Cisco confirms the data breach by the Yanluowang ransomware gang.
They released a statement admitting they experienced a cybersecurity incident in May.
The threat group allegedly tried to extort money from the company by threatening to leak the stolen data they had acquired to public forums and online marketplaces.
On May 24, 2022, the company became aware of the hack. Since then, the Cisco Security Incident Response Team (CSIRT) and Cisco Talos have worked tirelessly to resolve the issue.
On August 10, the threat actors published the attack’s illegally obtained data and files, making the Cisco hack public.
According to Cisco, “During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.” The malicious actor carried out several complex voice phishing attacks against the victim, pretending to be a variety of reputable companies to persuade the victim to accept push notifications for multi-factor authentication (MFA) that the adversary had initiated. In the end, the attacker successfully achieved an MFA push acceptance, granting them access to VPN in the context of the targeted user.
However, BleepingComputer reports that last week, the ransomware gang sent them an email containing the directory list of the data they had stolen from the Cisco hack.
Yanluowang claims they have stolen approximately 3,100 files, a total of 2.75 GB of data.
The stolen files consist of some engineering drawings, non-disclosure agreements, and data dumps.
Source: beepingcomputer.com, Ziroh Alert (#ZirohAlert)