Security News > 2022 > August > Cisco Confirms It's Been Hacked by Yanluowang Ransomware Gang

"Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos said in a detailed write-up.

The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang published a list of files from the breach to their data leak site on August 10.

The threat actor, which it attributed to an initial access broker with ties to the UNC2447 cybercrime gang, LAPSUS$ threat actor group, and Yanluowang ransomware operators, also took steps to add their own backdoor accounts and persistence mechanisms.

The actor is said to have deployed a variety of tools, including remote access utilities like LogMeIn and TeamViewer, offensive security tools such as Cobalt Strike, PowerSploit, Mimikatz, and Impacket aimed at increasing their level of access to systems within the network.

"While we did not observe ransomware deployment in this attack, the TTPs used were consistent with 'pre-ransomware activity,' activity commonly observed leading up to the deployment of ransomware in victim environments," the company said.

Aside from initiating a company-wide password reset, the San Jose-based firm stressed the incident had no impact to its business operations or resulted in unauthorized access to sensitive customer data, employee information, and intellectual property, adding it "Successfully blocked attempts" to access its network since then.

News URL

https://thehackernews.com/2022/08/cisco-confirms-its-been-hacked-by.html