{"id":734,"date":"2024-10-15T11:50:56","date_gmt":"2024-10-15T11:50:56","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=734"},"modified":"2024-10-15T11:50:56","modified_gmt":"2024-10-15T11:50:56","slug":"alleged-cisco-data-breach-could-affect-microsoft-barclays-and-sap-developer-data","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=734","title":{"rendered":"Alleged Cisco data breach could affect Microsoft, Barclays, and SAP developer data"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Notorious hacker \u201cIntelBroker\u201d is offering to sell a large amount of sensitive data from Cisco allegedly stolen from a June 2024 breach along with two fellow hackers the threat actor called \u201cEnergyWeaponUser\u201d and \u201czjj.\u201d<\/p>\n

Cisco is reportedly investigating the breach claims after Intel Broker posted a sample of stolen data on BreachForums.<\/p>\n

\u201cCisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files,\u201d a Cisco spokesperson told BleepingComputers. \u201cWe have launched an investigation to assess this claim, and our investigation is ongoing.\u201d<\/p>\n

The breach affected customers\u2019 developer data<\/h2>\n

The breach allegedly affected a huge amount of developer data for a number of Cisco customers including big names such as Microsoft, Barclays, SAP, T-Mobile, AT&T, and Verizon.<\/p>\n

According to a BreachForum post<\/a> made by IntelBroker, the compromised data included source code, hardcoded credentials, certificates, API tokens, and more.<\/p>\n

\u201cCompromised data: GitHub projects, Gitlab Projects, SonarQube projects, Source code, hard-coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!,\u201d IntelBroker posted.<\/p>\n

IntelBroker also provided samples of the stolen data, which included a database, customer details, several customer-related documents, and screenshots from customer management portals.<\/p>\n

Highly active threat actor<\/h2>\n

One of the most frequent members of BreachForums, IntelBroker has had an extremely active year, having claimed several high-profile breaches in 2024.<\/p>\n

IntelBroker has a history of attacking a range of organizations, including General Electric<\/a>, Europol<\/a>, Lulu Hypermarket<\/a>, and Zscaler<\/a>. The hacker\u2019s past breaches also involve prominent entities like Home Depot, Facebook Marketplace, and Space-Eyes.<\/p>\n

In June, IntelBroker began leaking or selling data from several companies, including T-Mobile<\/a>, AMD<\/a>, and Apple<\/a>. Whether the Cisco breach is connected to these earlier June incidents remains unclear.<\/p>\n

While customers await the report from Cisco\u2019s investigation on the breach, IntelBroker is less likely to have made false claims as they have rarely done so in the past except in the case of Apple and Europol hacks where they exaggerate<\/a> the extent of the breaches<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Notorious hacker \u201cIntelBroker\u201d is offering to sell a large amount of sensitive data from Cisco allegedly stolen from a June 2024 breach along with two fellow hackers the threat actor called \u201cEnergyWeaponUser\u201d and \u201czjj.\u201d Cisco is reportedly investigating the breach claims after Intel Broker posted a sample of stolen data on BreachForums. \u201cCisco is aware […]<\/p>\n","protected":false},"author":0,"featured_media":735,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-734","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/734"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=734"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/734\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/735"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=734"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=734"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=734"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}