Search module is not installed.

Hackers repeatedly targeted Cisco network during ransomware attack

10.08.2022

A hacker tried to gain access to the Silicon Valley firm's corporate network when he was repeatedly a victim of a cyberattack, according to Bloomberg -- Cisco Systems Inc.

Russia is not using a weapon to attack Ukraine, and Russia is scouring the globe for weapons to use against it.

On May 24, Cisco said it was aware of a possible compromise and disclosed it on Wednesday after a hacker leaked a list of the files it had stolen on the dark web.

An investigation determined that the hacker broke into Cisco's network by hacking into an employee's personal Google account, which synchronized their saved passwords across the web, according to the San Jose, California-based company in a blog post published on Wednesday. The attacker then pretended to be trusted organizations in phone calls with the employee and persuaded the employee to accept a multifactor push authentication notification on their device. The hacker was able to gain access to Cisco's network using the employee's credentials.

Cisco had not identified any evidence suggesting that the attacker had access to critical internal systems, such as those related to product development, code signing, etc. According to the blog, there was a lot of information on the topic. The contents of a Box folder that was associated with a compromised employee's account was the only successful data exfiltration that occurred during the attack. The adversary obtained the data in this case was not sensitive. Investigators believe that the attack was orchestrated by an adversary who has previously been identified as an initial access broker for several notorious cybercrime groups, including UNC 2447, Lapsus and Yanluowang ransomware operators. Initial access brokers attempt to gain privileged access to corporate networks and then sell it to other hackers.

The cybersecurity firm Mandiant concluded last year that UNC 2447 is an aggressive financially motivated group that has targeted organizations with ransomware in Europe and North America. Yanluowang, named after a Chinese deity, is a ransomware variant that has been used against US corporations since August 2021, according to Symantec. The Lapsus group was accused of having a rampage of high-profile attacks against technology companies like Nvidia Corp., Microsoft Corp. and Okta Inc.

The suspected mastermind was a 16-year-old British teenager living at his mother's house, according to Bloomberg News.

Cisco found evidence that the hacker was trying to encrypt files but hadn't managed to do so before they were detected and booted out. There were repeated attempts to gain access after the attack had been evicted, according to Cisco.

Bleeping Computer reported the hack.

None Facebook is making Billions as Zuckerberg hits the Panic Button.