Claims of Cisco Source Code Leaked?
Sometimes it's old code. Sometimes they're just full of it. But sometimes, threat actors hit pay-dirt.
Came across the following post on Breachforums while sipping some morning coffee:
If you’re having trouble reading it:
In October 2024, Cisco accidentally left open their DevHub instance, which allowed @zjj, @IntelBroker and @EnergyWeaponUser to download the entire 4.5TB contents of their system.
This download only contains the following:
Cisco C9800-SW-iosxe-wlc.16.11.01
Cisco IOS XE & XR
Cisco ISE
Cisco SASE
Cisco Umbrella
Cisco Webex
Total file size is 2.9GB
Hopefully this proves the legitimacy of the breach to others wanting to buy the full version.
Big if True.
I think most of us know that Cisco is one of the world's largest networking and security technology providers. Possibly more pervasive in North America than just about anywhere else.
The post suggests that they may have suffered a major leak of its source code. Such a code was allegedly exposed due to an accidental misconfiguration of a Cisco development system. The leaked data reportedly includes key software for critical Cisco products like routers, switches, security tools, and collaboration platforms such as Webex.
Alarmingly, it is claimed that the full version of this leaked code is now being offered for sale online.
For those less familiar with Cisco, their technology powers much of the internet, business networks, and cloud-based systems. From securing company access to connecting large data centers, Cisco devices are everywhere—including hospitals, banks, government agencies, and workplace Wi-Fi.
I’m not trying to stan for a huge corporation like Cisco, but unfortunately, the nature of the internet means that regular people might have to bear these rotten fruits. It could be big. If their source code is now just out there, it means attackers could study it to find weaknesses, and use those vulnerabilities to compromise systems that rely on Cisco products.
A LOT of systems rely on Cisco products. But maybe these corporations could do more to secure their infrastructure? I guess this is why people like me have jobs.
Either way, it could be bad.
A lot of the times, these breaches feature useless or outdated data, but something to consider is that much of the time, threat actors turn on their peers that do this too often. Breachforums, while itself not always fulfilling the definition of a criminal marketplace (that might be a little generous of me), operates on a reputation model. If this leak turns out to be a dud, the poster won’t keep their reputation for long. After all, they’re asking for money for it.
Unfortunately for Cisco, this post was verified and endorsed by one of the site’s administrators.
I guess just watch the skies for more attacks targeted at Cisco devices or threat actors using them as infrastructure.
Follow my main body of work on TheMoloch.com.
I do not feel comfortable giving Substack a portion of your money for reasons. Feel free to join the Substack newsletter for the reminders, but I don’t plan on having any exclusive content here.
Support Financially or Subscribe to the Steady Newsletter
Donate to Mark on Buy Me A Coffee
Follow On Other Platforms