Cisco Hacked by Yanluowang Ransomware Group

Cisco Hacked by Yanluowang Ransomware Group

Today, Cisco confirmed that its corporate network has been breached by the Yanluowang ransomware hacker group in late May. The company revealed that hackers have compromised employees' accounts which further led to access to the corporate network after the attacker conducted a series of sophisticated voice phishing attacks to bypass the multi-factor authentication (MFA).

In the blog post, Cisco wrote - 

"On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate." "During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized."

"The attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organizations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker. The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to VPN in the context of the targeted user." - Cisco further added

Hackers claim to steal data from Cisco

The news of the beach came up after the Yanluowang ransomware group claimed Cisco Systems as its latest victim. In addition to the announcement declaring Cisco as the group’s latest ransomware victim, the Yanluowang group also published text files allegedly obtained in the cyber attack that the group is claiming to have obtained from Cisco.

The threat actor claimed to have stolen 2.75GB of data, consisting of approximately 3,100 files. Many of these files are non-disclosure agreements, data dumps, and engineering drawings.

Cisco confirmed that in this cyber att ..

Support the originator by clicking the read the rest link below.