Change language

Cisco confirmed hacking of its corporate systems, hackers stole 2.75 GB of data from the company’s network

On August 10, 2022, Cisco confirmed that its corporate systems had been hacked. The incident with the penetration and deployment of malicious software inside the perimeter of the organization occurred at the end of May. The hackers claim to have stolen 2.75GB of data from the company's network, including confidential documents and technological blueprints for network devices.

See also: Learn programming in R - best courses in 2022

Cisco said the attackers were able to copy non-sensitive data that the compromised employee account had access to.

Cisco Talos experts said that hackers gained access to the Cisco network using stolen employee credentials after hacking into his personal Google account, which was synchronized to log into the internal network through a browser. Moreover, during the attack, the hackers convinced a Cisco employee to give them the data from the push notification of the multi-factor authentication (MFA) system using a voice phishing attack, impersonating a company technical support employee.

After that, the hackers were able to access the company's VPN through the user's account. Then the attackers tried to spread the tools of the Yanluowang ransomware virus on the corporate network. They were able to do this on some Citrix servers and domain controllers. “They moved into the Citrix environment, compromised a number of servers, and eventually gained privileged access to domain controllers,” Cisco Talos explained.

Having obtained domain administrator rights, the hackers used special software and tools ntdsutil, adfind and secretsdump to collect additional information. The attackers were able to deploy several malware, including a backdoor, on the compromised servers.

After some time, Cisco experts discovered the intrusion, isolated access to hackers and forced them out of the corporate environment. For several weeks, hackers continued to try to regain access to the company's internal systems.

“After gaining initial access, the attackers took a number of steps to covertly preserve access, minimizing the presence of artifacts and suspicious logs on compromised systems,” explained Cisco Talos. The company's experts were able to detect and remove all malware, but the hackers managed to download some files from the internal network. The company explained that during the attack, no files on the servers were encrypted or deleted.

The hackers told Bleeping Computer that they were able to steal about 3,100 files, including documents from partners with non-disclosure agreements, data dumps and technical drawings. They are going to publish this information if the company does not pay the ransom.

Shop

Learn programming in R: courses

$

Best Python online courses for 2022

$

Best laptop for Fortnite

$

Best laptop for Excel

$

Best laptop for Solidworks

$

Best laptop for Roblox

$

Best computer for crypto mining

$

Best laptop for Sims 4

$

Latest questions

NUMPYNUMPY

psycopg2: insert multiple rows with one query

12 answers

NUMPYNUMPY

How to convert Nonetype to int or string?

12 answers

NUMPYNUMPY

How to specify multiple return types using type-hints

12 answers

NUMPYNUMPY

Javascript Error: IPython is not defined in JupyterLab

12 answers

News


Wiki

Python OpenCV | cv2.putText () method

numpy.arctan2 () in Python

Python | os.path.realpath () method

Python OpenCV | cv2.circle () method

Python OpenCV cv2.cvtColor () method

Python - Move item to the end of the list

time.perf_counter () function in Python

Check if one list is a subset of another in Python

Python os.path.join () method