IntelBroker publishes partial data allegedly stolen from Cisco

IntelBroker, a threat actor, has publicly released a portion of data it claims to have stolen from Cisco, alleging it accessed and exfiltrated 4.5 terabytes of information from the tech giant’s systems. The breach, initially disclosed by IntelBroker in October, purportedly includes sensitive data such as source code, certificates, hard-coded credentials, and confidential documents related to Cisco and its customers.

The recently published dataset, measuring 2.9 gigabytes, includes files associated with Cisco’s flagship products, such as Cisco IOS XE & XR, Cisco Webex, Cisco Umbrella, Cisco SASE, and the Cisco Identity Services Engine (ISE). IntelBroker stated that the partial release is intended to verify the legitimacy of the breach and attract potential buyers for the entire dataset.

“Today, I have shared the Cisco partial breach for you to download. Thanks for reading, and enjoy!” IntelBroker posted.

Cisco responded swiftly to the initial claims, launching an investigation that confirmed data had been exfiltrated. However, the company clarified that its core systems were not compromised. According to Cisco, the attackers accessed a public-facing DevHub environment, not its internal network.

The DevHub instance, which IntelBroker claimed Cisco had "accidentally left open," was allegedly exploited by the group known as CyberN-----s, with IntelBroker leading the effort. The environment reportedly contained a vast data repository, resulting in a significant volume of sensitive information being exfiltrated.

Despite the attackers’ claims and the partial release, Cisco has maintained that it addresses the situation. The company emphasized its commitment to protecting its customers and minimizing any potential impact from the breach.