www.exploitone.com Open in urlscan Pro
45.33.53.57  Public Scan

Form analysis
1 forms found in the DOM

GET https://www.exploitone.com/

<form method="get" class="searchform" action="https://www.exploitone.com/"><label for="s" class="screen-reader-text">Search</label><i class="fas fa-search"></i><input type="text" class="searchtext" name="s" placeholder="Type Search Term …"
    value=""><input type="submit" class="submit forcehide" name="submit" value="Search"><span class="js-search-placeholder"></span></form>

Text Content

Skip to content
Click Here
TOP 7 Techniques to Steal NFT
Secondary Navigation Menu
Menu
 * Home
 * Cyber Security
 * Mobile Security
 * Technology
 * Vulnerabilities
 * Forensics
 * Data Breach
 * Virus
 * Tutorials

 * Facebook
 * Twitter
 * YouTube
 * Telegram

Search



YANLUOWANG RANSOMWARE BREACHES CISCO NETWORK AND LEAKS DATA


Share this...

Facebook
Pinterest
Twitter
Linkedin
Reddit

Cisco confirmed today that the Yanluowang ransomware group breached its
corporate network in late May and that the actor tried to extort money from them
under the threat of leaking stolen files online. The company revealed that the
attackers were only able to collect and steal non-sensitive data from a account
linked to a compromised employee’s account.

“Cisco experienced a security incident on our corporate network in late May 2022
and we immediately took action to contain and root out bad actors”. “Cisco did
not identify any impacts as a result of this incident, including Cisco products
or services, sensitive customer data or sensitive employee information,
intellectual property, or supply chain operations. On August 10, the criminals
published a list of files from this dark web security incident. We are also
implementing additional measures to protect our systems and sharing technical
details to help protect the broader security community.”


STOLEN EMPLOYEE CREDENTIALS USED TO BREACH CISCO NETWORK

Yanluowang threat actors gained access to the Cisco network using an employee’s
stolen credentials after hijacking the employee’s personal Google account
containing the credentials synced from their browser.



The attacker convinced the Cisco employee to accept multi-factor authentication
(MFA) push notifications through MFA fatigue and a series of sophisticated voice
phishing attacks initiated by the Yanluowang gang posing as support
organizations trustworthy

The threat actors eventually tricked the victim into accepting one of the MFA
notifications and gained access to the VPN in the context of the targeted user.

Once they became entrenched in the company’s corporate network, Yanluowang’s
operators spread laterally to Citrix servers and domain controllers. “They moved
into the Citrix environment, compromising a number of Citrix servers and
eventually gaining privileged access to domain controllers, ” Cisco said in a
blog post published on Wednesday.

After obtaining the domain administrator, they used enumeration tools such as
ntdsutil, adfind and secretsdump to gather more information and installed a
number of payloads on the compromised systems, including a backdoor.

Cisco eventually caught them and kicked them out of their environment, but they
continued to try to regain access for the next few weeks.

“After gaining initial access, the threat actor performed a variety of
activities to maintain access, minimize forensic artifacts, and increase their
level of access to systems within the environment,” Cisco Talos added. “The
threat actor was successfully removed from the environment and showed
persistence, repeatedly attempting to regain access in the weeks following the
attack, however these attempts were unsuccessful”.


HACKERS CLAIM TO HAVE STOLEN CISCO DATA

Last week, the threat actor behind the Cisco hack emailed BleepingComputer a
list of file directories allegedly stolen during the attack.



The threat actor claimed to have stolen 2.75 GB of data, consisting of
approximately 3,100 files. Many of these files are non-disclosure agreements,
data dumps, and engineering drawings.

Threat actors also sent a redacted NDA document stolen in the attack as proof of
the attack and a “hint” that they breached Cisco’s network and mined files. The
extortionists announced the Cisco breach on their data leak site and posted the
same directory listing.


NO RANSOMWARE DEPLOYED ON CISCO SYSTEMS

Cisco also said that although the Yanluowang gang is known for encrypting its
victims’ files, it found no evidence of ransomware payloads during the attack.

“While we did not observe ransomware deployment in this attack, the TTPs used
were consistent with ‘pre-ransomware activity,’ activity commonly observed prior
to ransomware deployment in victim environments, Cisco Talos added.

“We assess with moderate to high confidence that this attack was carried out by
an adversary previously identified as an initial access broker (IAB) with ties
to the UNC2447 cybercrime gang, the LAPSUS$ threat actor group, and operators of
Yanluowang ransomware”.

The Yanluowang gang also claimed to have recently breached the systems of US
retailer Walmart, which denied the attack, that it found no evidence of a
ransomware attack.

Atul Narula

He is a cyber security and malware researcher. He studied Computer Science and
started working as a cyber security analyst in 2006. He is actively working as
an cyber security investigator. He also worked for different security companies.
His everyday job includes researching about new cyber security incidents. Also
he has deep level of knowledge in enterprise security implementation.


Share this...

Facebook
Pinterest
Twitter
Linkedin
Reddit
2022-08-11
On: August 11, 2022
In: Data Breach
Tagged: Cisco, Cyberattack, cybersecurity, Hacking, Information Security



POPULAR POSTS:

 * Got warning “Unusual Instagram login attempt from…
 * Instashell: Free tool to hack Instagram accounts
 * How to hack Twitter accounts with just 10 commands…
 * How to hack WiFi routers from your smartphone with…
 * How to hack via smartphone like Mr. Robot using Termux
 * New scam and WhatsApp virus: The free Coca Cola fridge
 * Using TermGuard free antivirus in Termux to protect…
 * Top 10 underground Telegram bots to find personal…
 * Create your own wordlist to brute force a website,…
 * Encrochat, the encrypted phone used by cartels and…





VULNERABILITIES

MICROSOFT PATCHES CRITICAL VULENERBLITY IN WINDOWS SUPPORT DIAGNOSTIC TOOL



YOUR TWITTER ACCOUNT PASSWORD COULD HAVE BE EXPOSED BY THIS ZERO DAY
VULNERABILITY



5 VULNERABILITIES IN SAMBA. ONE CRITICAL FLAW CVE-2022-32744 ALLOWS ACTIVE
DIRECTORY USERS TO CHANGE PASSWORDS OF OTHER USERS



10 CRITICAL VULNERABILITIES AFFECTING VMWARE WORKSPACE ONE ACCESS, IDENTITY
MANAGER, VREALIZE AUTOMATION, CLOUD FOUNDATION & VREALIZE SUITE LIFECYCLE
MANAGER



4 CRITICAL VULNERABILITIES IN DAHUA IP CAMERA ALLOW TO TAKE CONTROL OF CCTV
SYSTEM REMOTELY. PATCH IMMEDIATELY



View All


DATA BREACH

YANLUOWANG RANSOMWARE BREACHES CISCO NETWORK AND LEAKS DATA



4.5 MILLION DEVICES ARE VULNERABLE AND UNPATCHED, CHECK IF YOURS TOO IS IN THE
LIST



HOW CYBER CRIMINALS STOLE 600 MILLION USD USING LINKEDIN, FAKE JOB OFFER AND
MALICIOUS PDF



DATABASES OF 1 BILLION CHINESE HAVING NAME, ADDRESS, ID NUMBER & MOBILE NUMBER
FOR SALE FOR 10 BITCOINS



OPENSEA HAS BEEN HACKED AND USERS EMAIL IDS LEAKED



PEGASUS AIRLINES LEAKS 23 MILLION CONFIDENTIAL FILES CONTAINING STAFF PHOTOS,
SIGNATURES, FLIGHT RECORDS, AND MORE



BIGGEST SOUTH AFRICAN PHARMACY COMPANY DIS-CHEM WAS HACKED



View All


TUTORIALS

HOW TO USE FTK IMAGER THE DIGITAL FORENSICS TOOL TO INVESTIGATE COMPUTER CRIMES
IN YOUR COMPANY?



7 EASY CONFIGURATION SETTINGS TO SECURE YOUR APACHE TOMCAT SERVER FROM HACKERS



HOW TO TAKE CONTROL OF YOUR WINDOWS MACHINE FROM MALWARE WITHOUT ANTIVIRUS USING
FREE MALWARE EFFECTS REMEDIATION TOOL



HOW TO HACK AN ANDROID SMARTPHONE WITH EVIL DROID



HOW TO CRACK THE PASSWORD OF A ZIP FILE WITH KALI LINUX



HOW TO FIND NAMES, PHONE NUMBERS, EMAIL ADDRESSES AND MORE PERSONAL DATA OF ANY
INSTAGRAM USER



HOW CYBER CRIMINALS HIDE PHISHING WEBSITE ON THE INTERNET?



COMPREHENSIVE MARYHAM FRAMEWORK TUTORIAL: OSINT TOOLS TO INCREASE YOUR
EMPLOYEES’ INFORMATION SECURITY AWARENESS



HOW TO HACK ANYONE USING JUST A QR CODE?



HOW TO USE LEAKIX, THE NEW SEARCH ENGINE FOR CYBERSECURITY PROFESSIONALS THAT
MAKES IT EASIER TO DETECT VULNERABLE DEVICES



HOW HACKERS CREATE AN ANDROID SMARTPHONE VIRUS USING AHMYTH RAT AND SPY ON
ANYONE?



TOP 5 TECHNIQUES USED TO HACK INTO BLUETOOTH DEVICES



THE BEST HACKING TOOLS FOR CYBERSECURITY PROFESSIONALS



7 EASY STEPS TO INSTALL A VIRTUAL IMAGE ON ANDROID PHONE TO SURF DARKNET AND
PROTECT YOUR IDENTITY



HOW TO FIND LOCATION OF A PHONE WITH JUST THE PHONE NUMBER FREE OF COST?



View All


VIRUS

NEW MALWARE WOODY RAT EXPLOITS MICROSOFT OFFICE FOLINA VULNERABILITY



CYBERCRIMINALS EXPLOIT GOOGLE SEARCH RESULTS FOR “DOWNLOAD CCLEANER” TO DELIVER
MALWARE



THIS NEW MALWARE CAN STEAL CRYPTOCURRENCY FROM ANY WALLET AND HAS ALREADY DONE
IT



THIS SIMPLE PHISHING EMAIL HIDES FILELESS MALWARE STRAINS AVEMARIARAT, BITRAT,
AND PANDORAHVNC TO INFECT DEVICES NO MATTER WHAT ANTIVIRUS THEY USE



GOODWILL COMPUTER VIRUS FORCES VICTIMS TO DO TO CHARITY AND HELP POOR PEOPLE IN
PLACE OF DEMANDING A RANSOM



View All
 * Facebook
 * Twitter
 * YouTube
 * Telegram
 * Mail

© 2022 All Rights Reserved
info@iicybersecurity.com





We use cookies to ensure that we give you the best experience on our website. If
you continue to use this site we will assume that you are happy with it.Ok