Yanluowang Operators Started Leaking Stolen Cisco Internal Files

The cybercriminal group, which claimed responsibility for hacking Cisco systems, began to leak data stolen from the corporation. The tech giant continues to insist that the cyber incident did not affect business processes in any way.

In the first half of August, Cisco confirmed that the operators of the Yanluowang ransomware attacked its systems. According to reports, the attack took place on May 24. Attackers at the same time stated that they managed to steal gigabytes of data.

Now information has passed that the cybergroup has begun to spread compromised information, and Cisco has been forced to confirm that the data was indeed taken from its systems.

“The uploaded files match those that we have already recognized as our own. Our initial conclusions remain the same: we do not see the incident impacting business processes, products or services. Customer and employee data also remained intact,” writes the tech giant.

According to Cisco, cybercriminals attacked one of the employees, however, they managed to get only the data stored in the Box account, as well as authentication information from Active Directory.

The attackers first obtained the employee’s credentials and then used social engineering to bypass multi-factor authentication. After gaining access to the network, the attackers installed remote access tools and backdoors that allowed them to move laterally.

Catch up on more articles here

Follow us on Twitter here

Read more

Explore the site

More from the blog

Latest News