Yanluowang ransomware operators targeted Cisco in an undetected network security breach back in May, wiping out nearly 55 GB of data …
Cisco has been targeted by the infamous Yanluowang ransomware group following the official confirmation of a data breach of nearly 55 GB wiped out from the company's network in May during a security breach that went undetected.
An update from the company claims that the disclosure does not distort the original conclusion that there will be no consequences for the business.
The malicious actors that published a list of filenames related to this security event on the dark web on September 11, 2022, also uploaded the contents of the duplicate files to the same place on the dark web. These files are consistent with what we've already discovered and shared.
Our previous assessment shows that this incident has had no effect on Cisco goods or services, customer data, employee information, intellectual property, or supply chain operations.
As reported in August, Cisco's network was compromised by the Yanluowang ransomware when hackers gained access to a VPN account belonging to an employee. The attack was stopped before the Yanluowang ransomware could begin encrypting systems, and the only information that was compromised was the employee's Box folder, which contained non-sensitive files. However, the threat actor insisted that this wasn't the case. The head of Yanluowang informed Secure Blink that his group had stolen thousands of files totaling 55GB, including sensitive information, technical drawings, and source code. However, the hacker did not offer any evidence. Only a screenshot showing what looks to be a development system was made public. Unfortunately, Secure Blink was unable to confirm this assertion independently. Cisco, when approached for comment, flatly denied that any source code had been exfiltrated or accessed by the hackers.
After reviewing the available information, Cisco concluded, "We have no evidence to imply the actor acquired Cisco product source code or any substantial access beyond what we have already publicly stated."
The research team at cybersecurity firm eSentire linked a study at the end of last month, containing data connecting the Yanluowang, "Evil Corp." (UNC2165), and FiveHands ransomware families (UNC2447).
The hacker claimed to Secure Blink that they did not work with any of the previously mentioned groups and acted independently when they breached Cisco.