Hackers Release Second Batch of Stolen Cisco Data

Share:
  • Hackers’ Claims: IntelBroker released a second batch of extracted Cisco data, amounting to 4.84 GB, from the October 2024 breach, claiming it is part of a 4.5 TB trove.
  • Leaked Data Contents: The data includes sensitive files such as software artifacts, network configurations, testing logs, cloud server images, and cryptographic signatures, exposing intellectual property and operational insights.
  • Misconfigured Resource Exploitation: The data originated from a misconfigured, public-facing DevHub resource left exposed without password protection, allowing hackers to download it.
  • Cisco’s Response: Cisco acknowledged the incident, stated public access was disabled, and confirmed no servers were breached or sensitive data compromised, though hackers contest this claim.
  • IntelBroker’s Track Record: The hacker, known for breaching Apple, AMD, Europol, and others, highlights ongoing exploitation of misconfigured systems, a persistent issue in cybersecurity.

Hackers have released what they claim to be the second batch of data stolen in the alleged Cisco data incident from October 2024. According to IntelBroker, the hacker behind the breach, the latest leak, published on Christmas Eve on Breach Forums, contains 4.84 GB of data, part of an allegedly stolen 4.5 TB.

IntelBroker on Breach Forums (Screenshot credit: Hackread.com)

As seen by Hackread.com, the leaked data includes a trove of sensitive files, such as proprietary software development artifacts like Java binaries, source code, and application archives; network-related files including Cisco XRv9K virtual router images and configurations; testing logs and scripts; operational data such as Zero Touch Provisioning (ZTP) logs and packages; cloud server disk images; and cryptographic signatures for payment SDKs like Weixin Pay.

Additionally, the leak contains configuration files, internal project archives, and other miscellaneous documents, potentially exposing intellectual property, network configurations, and operational insights.

File tree shared by IntelBroker on Breach Forums (Screenshot credit: Hackread.com)

Background

Notably, the leaked data originates from a misconfigured, public-facing DevHub resource that Cisco reportedly left exposed without password protection or security authentication, enabling the hackers to download the entire dataset in October 2024.

IntelBroker who accessed the misconfigured server claims they managed to extract 4.5TB of information. The first part of the data leak, which included 2.9 GB of files, was published on December 17, 2024.

Cisco’s Response

Cisco acknowledged (PDF) the October 2024 incident and stated that public access was disabled. The company also confirmed that none of its servers were breached and no sensitive data was compromised. However, the hackers claim otherwise, particularly regarding the extracted data.

Regarding the latest leak, Cisco noted on its incident response page that it is aware of the claims made by IntelBroker, asserting that the data published this time also stems from the October 14, 2024, incident.

“On Wednesday, December 25, 2024, at 17:07 EST, the threat actor IntelBroker posted on X about releasing more data. At 17:40 EST, IntelBroker released 4.45 GB of data for free on BreachForums. We have analyzed the post data, and it aligns with the known data set from October 14, 2024.”

Cisco

Intel Broker and Previous Breaches

Intel Broker is known for high-profile data breaches. In June 2024, the hacker claimed to have breached Apple Inc., stealing source code for internal tools. The same hacker boasted about breaching AMD (Advanced Micro Devices, Inc.), and stealing employee and product information.

In May 2024, Intel Broker hacked Europol, a breach that the agency later confirmed. Some of the hacker’s previous data breaches are listed below:

  • Tech in Asia
  • Space-Eyes
  • Home Depot
  • Facebook Marketplace
  • Staffing giant Robert Half
  • U.S. contractor Acuity Inc.
  • Los Angeles International Airport
  • Alleged breaches of HSBC and Barclays Bank

Nevertheless, the partial leak goes on to show ongoing exploitation of misconfigured systems and exposed data. The scale of exploitation is evident, as even high-profile hackers like ShinyHunters and Nemesis have targeted misconfigured servers and S3 buckets.

Source

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
6:41 pm, Feb 6, 2025
weather icon 6°C
L: 5° | H: 7°
broken clouds
Humidity: 76 %
Pressure: 1040 mb
Wind: 10 mph NE
Wind Gust: 23 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 75%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 7:30 am
Sunset: 4:58 pm
DailyHourly
Daily ForecastHourly Forecast
Today 9:00 pm
weather icon
5° | 7°°C 0 mm 0% 12 mph 78 % 1039 mb 0 mm/h
Tomorrow 9:00 pm
weather icon
3° | 5°°C 1 mm 100% 13 mph 96 % 1037 mb 0 mm/h
Sat Feb 08 9:00 pm
weather icon
4° | 6°°C 1 mm 100% 12 mph 95 % 1027 mb 0 mm/h
Sun Feb 09 9:00 pm
weather icon
5° | 8°°C 0 mm 0% 11 mph 95 % 1037 mb 0 mm/h
Mon Feb 10 9:00 pm
weather icon
3° | 5°°C 0.2 mm 20% 11 mph 94 % 1036 mb 0 mm/h
Today 9:00 pm
weather icon
4° | 5°°C 0 mm 0% 12 mph 78 % 1039 mb 0 mm/h
Tomorrow 12:00 am
weather icon
4° | 5°°C 0 mm 0% 12 mph 79 % 1037 mb 0 mm/h
Tomorrow 3:00 am
weather icon
3° | 3°°C 0 mm 0% 11 mph 82 % 1033 mb 0 mm/h
Tomorrow 6:00 am
weather icon
4° | 4°°C 0 mm 0% 12 mph 77 % 1030 mb 0 mm/h
Tomorrow 9:00 am
weather icon
4° | 4°°C 0 mm 0% 13 mph 74 % 1028 mb 0 mm/h
Tomorrow 12:00 pm
weather icon
3° | 3°°C 0.89 mm 89% 12 mph 91 % 1025 mb 0 mm/h
Tomorrow 3:00 pm
weather icon
4° | 4°°C 1 mm 100% 13 mph 91 % 1022 mb 0 mm/h
Tomorrow 6:00 pm
weather icon
3° | 3°°C 1 mm 100% 10 mph 89 % 1020 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€92,959.74
-0.97%
Ethereum(ETH)
€2,610.09
-1.69%
Tether(USDT)
€0.97
0.01%
XRP(XRP)
€2.24
-3.85%
Solana(SOL)
€183.62
-4.01%
USDC(USDC)
€0.97
0.00%
Dogecoin(DOGE)
€0.239212
-4.06%
Shiba Inu(SHIB)
€0.000014
-5.16%
Pepe(PEPE)
€0.000009
-6.43%
Scroll to Top