Cisco Hack: Files exposed on the Dark Web

The network supplier Cisco was hacked. The files stolen by a ransomware group have now appeared on the dark web.

Although the company Cisco is known for its network and IT security solutions, it now reports a hacking attack on the own IT infrastructure. The gateway was the stolen access data of an employee.

Cisco wants to learn from the attack

The network supplier Cisco has become the victim of a hacker attack. According to a notice on Cisco’s website, employees identified on 24. May 2022 a security incident targeting the company’s IT infrastructure. Immediately afterwards, measures were taken to contain the attack, minimize the impact of the incident and strengthen the IT environment.

Cisco reiterates that no ransomware was introduced and further access to the network could be successfully blocked. The company has not been able to determine any effects on its own business either.

Cisco itself sees the incident as a “opportunity” to increase your own “Resilience”. The company has updated its security products based on new findings from the incident and shared technical details on its own Talos blog so that other IT security experts can also learn from them.

An employee’s VPN access opened the door

As BleepingComputer reports, a ransomware group under the name Yanlouwang is said to be behind the attack. According to this, the hackers were able to copy 2.8 gigabytes of company data spread over about 3.100 files from the network. This includes documents such as non-disclosure agreements and design drawings. According to Cisco, the perpetrators published on 10. August a list of the captured files in the dark web.

The hackers gained access via the stolen access data of a Cisco employee. They were able to access this via the personal Google account of the person concerned after taking it over after a series of technical tricks. The attackers then used the employee’s VPN access to infiltrate Citrix servers and domain controllers in the company network, which enabled them to gain administrative rights.

This is another case among the countless ransomware attacks of the year 2022, in which hackers already managed over 30 could capture terabytes of data. And even for IT security experts, IT security is not guaranteed, as you can see from the example of Cisco.

Related Articles

Back to top button