free counter

Cisco confirms leaked data was stolen in Yanluowang ransomware hit

weerapat1003 –

Cisco has confirmed that data leaked the other day by the Yanluowang ransomware gang was that stolen throughout a May 2022 cyber attack

Alex Scroxton


Published: 13 Sep 2022 14: 30

Internal Cisco data leaked late the other day by the China-based Yanluowang ransomware operation has been confirmed as stolen throughout a cyber attack earlier in 2022, but has insisted the leak poses no risk to its business, supply chain operations or customers.

The attack occurred in-may, but Cisco initially disclosed it on 10 August 2022 following its name appeared for the very first time on Yanluowangs dark web leak site.

At that time, it said, the attacker was likely a short access broker (IAB) with links to a threat actor tracked as UNC2447, the Yanluowang crew, and the Lapsus$ group that attacked multiple tech firms in the beginning of the year.

They likely gained access after successfully phishing a Cisco employee who had stored their credentials within their personal Google account.

Ultimately, the attacker exfiltrated the contents of a Box folder linked to the compromised employees account, and employee authentication data from Active Directory.

Within an update delivered on 11 September, Ciscos threat intelligence unit Talos said: On September 11, 2022, the bad actors who previously published a listing of file names out of this security incident to the dark web, posted the specific contents of exactly the same files to exactly the same location on the dark web. This content of the files match what we already identified and disclosed.

They continued: Our previous analysis of the incident remains unchanged we continue steadily to see no impact to your business, including Cisco services or products, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations.

In accordance with Bleeping Computer, however, the Yanluowang gang claims it has stolen 55GB of data including classified documents, technical information, and critically source code, although that is unconfirmed.

Chris Hauk, consumer privacy champion at Pixel Privacy, commented: While that is definitely an incident of We said, they said, with regards to this data breach, Cisco customers and employees should regard this breach as though the bad actors do get access to all the data they claim to possess stolen.

Which means they must be alert for phishing schemes utilizing the possibly purloined data, while also policing their login information, making certain they will have not reused their passwords anywhere.

A comparative rarity on the cyber criminal scene given the dominance of Russian-speaking ransomware gangs, Yanluowang was initially identified in late 2021 by Symantecs Threat Hunter team, however, it appears to possess been operational since at the very least August 2021.

It looks chiefly thinking about organisations operating in the financial sector, nonetheless it in addition has targeted those specialising in consultancy, engineering, IT services and manufacturing.

In accordance with Symantec, it uses several tactics, techniques and procedures (TTPs) which are linked to the Thieflock ransomware-as-a-service (RaaS) operation, possibly suggesting the presence or influence of a joint venture partner.

In April 2022, researchers at Kaspersky could actually crack the ransomwares encryption after getting a flaw in its RSA-1024 asymmetric encryption algorithm, and subsequently made a free of charge decryptor designed for victims.

Read more on Data breach incident management and recovery

Read More

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker