Cisco confirms cyberattack but says systems have not been breached
Cisco confirmed that data was stolen in a cyberattack last month after threat actors claimed to have accessed its systems.
Last month, IntelBroker, an infamous threat actor and leader of the CyberN—–s threat group, claimed to have accessed Cisco systems and exfiltrated data belonging to the company and its customers.
Now, Cisco has said that while the threat actors did not breach its systems, they downloaded data belonging to several of its customers after accessing a public DevHub environment.
This environment allows Cisco to make software code and scripts more available to customers.
“We have determined that the data in question was hosted on our public DevHub site, a Cisco resource center that allows us to support our community by making software code, scripts, etc., publicly available to customers and other users. of DevHub”. Cisco said.
“The vast majority of the information on our DevHub site are software artifacts (for example, software code, templates, and scripts) that we intentionally make available to the public.”
While Cisco didn’t name the customers, IntelBroker did name a number of companies that allegedly “had their production source codes taken away,” including Vodafone Australia, National Australia Bank (NAB), Microsoft, Bank of America, AT&T, and more . It’s unclear if these are the “limited set” of customers Cisco is referring to.
Cisco also added that it identified that there were files exfiltrated and published “that were not intended for public download” but were published to the DevHub environment as a “configuration error”, which has since been fixed.
“These files were not discoverable or indexed by search engines, such as Google,” he said.
Access to DevHub has since been disabled.
Cisco continues to review the incident, adding that it has not yet “identified any information in the content that an actor could have used to access any of our business or production environments.”