HQ/EMEAFind out how we can help your business
Cisco revealed earlier this week that it took its public DevHub portal offline after an alleged hacker publicly exposed its non-public information.
However, the company insisted that the hack did not cause further damage and that there was no proof that the hackers compromised its systems.
An updated statement from Cisco stated that the data in question is on a public-facing DevHub environment. This environment is the company’s resource centre that allows them to help their community by making software code, scripts, and other resources available for customers.
However, the attackers made the company believe it disseminated a small number of files that were not permitted for public distribution. Also, Cisco assured concerned parties that there were no signs that personal or financial information was stolen.
IntelBroker’s claim prompted Cisco to address the issue.
The notorious hacker dubbed IntelBroker claimed to have infiltrated Cisco and tried to sell stolen data and source code. This malicious entity explained that it accessed a company’s third-party development environment through an exposed API token.
Reports noted that the attacker became agitated when the firm refused to admit a security incident, so it shared images to a specific IT-related platform to show the legitimacy of the purported access to the Cisco development environment.
The screenshots and files we shared with Cisco showed that the threat actor had access to most of the data stored on the compromised platform. The confirmed information included source code, configuration files containing database credentials, technical documentation, and SQL files.
As of now, it is still not clear what consumer data was stored on these servers. Additionally, IntelBroker claimed to have continued access until earlier this week, when Cisco shut down all access to the portal and compromised the JFrog developer environment.
Furthermore, the threat actor also stated that it lost access to a Maven and Docker server associated with the DevHub interface. Still, IntelBroker insisted that despite these claims and leaked information, it had not even tried to extort the IT company.
While Cisco continues to claim that no systems were compromised, every detail about the incident suggests that one of its third-party developments provided the threat actor with information to harvest.
