Cisco Confirms Data Breach by Yanluowang Ransomware Gang

Cisco confirms the data breach by the Yanluowang ransomware gang.

The tech company released a statement admitting that they experienced a cybersecurity incident during the month of May.

The threat group allegedly tried to extort money from the tech company by threatening to leak the stolen data they had acquired to public forums and online marketplaces.

Yanluowang also claimed to breach the company, but Cisco stated that the only data that the attackers were able to collect and steal from a Box folder that was linked to a compromised employee account was data that was not sensitive.

Cisco stated that the Yanluowang gang breached its corporate network, but the attackers could only harvest and steal non-sensitive data from a Box folder linked to a compromised employee's account.

The tech company became aware of the hack on May 24, 2022. Since then, the Cisco Security Incident Response Team (CSIRT) and Cisco Talos have been hard at work trying to fix the problem ever since it was discovered.

The Cisco Data Breach

The Cisco hack became public today, on August 10, after the threat actors published the illegally obtained data and files they acquired from the attack.

According to Cisco, "During the investigation, it was determined that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronized."

The malicious actor carried out a number of complex voice phishing attacks against the victim, pretending to be a variety of reputable companies in an effort to persuade the victim to agree to accept push notifications for multi-factor authentication (MFA) that had been initiated by the adversary.

In the end, the attacker was successful in achieving an MFA push acceptance, which granted them access to VPN in the context of the user who was being targeted.

However, BleepingComputer reports that last week, the ransomware gang sent them an email containing the directory list of the data they had stolen from the Cisco hack.

Yanluowang claims that they have stolen approximately 3,100 files, a total of 2.75 GB of data.

The files that were stolen consist of some engineering drawings, non-disclosure agreements, and data dumps.

On their data leak website today, the ransomware gang declared the Cisco breach and uploaded the identical directory information that was previously supplied to BleepingComputer.

The tech company states that this attack did not have any negative effects on Cisco's products or services, intellectual property, sensitive customer or employee information, or supply chain management.

Yanluowang Ransomware Gang

Cisco also stated, "We assess with moderate to high confidence that this attack was conducted by an adversary that has been previously identified as an initial access broker (IAB) with ties to the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators."

In addition, the company states that due to the recent breach, they have put in place additional measures to safeguard their systems. Cisco also stated that they are sharing this incident in hopes of helping other organizations protect the wider security community.

Apart from Cisco, the Yanluowang ransomware gang have previously claimed they have breached the internal systems of Walmart.

The Yanluowang ransomware group claimed that they had carried out a cyberattack on Walmart in May, stealing valuable data from the company.

The malicious actors then went to their public domain to leak the data they had allegedly stolen from the attack.

It has been stated that the exposed data on the website comprises a list of domain users for Walmart, as well as security certificates, Walmart's internal network, and other sensitive information.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics