Notorious hacker “IntelBroker” is offering to sell a large amount of sensitive data from Cisco allegedly stolen from a June 2024 breach along with two fellow hackers the threat actor called “EnergyWeaponUser” and “zjj.”
Cisco is reportedly investigating the breach claims after Intel Broker posted a sample of stolen data on BreachForums.
“Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files,” a Cisco spokesperson told BleepingComputers. “We have launched an investigation to assess this claim, and our investigation is ongoing.”
The breach affected customers’ developer data
The breach allegedly affected a huge amount of developer data for a number of Cisco customers including big names such as Microsoft, Barclays, SAP, T-Mobile, AT&T, and Verizon.
According to a BreachForum post made by IntelBroker, the compromised data included source code, hardcoded credentials, certificates, API tokens, and more.
“Compromised data: GitHub projects, Gitlab Projects, SonarQube projects, Source code, hard-coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!,” IntelBroker posted.
IntelBroker also provided samples of the stolen data, which included a database, customer details, several customer-related documents, and screenshots from customer management portals.
Highly active threat actor
One of the most frequent members of BreachForums, IntelBroker has had an extremely active year, having claimed several high-profile breaches in 2024.
IntelBroker has a history of attacking a range of organizations, including General Electric, Europol, Lulu Hypermarket, and Zscaler. The hacker’s past breaches also involve prominent entities like Home Depot, Facebook Marketplace, and Space-Eyes.
In June, IntelBroker began leaking or selling data from several companies, including T-Mobile, AMD, and Apple. Whether the Cisco breach is connected to these earlier June incidents remains unclear.
While customers await the report from Cisco’s investigation on the breach, IntelBroker is less likely to have made false claims as they have rarely done so in the past except in the case of Apple and Europol hacks where they exaggerate the extent of the breaches.
