Cisco Systems Inc. disclosed it was a cyberattack victim after a hacker made repeated attempts to gain access to its corporate network.
The Silicon Valley-based company said it knew about the security compromise that happened on May 24. On Wednesday, Cisco said the hacker leaked on the dark web a list of files he is stolen.
An investigation revealed that the hacker cracked the personal Google account of an employee of Cisco and broke into the company’s network. In a blog post published by Cisco Wednesday, the company said that hackers took advantage of the saved passwords synchronized across the web by Google.
The hacker pretended to be a trusted organization and persuaded the targeted employee to accept the multifactor authentication notification sent to his device. It allowed the attacker to gain access to the network of Cisco using the employee compromised credential.
According to a blog post, Cisco did not find evidence suggesting the attacker gained access to critical systems related to code signing and product development. The successful data breach during the attack involved a black folder linked to the compromised account of the targeted employee. The data breached by the attacker was not sensitive, according to the company.
Rouge Ransomware Groups
Investigations revealed that the hacker who conducted the attack was previously an initial access broker. The adversary was identified with notorious cybercriminals gangs such as Lapus$, UNC2447, and Yanluowang. The initial brokers gain access to corporate networks, steal data by injecting ransomware into the system and then sell them to other hackers on the dark web.
Cybersecurity firm Mandiant concluded last year that many ransomware attacks on organizations in North America and Europe were conducted by UNC2447, a financially motivated aggressive group.
According to Symantec, Yanluowang is a ransomware group named after a Chinese deity and, since August 2021, has attacked American Corporations.
The Lapsus$ group has been accused of conducting high-profile attacks on technology companies, including Nvidia Corp., Microsoft Corp., and Okta Inc.
According to a report from Bloomberg News, the suspected mastermind of the Cisco attack was a 16-year British teenager living in his mother’s house. The hacker was trying to encrypt the files but could not do so before being detected and kicked out, according to evidence found by the company. Cisco also found several attempts to regain access after the attacker was evicted.
Bleeping Computer had previously reported the hack.