15 Aug, 2022

Cisco Confirms It Has Been Hacked!

Cisco confirmed on Wednesday, 08.08.2022, that the hack was carried out through its employee, shortly after the Yanluowang Ransomware group claimed to publish its files and posted screenshots of the stolen information on the dark web. Although many ransomware groups were mentioned in the incident (UNC2447, Lapsus$, Yanluowang), the group that shared the file screenshots is the Yanluowang ransomware group.

cisco-hacklendi

cisco-vpn

“Initial access to Cisco VPN was achieved through the successful hacking of a Cisco employee's personal Google account,” Cisco Talos wrote in his detailed blog post. According to the published blog post, “The user has enabled password synchronization via Google Chrome and stored their Cisco credentials in their browser so that this information is synchronized with their Google account.” As can be understood from this statement, the person's personal Google account has been seized.

You can reach the detailed article of Cisco Talos from this link: https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html

How did the hacking process take place, with what techniques?

Although Cisco uses dual authentication, the attackers have been successful in obtaining employee personal data using MFA circumvention techniques.

Using this account information, he provided remote access via VPN, and although it is believed that it does not contain any valuable data, 2.8 GB of data was allegedly accessed.

 The attackers are said to have used various remote access tools listed below to access systems within the network.

  • LogMeIn
  • TeamViewer
  • 66% of ransomware attacks were found to use Cobalt Strike.
  • PowerSploit
  • Mimikatz
  • Impacket

Although the detection date of the attack appears to be May 24, 2022, the confirmation of this event by Cisco after the screenshots are released continues the discussions as to whether it is in accordance with the scope of certain standards.


To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.


 

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram