The Yanluowang ransomware organization broke into Cisco’s business network in late May and stole internal data, the company said in a statement.
Hacker’s compromised a Cisco employee’s credentials after taking over a personal Google account where credentials saved in the victim’s browser were being synced, according to an investigation by Cisco Security Incident Response (CSIRT) and Cisco Talos.
Cisco claims that an attacker targeted one of its employees and was only successful in stealing files from a Box folder linked to that employee’s account and employee authentication information from Active Directory. According to the company, the data kept in the Box folder wasn’t sensitive.
The Yanluowang threat actors hijacked a Cisco employee’s personal Google account, which contained credentials synchronized from their browser, and used those credentials to enter Cisco’s network.
Through MFA fatigue and a series of sophisticated voice phishing assaults carried out by the Yanluowang gang under the guise of reputable assistance businesses, the attacker persuaded the Cisco employee to accept multi-factor authentication (MFA) push alerts.
Cisco has linked the attack to an initial access broker with ties to Lapsus$, the gang that attacked several major corporations before its alleged members
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: