company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Ransomware

Data Breach

Cisco

loading..
loading..
loading..

55GB Cisco data wiped out by Yanluowang ransomware company confirms

Yanluowang ransomware operators targeted Cisco in an undetected network security breach back in May, wiping out nearly 55 GB of data …

12-Sep-2022
3 min read

Cisco has been targeted by the infamous Yanluowang ransomware group following the official confirmation of a data breach of nearly 55 GB wiped out from the company's network in May during a security breach that went undetected.

An update from the company claims that the disclosure does not distort the original conclusion that there will be no consequences for the business.

The malicious actors that published a list of filenames related to this security event on the dark web on September 11, 2022, also uploaded the contents of the duplicate files to the same place on the dark web. These files are consistent with what we've already discovered and shared.

Our previous assessment shows that this incident has had no effect on Cisco goods or services, customer data, employee information, intellectual property, or supply chain operations.

As reported in August, Cisco's network was compromised by the Yanluowang ransomware when hackers gained access to a VPN account belonging to an employee. The attack was stopped before the Yanluowang ransomware could begin encrypting systems, and the only information that was compromised was the employee's Box folder, which contained non-sensitive files. However, the threat actor insisted that this wasn't the case. The head of Yanluowang informed Secure Blink that his group had stolen thousands of files totaling 55GB, including sensitive information, technical drawings, and source code. However, the hacker did not offer any evidence. Only a screenshot showing what looks to be a development system was made public. Unfortunately, Secure Blink was unable to confirm this assertion independently. Cisco, when approached for comment, flatly denied that any source code had been exfiltrated or accessed by the hackers.

After reviewing the available information, Cisco concluded, "We have no evidence to imply the actor acquired Cisco product source code or any substantial access beyond what we have already publicly stated."

The research team at cybersecurity firm eSentire linked a study at the end of last month, containing data connecting the Yanluowang, "Evil Corp." (UNC2165), and FiveHands ransomware families (UNC2447).

The hacker claimed to Secure Blink that they did not work with any of the previously mentioned groups and acted independently when they breached Cisco.