Cisco is found to be currently investigating a possible data breach following reports that allegedly stolen data has surfaced for sale on a hacking forum.

Continue reading
Cisco is found to be currently investigating a possible data breach following reports that allegedly stolen data has surfaced for sale on a hacking forum.
The stolen data claims have been linked to a threat actor known as "IntelBroker" who, along with two others— "EnergyWeaponUser" and "zjj"—claims to have breached Cisco on June 10, 2024.
According to IntelBroker, the breach compromised a whole host of sensitive information, including:
A Cisco spokesperson confirmed the company is aware of the alleged breach and that an investigation is ongoing to assess the extent of the situation. At this time, Cisco has not confirmed the authenticity of the claims or the data samples that have been leaked.
Cisco's statement: > _"We have launched an investigation to assess this claim, and our investigation is ongoing."_
IntelBroker which has been involved in many targeted cyberattacks namely Facebook & General Electronics along with their associates have provided samples of the alleged stolen data on a hacking forum. These samples include:
While details of how the data breach has transpired remain still unclear, the type of data presented suggests access to core developer infrastructure and proprietary code repositories, potentially via compromised DevOps systems.
The threat actor’s post indicated that many of Cisco’s most crucial assets were allegedly infiltrated.
Some of the more alarming categories include:
This is not the first time IntelBroker has been associated with major data breaches. Since June 2024, the group has been involved in leaking or selling data from various high-profile companies such as T-Mobile, AMD, and Apple. These previous attacks reportedly exploited vulnerabilities in third-party DevOps and software development services providers.
It remains unclear whether the Cisco breach is related to those earlier incidents, but the scope of the alleged data exfiltration suggests that a third-party service provider might have been targeted once again.
However, this isn't an isolated intrusion where Cisco has been involved, previously the company suffered many intrusions such as detection of backdoor vulnerability in there smart licensing utility, there VPN have been exploited by ransomware group, their CISCO SPA 112 Phone Adapters were vulnerable to arbitrary code execution, Cisco AnyConnect had been exploited in the wild and many more.
Third-party vendors in DevOps often possess extensive access to company infrastructure, making them a high-value target for cybercriminals.
If IntelBroker’s claims prove to be accurate, this breach could have severe implications for Cisco’s customers and partners. Compromised source code, credentials, and API tokens could potentially lead to:
While Cisco continues its investigation, there are several immediate steps the company should consider:
As more companies integrate third-party services into their core development workflows, they become increasingly vulnerable to attacks targeting those services.
In the short term, it is critical for Cisco to validate IntelBroker’s claims, secure any exposed infrastructure, and collaborate with affected customers to mitigate potential risks. The long-term challenge will be fortifying the security of its development pipelines to prevent similar breaches in the future.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation