Cisco: Yes, Yanluowang leaked our data. No, it's not serious

2022-09-13 07:30

The Yanluowang ransomware group behind the May attack on Cisco Systems has publicly leaked the stolen files on the dark web over the weekend, but the networking giant says there's nothing to worry about.

In a blog post, Talos wrote that "We continue to see no impact to our business, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations."

According to Erich Kron, security awareness advocate at security awareness training firm KnowBe4, it's clear that Cisco chose not to pay the extortion demanded by the ransomware gang, which led to the stolen data being posted.

"Because the stolen data was of low impact to Cisco, the threat of public disclosure of this data lost its leverage," Kron told The Register.

The criminals were able to initially access the Cisco VPN through the compromised Google account of an employee who had enabled password syncing through Google Chrome and stored their Cisco credentials in the browser.

In a report, eSentire said a person with an alias of mx1r was the cybercriminal behind the attack on its client and that Mandiant - the security company that now is part of Google - linked the attacker to a high-profile Russian-linked group called Evil Corp. Cisco had linked its attacker to a cybercriminal with ties to not only Yanluowang but also Lapsus$ and FiveHands, another ransomware group.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/13/cisco_ransomware_data_leaked/

#cisco #leaked