A hacker hacked into the network through an employee’s account, no data was compromised: Cisco
Networking giant Cisco has acknowledged a cybersecurity breach through the “successful compromise” of an employee’s personal Google account, saying no data was compromised.
The attacker carried out a series of sophisticated voice phishing attacks under the cover of various trusted organizations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker, revealed the company’s own Cisco Talos threat research arm in a blog post. Publish.
The incident happened in May and since then the company has been working to remediate the attack.
“During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker took control of a personal Google account where the credentials saved in victim’s browser were synced,” Cisco Talos wrote.
The company said it did not identify any evidence to suggest the attacker gained access to critical internal systems, such as those related to product development, code signing, etc.
“The threat actor was successfully removed from the environment and demonstrated persistence, attempting multiple times to regain access in the weeks following the attack; however, these attempts were unsuccessful,” said Cisco.
According to the company, the attack was carried out by an adversary previously identified as an Initial Access Broker (IAB) with ties to cybercriminal gang UNC2447, threat actor group Lapsus$, and ransomware operators Yanluowang.
Lapsus$ is a group of threat actors believed to have been responsible for several previous notable breaches of corporate environments.
Cisco said it implemented a company-wide password reset immediately after learning of the incident.
The company did not observe any ransomware deployment in this attack.
In many cases, malicious actors have been observed targeting backup infrastructure in an effort to further suppress an organization’s ability to recover from an attack.
“Ensuring backups are offline and tested periodically can help mitigate this risk and ensure an organization’s ability to recover effectively from an attack,” the company said.
(Only the title and image of this report may have been edited by Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)