Cisco Systems Inc. said Wednesday that it had been breached by a hacker who was associated with a number of well-known cybercrime organizations.
In a blog post, Cisco Talos, the company's threat-intelligence business, said it became aware of the attack on May 24. A hacker accessed its corporate network after using a Cisco employee's credentials to conduct a series of sophisticated voice phishing attacks.
A list of files from this security incident was released by the bad actors on Wednesday, according to a statement from Cisco. San Jose, Calif.-based Cisco CSCO said that the incident was contained to its corporate IT environment, and did not appear to involve sensitive customer data or private employee information. We haven't identified any evidence that the attacker gained access to critical internal systems, such as those related to product development, code signing, etc. The company said. The contents of a Box folder that was associated with a compromised employee's account was the only successful data exfiltration that occurred during the attack. The adversary obtained the data in this case was not sensitive. Cisco said the hacker was successfully removed but displayed persistence, repeatedly trying to regain access in the weeks following the attack, but these attempts were unsuccessful. The networking giant said that no ransomware has been observed, and steps have been taken to further harden Cisco's IT environment. Cisco said it had confidence that the hacker was an initial access broker with links to the UNC 2447 ransomware gang, the Lapsus cybercriminal group and Yanluowang ransomware operators. In the past, Lapsus targeted systems at Okta Inc., OKTA, and Microsoft Corp. MSFT, Cisco shares are down 27% year to date, compared to the 8% decline of the Dow Jones Industrial Average DJIA, of which it is a component.