Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data.
The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat actors compromised a Cisco employee’s credentials after they gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
Once obtained the credentials, the attackers launched voice phishing attacks in an attempt to trick the victim into accepting the MFA push notification started by the attacker.
Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user.
The Yanluowang ransomware group is attempting to extort the company and published a list of files stolen from the company threatening to leak all stolen data if Cisco will not pay the ransom.
