Share this article on:
Cisco has confirmed that data was stolen in a cyber attack last month after threat actors claimed to have accessed its systems.
Last month, IntelBroker, an infamous threat actor and leader of the CyberN-----s threat group, claimed to have accessed Cisco’s systems and exfiltrated data belonging to the company and its clients.
Now, Cisco has said that while threat actors did not breach its systems, the threat actor downloaded data belonging to a number of its customers after accessing a public-facing DevHub environment.
This environment allows Cisco to make scripts and software code more readily available for customers.
“We have determined that the data in question was hosted on our public-facing DevHub site – a Cisco resource centre that enables us to support our community by making software code, scripts, etc., publicly available for customers and other DevHub users,” said Cisco.
“The vast majority of the information on our DevHub site is software artifacts (e.g., software code, templates, and scripts) that we intentionally make publicly available.”
While Cisco did not name the customers, IntelBroker did name a number of companies that allegedly “had their production source codes taken”, including Vodafone Australia, National Australia Bank (NAB), Microsoft, Bank of America, AT&T, and more. It is unclear if these are the “limited set” of customers Cisco is referring to.
Cisco also added that it did identify that there were files exfiltrated and published “that were not intended for public download” but were published on the DevHub environment as a “configuration error”, which has since been fixed.
“These files were not discoverable or indexed by search engines, such as Google,” it said.
Access to the DevHub has since been disabled.
Cisco continues to review the incident, adding that it has not yet “identified any information in the content that an actor could have used to access any of our production or enterprise environments”.