Monday, December 5, 2022
Home TECH Cisco confirms leaked data was stolen in Yanluowang ransomware

Cisco confirms leaked data was stolen in Yanluowang ransomware

Internal Cisco data leaked late last week by China-based ransomware operation Yanluowang was confirmed to have been stolen during a cyberattack in early 2022, but they insisted the leak did not pose a risk to their business. supply chain operations or customers.

The attack took place in May, but was initially disclosed by Cisco on August 10, 2022 after its name first appeared on the Yanluowang dark web leak site.

At the time, he said, the attacker was likely an initial access broker (IAB) with links to a threat actor tracked as UNC2447, the Yanluowang team, and the Lapsus$ group that targeted several tech companies earlier in the year.

It is likely that they gained access after successfully phishing a Cisco employee who had stored their credentials in their personal Google account.

Ultimately, the attacker leaked the contents of a Box folder associated with the compromised employee’s account and the employee’s authentication data from Active Directory.

In an update delivered on September 11, Cisco’s threat intelligence unit Talos said: “On September 11, 2022, the bad actors who previously published a list of filenames from this security incident on the dark web, published the actual content of the same files in the same location on the dark web. Web. The content of these files matches what we have already identified and disclosed.

They continued: “Our previous analysis of this incident remains unchanged: we continue to see no impact on our business, including Cisco products or services, sensitive customer data or confidential employee information, intellectual property, or operations.” of the supply chain”.

According to Bleeping ComputerHowever, the Yanluowang gang claims that they have stolen 55 GB of data, including classified documents, technical information, and most importantly, the source code, although this is unconfirmed.

Chris Hauk, champion of consumer privacy at pixel privacycommented, “While this is definitely a case of ‘We said, they said,’ when it comes to this data breach, Cisco customers and employees should treat this breach as if bad actors have access to all the data they claim. . have stolen

“That means they need to be on the lookout for phishing schemes using the possibly stolen data, while also keeping an eye on their login information, making sure they haven’t reused their passwords anywhere.”

A comparative rarity on the cybercriminal scene given the dominance of Russian-speaking ransomware gangs, Yanluowang was first identified in late 2021 by Symantec Threat Hunter Teamhowever, it seems to have been operational since at least August 2021.

He appears to be primarily interested in organizations operating in the financial sector, but has also focused on those specializing in consulting, engineering, IT services, and manufacturing.

According to Symantec, it uses a number of tactics, techniques, and procedures (TTPs) that are associated with the Thieflock ransomware-as-a-service (RaaS) operation, possibly suggesting the presence or influence of an affiliate.

in April 2022, kaspersky researchers were able to crack the ransomware’s encryption after finding a flaw in its RSA-1024 asymmetric encryption algorithm, and subsequently made a free decryptor available to victims.

RELATED ARTICLES

How a small electoral business became a conspiracy theory target

At an invitation-only conference in August at a secret location southeast of Phoenix, a group of election deniers revealed a new conspiracy theory about...

19 Android Settings You Might Not Know About

if you are a typical smartphone user, you average almost five hours a day on your phone now. But beyond video and social...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Uncertain Path For US-Taiwan Free Trade Deal Despite Hill’s Support

If Taiwan's semiconductor industry were to be destroyed, downgraded, or subjected to Western sanctions as a result of a Chinese military occupation of the...

Burning natural gas is doing little to mitigate methane emissions from oil and gas, study finds

Researchers from the University of Michigan and CarbonMapper/University of Arizona found that methane emissions from oil and gas wells 'are five times higher than...