Cisco suffers cyberattack on IT network
Cisco has officially announced a security incident that occurred on 24 May, affecting the company's IT infrastructure, linking the detected threat actor to the Lapsus$, UNC2447 and Yanluowang groups.
The investigation has reported that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials stored in the victim's browser were being synchronised, using vishing techniques.
Thus, once the victim accepted the multi-factor authentication (MFA) push notifications sent by the attacker, the latter accessed the internal VPN. After identifying the attacker, his access to the internal network was denied, preventing him from accessing again despite his successive attempts.
In addition, Cisco has identified no evidence of ransomware deployment and has successfully blocked attempts to access its internal network. Furthermore, no impact on its products, services, customer/employee data or supply chain has been observed.
References:
- 10/08/2022 tools.cisco.com Cisco Event Response: Corporate Network Security Incident
- 10/08/2022 blog.talosintelligence.com Cisco Talos shares insights related to recent cyber attack on Cisco
- 10/08/2022 bleepingcomputer.com Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen
- 10/08/2022 therecord.media Cisco confirms May attack by Yanluowang ransomware group
- 12/08/2022 cso.computerworld.es Cisco confirma un ataque a su red informática
- 13/08/2022 forbes.com Cisco Hacked: Ransomware Gang Claims It Has 2.8GB Of Data