Cisco Hacked: Ransomware Gang Claims It Has 2.8GB Of Data

Cisco confirms hackers breached its networks in late May

NurPhoto via Getty Images

Networking giant Cisco confirms hacking as ransomware group publishes a partial list of files it claims to have exfiltrated.

On the same day that the Yanluowang ransomware group published a partial list of files it says were stolen from Cisco, the networking giant’s Talos Intelligence Group confirmed that Cisco had, indeed, been hacked.

MORE FROM FORBESNew Gmail Attack Bypasses Passwords And 2FA To Read All EmailBy Davey Winder

The confirmation, that came by way of a Talos blog posting, stated Cisco was first made aware of a potential compromise on May 24. The potential compromise became a confirmed network breach following further investigation by the Cisco Security Incident Response (CSIRT) team.

Who is behind the Cisco hack?

Cisco said that the initial access vector was through the successful phishing of an employee’s personal Google account, which ultimately led to the compromise of their credentials and access to the Cisco VPN.

The threat actor, confirmed as an initial access broker with ties to a Russian group called UNC2447 as well as the Yanluowang ransomware gang was ejected from the network and prevented from re-entry despite many attempts over the following weeks. The tactics, techniques, and procedures (TTPs) also showed some overlap with the Lapsus$ group, many of whom were arrested earlier in the year.

No ransomware deployed, Cisco says

Importantly, Cisco says that there was no ransomware deployment during the attack that it could find. CSIRT has stated “Cisco did not identify any impact to our business as a result of this incident, including no impact to any Cisco products or services, sensitive customer data or sensitive employee information, Cisco intellectual property, or supply chain operations. On August 10 the bad actors published a list of files from this security incident to the dark web.”

A company-wide password reset was initiated after the breach and is to be praised for the clear and detailed disclosures it has made regarding the technicalities of the hack.

I will update this article as more information becomes known.

MORE FROM FORBESMicrosoft Confirms High-Impact Windows 10, 11 & Server Attacks-Update NowBy Davey Winder

Stay connected with us on social media platform for instant update click here to join our T witter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here

Read original article here

Denial of responsibility! Rapidtelecast.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.