Cisco Systems Inc. has confirmed that its network was breached in a ransomware attack in May. The attack was undertaken by the Yanluowang ransomware gang, who then attempted to extort Cisco with the threat that if a ransom wasn’t paid, the stolen files would be released.
“Cisco experienced a security incident on our corporate network in late May 2022 and we immediately took action to contain and eradicate the bad actors,” a spokesperson for the company said. “Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations.”
The Cisco spokesperson added that the Yanluowang gang published a list of files from the attack on the dark web on Aug. 10. The gang is claiming to have stolen 2.8 GB of data.
The Yanluowang ransomware gang gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s Google account that contained credentials synced from their browser, Bleeping Computer reports. The attackers convinced the Cisco employee to accept multi-factor authentication requests and also used voice to phish the employee as well.
The ransomware gang is not well known. Yanluowang first appeared in October, according to a report that month from the Symantec Threat Hunter Team. The ransomware gang was described at the time as attempting a ransomware attack against a large organization. Trend Micro described Yanluowang – which is named after the Chinese deity Yanluo Wang – in December as using files that are code-signed using a valid digital signature.
“It is difficult to detect attacks that appear to be legitimate user activity,” Patrick Tiquet, vice president, security and architecture at zero-trust cybersecurity software provider Keeper Security Inc., told SiliconANGLE. “Attacks are constantly evolving and it is important for all organizations to be monitoring the cybersecurity landscape and ensure they have the ability to detect and prevent the latest attack vectors. It’s equally important for organizations to consistently train their employees to recognize potential attacks.”
Mike Parkin, senior technical engineer at cyber risk management company Vulcan Cyber Ltd. also noted that detecting attacks against an organization’s staff that falls outside their work environment can be very difficult.
“The attackers compromised a user’s personal account and leveraged that to break into the corporate environment,” Parkin explained. “Without visibility into their user’s personal assets, there’s not much they can do to protect them. Though this does show some of the risks of having our personal and professional lives sharing the same systems.