1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Cisco confirms it was hit by a cyberattack, company data stolen

    From TechnologyDaily@1337:1/100 to All on Thu Aug 11 14:45:04 2022
    Cisco confirms it was hit by a cyberattack, company data stolen

    Date:
    Thu, 11 Aug 2022 13:31:24 +0000

    Description:
    Attackers breach Cisco systems and leak company data, it confirms.

    FULL STORY ======================================================================

    Cisco has confirmed it suffered a cyberattack, caused by the login
    credentials of an employee being compromised.

    While Cisco says it suffered no major consequences from the May 2022
    incident, the threat actor, who was able to linger around the network for a little while before being evicted, begs to differ.

    According to Cisco, the attackers are initial access brokers tied to the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang
    ransomware operators. They managed to infiltrate an employees personal Google account, which was synced with their browser and which kept all of the login data. Pushing the intruder out

    After that, the attacker conducted a series of sophisticated voice phishing attacks that resulted in the employee accepting multi-factor authentication (MFA) push notifications.

    That gave them access to the VPN in the context of the targeted user, which they used to move laterally to Citrix servers and domain controllers. "They moved into the Citrix environment, compromising a series of Citrix servers
    and eventually obtained privileged access to domain controllers," Cisco said in its announcement .

    Thats when, according to Cisco, they were spotted, and pushed out. The threat actor was successfully removed from the environment and displayed
    persistence, repeatedly attempting to regain access in the weeks following
    the attack; however, these attempts were unsuccessful. Read more

    Cisco finally patches months-old VPN security flaw


    Cisco uncovers new credit card-stealing malware


    Get ultimate device protection with the very best antivirus

    While the company says no serious harm was done, the attackers reached out to BleepingComputer , to claim otherwise, claiming to have stolen more than
    3,000 files, including NDAs, data dumps, and engineering drawings. The entire database weighs 2.75GB, and was published on the extortionist's data leak site.

    Cisco downplayed the theft, claiming the data was non-sensitive and taken
    from the compromised employees Box folder.

    "Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations, it said.

    On August 10 the bad actors published a list of files from this security incident to the dark web. We have also implemented additional measures to safeguard our systems and are sharing technical details to help protect the wider security community." These are the best malware removal tools today



    ======================================================================
    Link to news story: https://www.techradar.com/news/cisco-confirms-it-was-hit-by-a-cyberattack-comp any-data-stolen/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)