Thursday, February 9, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Cisco confirms Yanluowang breach

Cisco confirms Yanluowang breach

Cisco confirmed that the Yanluowang ransomware group managed to breach the company's network to steal data.


Erdem Yasar Erdem Yasar
August 12, 2022
2 min read
Cisco confirms Yanluowang breach
  • The investigation initiated by Cisco Security Incident Response and Cisco Talos showed that employee credentials were compromised.
  • The attackers conducted a series of voice phishing attacks under the guise of various trusted organizations to convince the victim to accept multi-factor authentication push notifications.
  • The attackers conducted a variety of activities to maintain access, minimize forensic artifacts, and increase their level of access but failed.

Cisco published a blog post, sharing detailed information about a cyber attack that targeted the company. The incident took place on May 24, 2022. When the company was made aware of a potential compromise, Cisco Security Incident Response and Cisco Talos started investigating the issue. The company admitted that employees’ credentials were compromised.

2.75 GB of stolen data

Cisco stated that the attackers conducted voice phishing attacks mimicking trusted organizations. Initially, the attackers managed to convince the victim to accept the multi-factor authentication push notification, which was initiated by the attacker. It granted them access to VPN in the context of the targeted user.

The investigation initiated by CSIRT and Talos showed that there is no evidence suggesting that attackers could access the critical internal system. However, Cisco employees’ credentials were compromised. The attacker gained control of a personal Google account where credentials were saved in the victim’s browser, and synchronization was enabled. The attackers tried to maintain access, minimize forensic artifacts, and increase their level of access to systems within the environment.

The company managed to remove the threat actor from the environment. The attackers made several unsuccessful attempts to regain access during the following weeks. Cisco believes that the attack was conducted by an adversary that has been previously identified as an initial access broker with ties to the UNC2447 cybercrime gang, which is the Lapsus$ threat actor group and Yanluowang ransomware operators.

On the other hand, the Yanluowang gang claims that they have stolen 2.75 GB of data, which includes approximately 3,100 files. Most of these are non-disclosure agreements, data dumps, and engineering drawings. The gang published the stolen data on their data leak site. Cisco said,

« Threat actors commonly use social engineering techniques to compromise targets, and despite the frequency of such attacks, organizations continue to face challenges mitigating those threats. User education is paramount in thwarting such attacks, including making sure employees know the legitimate ways that support personnel will contact users so that employees can identify fraudulent attempts to obtain sensitive information.

Given the actor’s demonstrated proficiency in using a wide array of techniques to obtain initial access, user education is also a key part of countering MFA bypass techniques. Equally important to implementing MFA is ensuring that employees are educated on what to do and how to respond if they get errant push requests on their respective phones. It is also essential to educate employees about who to contact if such incidents do arise to help determine if the event was a technical issue or malicious. »

See more Cybersecurity News


Tags: Cisco SystemsRansomware
Erdem Yasar

Erdem Yasar

Erdem Yasar is a news editor at Cloud7 News. Erdem started his career by writing video game reviews in 2007 for PC World magazine while he was studying computer engineering. In the following years, he focused on software development with various programming languages. After his graduation, he continued to work as an editor for several major tech-related websites and magazines. During the 2010s, Erdem Yasar shifted his focus to cloud computing, hosting, and data centers as they were becoming more popular topics in the tech industry. Erdem Yasar also worked with various industry-leading tech companies as a content creator by writing blog posts and other articles. Prior to his role at Cloud7 News, Erdem was the managing editor of T3 Magazine.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
Ubuntu 22.04.1 is now available for download after a little delay

Ubuntu 22.04.1 is now available for download after a little delay

Related News

CISA publishes VMware ESXi ransomware recovery tool

CISA publishes VMware ESXi ransomware recovery tool

February 8, 2023 3:45 pm
New local privilege escalation vulnerability strikes X.Org server

New local privilege escalation vulnerability strikes X.Org server

February 7, 2023 9:45 pm
Red Hat brings new security capabilities to Red Hat OpenShift

Red Hat brings new security capabilities to Red Hat OpenShift

February 7, 2023 8:55 pm
Cisco fixes command injection vulnerability

Cisco fixes command injection vulnerability

February 6, 2023 5:00 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

What’s new in Linux kernel 6.2 rc6?

10 Best Web Hosting Services of 2023

Ubuntu 22.04 LTS is available for download. What is new?

CERN and Fermilab recommend AlmaLinux

7 best hosting control panels of 2023

How to update Linux Kernel without rebooting?

7 best Linux mail servers of 2023

7 best cPanel alternatives for 2023

7 best Linux web browsers for 2023

7 best CentOS alternatives

7 best Linux server distros of 2023

Interview with Igor Seletskiy on AlmaLinux

How to create a VM on VMware Workstation

Recent News

  • Linux 6.1 is a Long-Term Support (LTS) Kernel now
  • Digital Realty signs 10-year power purchase agreement with ENGIE
  • Zoom to lay off 15% of its employees
  • phpMyAdmin 4.9.11 and 5.2.1 released
  • CISA publishes VMware ESXi ransomware recovery tool

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2023, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2023, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.