INCIDENT: Cisco Hit in Cyber Attack, Data Taken
Cisco discovered a security incident May 24 targeting its corporate IT infrastructure, and took immediate action to contain and eradicate the attackers, officials said. Cisco disclosed the incident Wednesday because the attackers published a list of files from the incident to the dark web. In light of the attack, Cisco did not report any impact to its business, including it products, services, customer data, employee information, intellectual property or supply chain operations.
Cisco did say since the attack, the company has taken steps to remediate the impact of the incident and further harden its IT environment. In addition, the tech giant said no ransomware has been observed or deployed and Cisco has successfully blocked attempts to access Cisco’s network since discovering the incident.
Updated report in September '22 : The Yanluowang leader is claiming Cisco is downplaying the severity of the attack, telling BleepingComputer “that they stole thousands of files amounting to 55GB and that the cache included classified documents, technical schematics, and source code.” At least one Cisco partner said that the Yanluowang ransomware gang attack against Cisco is another sign of the difficulty of securing a large global enterprise in the wake of the post-pandemic work-at-home era. In a blog post, Cisco said “initial access” to the Cisco VPN was achieved “via the successful compromise of a Cisco employee’s personal Google account.”