Cisco suffers cyberattack on IT network

Cisco has officially announced a security incident that occurred on 24 May, affecting the company's IT infrastructure, linking the detected threat actor to the Lapsus$, UNC2447 and Yanluowang groups.

The investigation has reported that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials stored in the victim's browser were being synchronised, using vishing techniques.

Thus, once the victim accepted the multi-factor authentication (MFA) push notifications sent by the attacker, the latter accessed the internal VPN. After identifying the attacker, his access to the internal network was denied, preventing him from accessing again despite his successive attempts.

In addition, Cisco has identified no evidence of ransomware deployment and has successfully blocked attempts to access its internal network. Furthermore, no impact on its products, services, customer/employee data or supply chain has been observed.