Cisco hit by cyberattack from hacker linked to Lapsus$ gang

Cisco said it found evidence that the hacker was preparing to encrypt files but hadn’t managed to do so before they were detected and booted out. — Reuters

Cisco Systems Inc said it was the victim of a cyberattack in which a hacker repeatedly attempted to gain access to the Silicon Valley firm’s corporate network.

Cisco said it became aware of a potential compromise on May 24, and disclosed it on Wednesday after the hacker leaked a list of the files it had stolen on the dark web.

An investigation determined that the hacker broke into Cisco’s network by cracking into an employee’s personal Google account, which synchronized their saved passwords across the web, the San Jose, California-based company said in a blog post published on Wednesday.

The attacker then pretended to be trusted organisations during phone calls with the employee and successfully persuaded the employee to accept a multifactor push authentication notification to their device. That allowed the hacker to gain access to Cisco’s network using the employee’s credentials.

ALSO READ: Uber admits covering up 2016 hacking, avoids prosecution in U.S. settlement

Cisco had "not identified any evidence suggesting that the attacker gained access to critical internal systems, such as those related to product development, code signing, etc,” according to the blog. "The only successful data exfiltration that occurred during the attack included the contents of a Box folder that was associated with a compromised employee’s account. The data obtained by the adversary in this case was not sensitive.”

Investigators said they believe that the attack was conducted by an adversary who has previously been identified as an initial access broker for several notorious cybercrime groups: UNC2447, Lapsus$ and Yanluowang ransomware operators. Initial access brokers attempt to gain privileged access to corporate computer networks and then sell it to other hackers.

UNC2447 is an "aggressive financially motivated group” that has targeted organizations with ransomware in Europe and North American, the cybersecurity firm Mandiant concluded last year. Yanluowang, named after a Chinese deity, is a ransomware variant that has been used against US corporations since August 2021, according to Symantec. The Lapsus$ group was accused of going on a rampage of high-profile attacks against technology companies including Okta Inc, Microsoft Corp and Nvidia Corp.

ALSO READ: T-Mobile to pay $350 million in settlement over massive hacking

Bloomberg News reported that the suspected mastermind was a 16-year-old British teenager living at his mother’s house.

Cisco said it found evidence that the hacker was preparing to encrypt files but hadn’t managed to do so before they were detected and booted out. There were repeated attempts to regain access after the attack had been evicted, according to Cisco.

The hack was previously reported by Bleeping Computer. – Bloomberg

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Apple loses second bid to challenge Qualcomm patents at U.S. Supreme Court
Scammers target S’pore Prime Minister in fake email scam
Man in SG arrested after S$11,200 is lost in refund scam involving mobile phones and tablets
Supreme Court to scrutinize U.S. protections for social media
Phone alerts responders after car hits tree, killing all six
Ferrari says internal documents online, but no evidence of cyber attack
Italian court scraps antitrust fine on Apple and Amazon
Mobile phone critic Pope Francis meets Apple chief Tim Cook
Work-from-home or return to the office? A rift is emerging among US workers�
Cyberattack on Australian telco Optus affects 1.2 million customers

Others Also Read