American company Cisco Systems — one of the world’s largest high-tech corporations — has announced that it has been hacked. In its statement, the company said that cybercriminals gained access to “corporate data,” but that this did not affect the company’s “operational activity.”
The intrusion into Cisco Systems’ databases was detected by the company’s specialists on May 24, but a detailed account of what happened was only published later — apparently due to the fact that the attackers had posted a list of stolen files on DLS. (View publication)
Cisco Systems explained that the attacker gained access to one employee’s account by exploiting the fact that this employee had enabled password synchronization in the Chrome browser on their devices. By stealing the password to the employee’s work account, the hacker bypassed multi-factor authentication (MFA), including through vishing (voice phishing — obtaining information from a person during a phone conversation).
Ultimately, the hacker was able to download files from the Box folder under the employee’s account. In addition, authentication data of other employees from Active Directory was stolen. The company stated that it blocked the cyber attackers as soon as their activity was detected and then observed them unsuccessfully attempting to regain access.
Cisco Systems insists that the information in the Box folder was not confidential. “Many of these files include non-disclosure agreements, data dumps, and technical drawings,” the authors of the SecAtor Telegram channel note.
Cisco Systems believes the attack was linked to the Yanluowang ransomware group. The group did indeed claim responsibility for the hack and the theft of files, estimating the stolen data at 2.8 GB and approximately 3,000 files.