Security News > 2022 > August > Cisco Confirms Network Breach Via Hacked Employee Google Account
Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee's Google account.
"During the investigation, it was determined that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronized," wrote Cisco Talos in a lengthy breakdown of the attack.
Ultimately, Cisco Talos said the adversaries were not successful at deploying ransomware malware, however were successful at penetrating its network and planting a cadre of offensive hacking tools and conducting internal network reconnaissance "Commonly observed leading up to the deployment of ransomware in victim environments."
"Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account. The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account," wrote Cisco Talos.
The MFA spoofing attacks leveraged against Cisco employee were ultimately successfully and allowed the attackers to run the VPN software as the targeted Cisco employee.
In response to the attack, Cisco implemented a company-wide password reset immediately, according to the Cisco Talos report.