia Bank (NAB), Microsoft, Bank of America, AT&T, and more. It is unclear if these are the “limited set” of customers Cisco is referring to.

Cisco also added that it did identify that there were files exfiltrated and published “that were not intended for public download” but were published on the DevHub environment as a “configuration error”, which has since been fixed.

“These files were not discoverable or indexed by search engines, such as Google,” it said.

Access to the DevHub has since been disabled.

Cisco continues to review the incident, adding that it has not yet “identified any information in the content that an actor could have used to access any of our production or enterprise environments”.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.