Cisco confirms attack on DevHub portal and takes it offline
Cisco has now confirmed a cyber attack. Data has been leaked. However, the company's own systems are not said to be directly affected.
(Image: Michael Vi/Shutterstock.com)
Cisco has pushed ahead with ongoing investigations into an IT security incident and has now confirmed an attack. Attackers are said to have had access to data not intended for the public.
Cisco clarifies
This is the result of an updated statement on the incident. Just a few days ago, the sale of data allegedly copied in a hack of the network equipment manufacturer made headlines. This allegedly included API tokens, business documents and private keys. At the time, Cisco was still investigating the incident.
The company has now confirmed that attackers were able to gain access to a DevHub environment. The instance has since been taken offline. It remains unclear how access was gained. According to the statement, the environment was publicly accessible and contained software code and scripts, among other things, for customers. During the security incident, however, data was also leaked that was not intended for public download. However, Cisco states that this does not include any financial data.
The investigation is still ongoing, and the network equipment provider states that it is proactively approaching affected customers.
Videos by heise
Statement against statement
The data is still for sale on the darknet and, according to the leaker IntelBroker, contains internal and confidential Cisco data. This includes GitHub projects, source code and SSL certificates. The leaker told Bleepingcomputer that he would not blackmail Cisco with the copied data: "I wouldn't trust a threat actor if they demanded money for not passing on my data, so they shouldn't do that either".
(des)
