Category | Details |
---|---|
Threat Actors | IntelBroker, known for prior breaches (Apple, AMD, Europol). |
Campaign Overview | Second batch of Cisco data leaked (4.84 GB) as part of a claimed 4.5 TB trove, stemming from an October 2024 breach. Hackers exploited a misconfigured public-facing DevHub resource. |
Target Regions | Primarily Cisco’s internal data (global reach). |
Methodology | Exploited an exposed DevHub resource without password protection or authentication to extract sensitive data. |
Products Targeted | Cisco DevHub and internal systems; exposed data includes proprietary software, network configurations, cloud images, and cryptographic keys. |
Malware Reference | Not applicable (data breach from misconfigured server). |
Tools Used | Leveraged publicly exposed, misconfigured resources; no specific tools mentioned for the breach itself. |
Vulnerabilities Exploited | Misconfigured, public-facing DevHub server without authentication or password protection. |
TTPs | Exploitation of misconfigured systems; posting sensitive stolen data on breach forums; use of public repositories to expose proprietary and operational data. |
Attribution | IntelBroker, a known hacker with a history of high-profile breaches. |
Recommendations | Ensure secure configuration of public-facing resources, implement strict authentication and access controls, perform regular audits to identify exposed data, and enforce data access best practices. |
Source | Hackread |
Read full article: https://hackread.com/hackers-release-second-batch-of-stolen-cisco-data/
The above summary has been generated by an AI language model
Leave a Reply