Cisco Systems Inc. said it was the victim of a cyberattack in which a hacker repeatedly attempted to gain access to the Silicon Valley firm’s corporate network.
Cisco said it became aware of a potential compromise on May 24, and disclosed it on Wednesday after the hacker leaked a list of the files it had stolen on the dark web.
An investigation determined that the hacker broke into Cisco’s network by cracking into an employee’s personal Google account, which synchronized their saved passwords across the web, the San Jose, California-based company said in a blog post published on Wednesday. The attacker then pretended to be trusted organizations during phone calls with the employee and successfully persuaded the employee to accept a multifactor push authentication notification to their device. That allowed the hacker to gain access to Cisco’s network using the employee’s credentials.
Cisco had “not identified any evidence suggesting that the attacker gained access to critical internal systems, such as those related to product development, code signing, etc.,” according to the blog. “The only successful data exfiltration that occurred during the attack included the contents of a Box folder that was associated with a compromised employee’s account. The data obtained by the adversary in this case was not sensitive.”
Investigators said they believe that the attack was conducted by an adversary who has previously been identified as an initial access broker for several notorious cybercrime groups: UNC2447, Lapsus$ and Yanluowang ransomware operators. Initial access brokers attempt to gain privileged access to corporate computer networks and then sell it to other hackers.
UNC2447 is an “aggressive financially motivated group” that has targeted organizations with ransomware in Europe and North American, the cybersecurity firm Mandiant concluded last year. Yanluowang, named after a Chinese deity, is a ransomware variant that has been used against US corporations since August 2021, according to Symantec. The Lapsus$ group was accused of going on a rampage of high-profile attacks against technology companies including Okta Inc., Microsoft Corp. and Nvidia Corp.
Bloomberg News reported that the suspected mastermind was a 16-year-old British teenager living at his mother’s house.
Cisco said it found evidence that the hacker was preparing to encrypt files but hadn’t managed to do so before they were detected and booted out. There were repeated attempts to regain access after the attack had been evicted, according to Cisco.
The hack was previously reported by Bleeping Computer.
Okta denies data breach after hackers claim they gained access to internal information
2022 Bloomberg L.P.
Distributed by Tribune Content Agency, LLC.
Citation:
Cisco hit by cyberattack from hacker linked to Lapsus$ gang (2022, August 11)
retrieved 11 August 2022
from https://techxplore.com/news/2022-08-cisco-cyberattack-hacker-linked-lapsus.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
