Yanluowang ransomware group claims to have breached Cisco

Yanluowang ransomware group (Named after a Chinese deity Yanluo Wang, one of the ten kings of hell) has claimed on Wednesday that they have hacked Cisco products & services and claiming to have sensitive employee information, intellectual property (IPs) and supply chain operations details. The group further claimed to have more than 2.8GB, consisting of approximately 3,100 files of Cisco data including NDAs, data dumps, and engineering drawings which they were selling online on dark web. The group also published a small list of files to confirm their claim of data exfiltration.

Yanluowang ransomware group claims to have breached Cisco
Yanluowang ransomware group claims to have breached Cisco

Employee-caused breach is costing CISCO

It is believed that the group has gained access to an employee’s person Gmail account which contained employee’s corporate credentials. The adversary then convinced the company employee to accept MFA (multi-factor authentication) notifications through MFA fatigue(MFA fatigue is a technique which hacker use to force the user to accept the MFA push notification by sending him/her a constant stream of multi-factor authentication push requests hoping that user will accept atleast one request. The hackers later used these stolen credentials to attack and gain access to the network and performing data exfiltration.

See more: BlackCat Ransomware gang targets the European gas pipelines

Cisco partially accepted the claim by the group and revealed that the ransomware group could only gather and steal non-sensitive data from a shared folder associated to a compromised employee’s account.

Yanluowang ransomware group claims to have breached Cisco
Yanluowang ransomware group claims to have breached Cisco

Cisco also confirmed that though the Yanluowang group usually encrypt the file on the controlled devices and ask for the ransoms, it was noted that no evidence of ransomware payloads found during the attack. In a technology blog published on Wednesday, August 10th 2022, Cisco Talos confirmed that while we did not identify ransomware deployment in this breach, the TTPs(attackers tactics, techniques, and procedures) used were consistent with ‘pre-ransomware activity.

See more: BlackCat Ransomware gang targets the European gas pipelines

Its not first time when the breach surfaced due to employee, as per a survey conducted by Haystax, employees and contractors are the biggest cause of data breaches. Admin users who have organization critical business information are thought to pose the biggest threat (approx. 60%) whereas employees at lower position as well as contractor/consultants are posing average (54%) risk to the organization.

Follow on Facebook: Latest Hacking Updates

Leave a Reply

Your email address will not be published. Required fields are marked *