Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily.

Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter
facebook linkedin X Instagram youtube

Explore

SECTIONS

MORE

search button

Second threat actor claims Cisco data breach

Cisco’s network has allegedly been breached a second time in a matter of weeks after company data was advertised for sale online.

user icon Daniel Croft
Fri, 15 Nov 2024 Security
Second threat actor claims Cisco data breach
expand image

Last month, IntelBroker, an infamous threat actor and leader of the CyberN-----s threat group, claimed to have accessed Cisco’s systems and exfiltrated data belonging to the company and its clients.

IntelBroker listed a handful of companies that allegedly “had their production source codes taken”, including Vodafone Australia, National Australia Bank (NAB), Microsoft, Bank of America, AT&T, and more.

Now, a threat actor under the moniker “Cas” has claimed to have breached Cisco’s systems in a post on a popular hacking forum.

============
============

“Yay I hacked Cisco after IntelBroker did,” the threat actor said.

“I’m here to sell dever user access / netuser. It has a lot of stuff, such as templates with creds in it for the network, keys and a lot more. I didn’t dig deep.”

Cas also posted proof of the breach, which was inaccessible at the time of writing.

While Cyber Daily has been unable to verify whether or not the latest incident is connected or has any crossover with the IntelBroker breach, the data Cas said has been exfiltrated varies from the previous incident.

In reference to the IntelBroker data breach, Cisco confirmed the incident but stressed that its own network was safe and that the threat actors breached a third party.

Cyber Daily logo
VIEW ALL

“We have determined that the data in question was hosted on our public-facing DevHub site – a Cisco resource centre that enables us to support our community by making software code, scripts, etc., publicly available for customers and other DevHub users,” said Cisco.

“The vast majority of the information on our DevHub site is software artifacts (e.g., software code, templates, and scripts) that we intentionally make publicly available.”

Access to the DevHub has since been disabled.

Cisco continues to review the incident, adding that it has not yet “identified any information in the content that an actor could have used to access any of our production or enterprise environments”.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2024 MOMENTUMMEDIA