The company claims, however, that there has been no impact on its business, including confidential customer data or employee information, intellectual property or the supply chain.
A group of cybercriminals leaked stolen files earlier this year from Cisco, but the networking giant stands by its initial assessment of the incident and says there is no impact on its business. The company admitted on August 10 that it had detected a security breach on May 24. The acknowledgment was requested by a ransomware group called Yanluowang, which claims to have obtained gigabytes of information and published a list of allegedly stolen Cisco files.
The company confirmed that the data originated from its systems. “The content of these files matches what we have already identified and disclosed,” Cisco said in an update shared on Sunday, 11. “Our previous analysis of this incident remains unchanged — we continue to see no impact on our business, including products or services, data confidential customer or employee information, intellectual property or supply chain operations.”
In August, Cisco attributed the attack to an early access agent with ties to the Russian-linked Advanced Persistent Threat (APT) group UNC2447, the Lapsus$ gang, and the Yanluowang ransomware group.
The company said the attack targeted one of its employees. She claimed that only non-sensitive files stored in a Box account and employee authentication data from Active Directory were stolen.
The hackers initially obtained the Cisco employee’s credentials and then used social engineering and other methods to circumvent multi-factor authentication (MFA) and obtain additional information. After initial access was achieved, they started dropping post-exploitation and remote access tools, escalated privileges, backdoors created and moved laterally within the network.
The file-encrypting ransomware was not deployed in the attack, and while the threat operator emailed Cisco executives after the breach was discovered, he made no specific threats or extortion demands. emerged in 2021 and has been used to target organizations around the world, including financial corporations in the United States.
Source: CisoAdvisor
