Security News > 2022 > August > Cisco reveals cyberattack on its corporate network

A supplemental notice published by Cisco Talos, the company's threat intelligence arm, revealed greater details about the attack.

Upon its investigation, Cisco Talos found that an employee's credentials were compromised after the attacker took control of a personal Google account in which the individual's credentials were stored and synchronized.

Pointing to the potential culprit, Cisco Talos said that the attack was probably carried out by someone identified as an initial access broker with ties to the UNC2447 cybercrime gang, the Lapsus$ group, and Yanluowang ransomware operators.

"It was a multi-stage attack that required compromising a user's credentials, phishing other staff for MFA codes, traversing CISCO's corporate network, taking steps to maintain access and hide traces, and exfiltrating data. Cisco says the attack was most likely carried out by an initial access broker, or IAB. Although some data was exfiltrated, an IAB's main role is to sell other hackers access to private networks, who might later carry out further attacks such as data theft, supply chain attacks on Cisco software, and ransomware."

The Cisco Talos notice displayed a screenshot of an email received by Cisco from the attackers.

In addition to describing the attack and Cisco's response, the Talos group provided tips for other organizations on how to combat these types of attacks.

News URL

https://www.techrepublic.com/article/cisco-reveals-cyberattack-on-its-corporate-network/