- Hackers’ Claims: IntelBroker released a second batch of extracted Cisco data, amounting to 4.84 GB, from the October 2024 breach, claiming it is part of a 4.5 TB trove.
- Leaked Data Contents: The data includes sensitive files such as software artifacts, network configurations, testing logs, cloud server images, and cryptographic signatures, exposing intellectual property and operational insights.
- Misconfigured Resource Exploitation: The data originated from a misconfigured, public-facing DevHub resource left exposed without password protection, allowing hackers to download it.
- Cisco’s Response: Cisco acknowledged the incident, stated public access was disabled, and confirmed no servers were breached or sensitive data compromised, though hackers contest this claim.
- IntelBroker’s Track Record: The hacker, known for breaching Apple, AMD, Europol, and others, highlights ongoing exploitation of misconfigured systems, a persistent issue in cybersecurity.
Hackers have released what they claim to be the second batch of data stolen in the alleged Cisco data incident from October 2024. According to IntelBroker, the hacker behind the breach, the latest leak, published on Christmas Eve on Breach Forums, contains 4.84 GB of data, part of an allegedly stolen 4.5 TB.
As seen by Hackread.com, the leaked data includes a trove of sensitive files, such as proprietary software development artifacts like Java binaries, source code, and application archives; network-related files including Cisco XRv9K virtual router images and configurations; testing logs and scripts; operational data such as Zero Touch Provisioning (ZTP) logs and packages; cloud server disk images; and cryptographic signatures for payment SDKs like Weixin Pay.
Additionally, the leak contains configuration files, internal project archives, and other miscellaneous documents, potentially exposing intellectual property, network configurations, and operational insights.
Background
Notably, the leaked data originates from a misconfigured, public-facing DevHub resource that Cisco reportedly left exposed without password protection or security authentication, enabling the hackers to download the entire dataset in October 2024.
IntelBroker who accessed the misconfigured server claims they managed to extract 4.5TB of information. The first part of the data leak, which included 2.9 GB of files, was published on December 17, 2024.
Die Antwort von Cisco
Cisco acknowledged (PDF) the October 2024 incident and stated that public access was disabled. The company also confirmed that none of its servers were breached and no sensitive data was compromised. However, the hackers claim otherwise, particularly regarding the extracted data.
Regarding the latest leak, Cisco noted on its incident response page that it is aware of the claims made by IntelBroker, asserting that the data published this time also stems from the October 14, 2024, incident.
“On Wednesday, December 25, 2024, at 17:07 EST, the threat actor IntelBroker posted on X about releasing more data. At 17:40 EST, IntelBroker released 4.45 GB of data for free on BreachForums. We have analyzed the post data, and it aligns with the known data set from October 14, 2024.”
Cisco
Intel Broker und frühere Verstöße
Intel Broker ist für aufsehenerregende Datenschutzverletzungen bekannt. Im Juni 2024behauptete der Hacker, in die Apple Inc. eingedrungen zu sein und Quellcode für interne Tools gestohlen zu haben. Derselbe Hacker brüstete sich damit Verletzung der AMD (Advanced Micro Devices, Inc.), und stiehlt Mitarbeiter- und Produktinformationen.
Im Mai 2024Intel Broker hackte Europol, was die Behörde später bestätigte. Einige frühere Datenschutzverletzungen des Hackers sind unten aufgeführt:
- Technik in Asien
- Weltraum-Augen
- Heimdepot
- Facebook-Marktplatz
- Personalvermittlungsriese Robert Half
- Der US-Auftragnehmer Acuity Inc.
- Internationaler Flughafen Los Angeles
- Mutmaßliche Verstöße von HSBC und Barclays Bank
Dennoch zeigt das partielle Leck, dass falsch konfigurierte Systeme und ungeschützte Daten weiterhin ausgenutzt werden. Das Ausmaß der Ausbeutung ist offensichtlich, da selbst hochrangige Hacker wie ShinyHunters und Nemesis haben zum Ziel falsch konfigurierte Server und S3-Buckets.
