Cisco Confirms Network Breach Via Hacked Employee Google Account
Cisco Systems has confirmed that it suffered from a network breach after attackers were able to gain access to an employee’s VPN client via a compromised Google account. The network giant released a statement on Wednesday addressing the security incident. The attack occurred in May and was perpetrated by the Yanluowang ransomware group, according to the results of an investigation conducted by Cisco after the attack.
Forensic details of the attack exposed the Yanluowant group as the culprit. The group has ties to both the UNC2447 and Lapsus$ cybercrime groups. Cisco Talos confirmed that the threat actors were unable to deploy ransomware, however, they were able to penetrate the network and plant a variety of offensive hacking tools. The initial access is what is the most concerning, as the attackers were able to compromise the employee’s Cisco VPN utility and access the corporate network this way. The employee was allegedly storing credentials within the Google account, meaning that the information synchronized and the threat actors were able to access it.