According to Cisco Systems Inc., it was the target of a cyberattack in which a hacker made many attempts to penetrate the corporate network of the Silicon Valley company.
After the hacker posted a list of the files it had taken on the dark web on Wednesday, Cisco claimed it first learned of a potential compromise on May 24.
The San Jose, California-based business claimed in a blog post on Wednesday that an investigation revealed the hacker gained access to Cisco’s network by breaking into an employee’s personal Google account, which synced their saved passwords online.
The attacker then successfully convinced the employee to accept a multifactor push authentication notification to their device by posing as reputable businesses during phone calls. As a result, the hacker was able to access Cisco’s network using the employee’s login information.
According to the blog, Cisco “has not uncovered any evidence showing that the attacker was able to access crucial internal systems, such as those connected to product development, code signing, etc. “The contents of a Box folder linked to a hacked employee’s account were the sole successful data exfiltration that took place during the attack. The information that the antagonist in this case obtained was not sensitive.
UNC2447 is an “aggressive financially motivated group” that has targeted organizations with ransomware in Europe and North American, the cybersecurity firm Mandiant concluded last year. Yanluowang, named after a Chinese deity, is a ransomware variant that has been used against US corporations since August 2021, according to Symantec.
The cybersecurity company Mandiant concluded last year that UNC2447 is a “aggressive financially driven group” that has attacked enterprises with ransomware in North America and Europe. According to Symantec, a ransomware strain called Yanluowang, named after a Chinese god, has been utilised against US businesses since August 2021.
Cisco claimed to have discovered proof that the hacker was attempting to encrypt files but was unable to do so before being discovered and thrown out. After the attack had been expelled, there were numerous tries to recover access, according to Cisco.
Bleeping Computer had already reported on the breach.
The cybersecurity company Mandiant concluded last year that UNC2447 is a “aggressive financially driven group” that has attacked enterprises with ransomware in North America and Europe. According to Symantec, a ransomware strain called Yanluowang, named after a Chinese god, has been utilised against US businesses since August 2021.
Cisco claimed to have discovered proof that the hacker was attempting to encrypt files but was unable to do so before being discovered and thrown out. After the attack had been expelled, there were numerous tries to recover access, according to Cisco.
Bleeping Computer had already reported on the breach.
