Security News > 2022 > August > Cisco has been hacked by a ransomware gang
U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site.
According the Talos analysts, the attackers started by gaining control of a Cisco employee's personal Google account.
"The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account. After obtaining the user's credentials, the attacker attempted to bypass multifactor authentication using a variety of techniques, including voice phishing and MFA fatigue, the process of sending a high volume of push requests to the target's mobile device until the user accepts, either accidentally or simply to attempt to silence the repeated push notifications they are receiving," they explained.
"Once the attacker had obtained initial access, they enrolled a series of new devices for MFA and authenticated successfully to the Cisco VPN.".
"The incident was contained to the corporate IT environment and Cisco did not identify any impact to any Cisco products or services, sensitive customer data or employee information, Cisco intellectual property, or supply chain operations," Cisco claims.
The Cisco Talos team detailed the steps the attackers took to gain access and move in Cisco's enterprise network - as well as their attempts to get back in once they were removed from it - and shared indicators of compromise, to help other enterprise defenders and incident responders.