![]() ![]() “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. ![]() The crux of the hack was the attackers ability to compromise the targeted employee’s Cisco VPN utility and access the corporate network using that VPN software. Ultimately, Cisco Talos said the adversaries were not successful at deploying ransomware malware, however were successful at penetrating its network and planting a cadre of offensive hacking tools and conducting internal network reconnaissance “commonly observed leading up to the deployment of ransomware in victim environments.” Outsmarting MFA for VPN Access “During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized,” wrote Cisco Talos in a lengthy breakdown of the attack.įorensic details of the attack lead Cisco Talos researchers to attribute the attack to the Yanluowang threat group, which they maintain has ties to both the UNC2447 and the notorious Lapsus$ cybergangs. The networking giant is calling the attack a “potential compromise” in a Wednesday post by the company’s own Cisco Talos threat research arm. Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee’s Google account. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |