Hacker breached network via employee account, no data compromised: Cisco

Networking giant Cisco has admitted a cyber-security breach via the "successful compromise" of an employee's personal Google account, saying that no data was compromised.

data breach, technology, cyberattack, cybersecurity, network
IANS New Delhi
2 min read Last Updated : Aug 13 2022 | 3:07 PM IST

Networking giant Cisco has admitted a cyber-security breach via the "successful compromise" of an employee's personal Google account, saying that no data was compromised.

The attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organisations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker, the company's own Cisco Talos threat research arm revealed in a blog post.

The incident occurred in May and since then, the company had been working to remediate the attack.

"During the investigation, it was determined that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronised," wrote Cisco Talos.

The company said it has not identified any evidence suggesting that the attacker gained access to critical internal systems, such as those related to product development, code signing, etc.

"The threat actor was successfully removed from the environment and displayed persistence, repeatedly attempting to regain access in the weeks following the attack; however, these attempts were unsuccessful," said Cisco.

According to the company, the attack was conducted by an adversary that has been previously identified as an initial access broker (IAB) with ties to the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators.

Lapsus$ is a threat actor group that is reported to have been responsible for several previous notable breaches of corporate environments.

Cisco said it implemented a company-wide password reset immediately upon learning of the incident.

The company did not observe ransomware deployment in this attack.

In many cases, threat actors have been observed targeting the backup infrastructure in an attempt to further remove an organisation's ability to recover following an attack.

"Ensuring that backups are offline and periodically tested can help mitigate this risk and ensure an organisation's ability to effectively recover following an attack," said the company.

--IANS

na/svn/

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Subscribe to Business Standard digital and get complimentary access to The New York Times

Quarterly Starter

₹900

3 Months

₹300/Month

SAVE 25%

Smart Essential

₹2,700

1 Year

₹225/Month

Save 46%

Super Saver

₹3,900

2 Years

₹162/Month

Subscribe

Renews automatically, cancel anytime

Here’s what’s included in our digital subscription plans

Access to Exclusive Premium Stories Online

  • Over 30 behind the paywall stories daily, handpicked by our editors for subscribers

Complimentary Access to The New York Times

  • News, Games, Cooking, Audio, Wirecutter & The Athletic

Business Standard Epaper

  • Digital replica of our daily newspaper — with options to read, save, and share

Curated Newsletters

  • Insights on markets, finance, politics, tech, and more delivered to your inbox

Market Analysis & Investment Insights

  • In-depth market analysis & insights with access to The Smart Investor

Archives

  • Repository of articles and publications dating back to 1997

Ad-free Reading

  • Uninterrupted reading experience with no advertisements

Seamless Access Across All Devices

  • Access Business Standard across devices — mobile, tablet, or PC, via web or app

More From This Section

Topics :Cisco

First Published: Aug 13 2022 | 3:07 PM IST

Next Story