Cisco Confirms Breached By Ransomware Group

Cisco Confirms Breached By Ransomware Group

Cisco has confirmed that the Yanluowang ransomware group was hacked their data. This happens when the Yanluowang ransomware group publishes a partial list of files which was stolen from cisco.

Cisco stated that they become aware of a breach on 24th May 2022 and has been working to remediate since then.

“During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.”

“We assess with moderate to high confidence that this attack was conducted by an adversary that has been previously identified as an initial access broker (IAB) with ties to the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators.” Mentioned in the Talos blog.

Read the technical details of the attack on Talos blog
Impact

“No ransomware has been observed or deployed and Cisco has successfully blocked attempts to access Cisco’s network since discovering the incident. ”

“Cisco did not identify any impact to our business as a result of this incident, including no impact to any Cisco products or services, sensitive customer data or sensitive employee information, Cisco intellectual property, or supply chain operations. On August 10 the bad actors published a list of files from this security incident to the dark web.” Stated Cisco Security Incident Response (CSIRT)

Source

https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html

https://tools.cisco.com/security/center/resources/corp_network_security_incident