Security News > 2022 > August > Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen
Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online.
Last week, the threat actor behind the Cisco attack emailed BleepingComputer a directory listing of files allegedly stolen during the attack.
The Yanluowang threat actors gained access to Cisco's network using an employee's stolen credentials after hijacking the employee's personal Google account containing credentials synced from their browser.
The attacker convinced the Cisco employee to accept multi-factor authentication push notifications through MFA fatigue and a series of sophisticated voice phishing attacks initiated by the Yanluowang gang that impersonated trusted support organizations.
Cisco also said that, even though the Yanluowang gang is also known for encrypting their victims' files, it found no evidence of ransomware payloads during the attack.
"While we did not observe ransomware deployment in this attack, the TTPs used were consistent with 'pre-ransomware activity,' activity commonly observed leading up to the deployment of ransomware in victim environments," Cisco Talos added in a separate blog post published on Wednesday.