Cisco Confirms Being Hacked by Yanluowang Ransomware Gang
16 August 2022SafeAeon Inc.
U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, May 24, 2022, after Yanluowang ransomware operators claimed the attack on their leak site.
"Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos mentioned in detail. "The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account."
According to Cisco, "During the investigation, it was determined that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronized."
The malicious actor carried out several complex voice phishing attacks against the victim, pretending to be a variety of reputable companies to persuade the victim to agree to accept push notifications for multi-factor authentication (MFA) that the adversary had initiated.
In the end, the attacker successfully achieved an MFA push acceptance, which granted them access to VPN in the context of the user being targeted.
However, Bleeping Computer reports that last week, the ransomware gang sent them an email containing the directory list of the data they had stolen from the Cisco hack.
Yanluowang claims they have stolen approximately 3,100 files, a total of 2.75 GB of data. The files that were stolen consist of some engineering drawings, non-disclosure agreements, and data dumps.
Cisco also stated, "We assess with moderate to high confidence that this attack was conducted by an adversary that has been previously identified as an initial access broker (IAB) with ties to the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators."
In addition, the company states that due to the recent breach, they have put in place additional measures to safeguard their systems. Cisco also said they are sharing this incident in hopes of helping other organizations protect the broader security community.
Apart from Cisco, the Yanluowang ransomware gang has previously claimed they have breached the internal systems of Walmart.
The Yanluowang ransomware group claimed they had carried out a cyberattack on Walmart in May, stealing valuable data from the company. The malicious actors then went to their public domain to leak the data they had allegedly stolen from the attack.
It has been stated that the exposed data on the website comprises a list of domain users for Walmart, as well as security certificates, Walmart's internal network, and other sensitive information.
Detailed report of the incident: Cisco Talos shares insights related to the recent cyber-attack on Cisco.
Proactive Security Monitoring of your organization is crucial and the need of the hour. It helps businesses take action before malicious actors can further harm the business.
Contact us today and learn how we can safeguard your organization and help secure your business.