Cisco confirms that it was hacked by Yanluowang Ransomware Gang
Image courtesy:ITCO
On Thursday, Cisco confirms that it has been a victim of the cyberattack on May 24, 2022, after the attackers got hold of an employee’s personal Google account that had passwords synced from their web browser.
Cisco Talos in a detailed write-up said that the initial access to the Cisco VPN was accomplished via the successful compromise of a Cisco employee’s personal Google account.
It further said that the user had enabled password syncing through Google Chrome and stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account.
The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang published a list of files from the breach to their data leak site on August 10, Hacker News reports.
According to Talos, the exfiltrated information consisted of the contents of a Box cloud storage folder that was associated with the compromised employee’s account and is not believed to have included any valuable data.
Apart from the credential theft, it also had an additional element of phishing wherein the adversary had fallen back to methods like vishing (aka voice phishing) and multi-factor authentication (MFA) fatigue to trap the victim into giving access to the account.
