Cisco Suffers Cyber Attack By UNC2447, Lapsus$, & Yanluowang
Contents
Summary Of The Attack
- Cisco confirmed that the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online.
- During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
- The attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organizations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker. The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to VPN in the context of the targeted user.
- After obtaining initial access, the threat actor conducted a variety of activities to maintain access, minimize forensic artifacts, and increase their level of access to systems within the environment.
Stay Up-To-Date On The Latest Attacks
Be the first to know when our experts release new insights on the top attacks.
You're on the list! Just one more step...
Check your email to confirm your subscription.