www.exploitone.com
Open in
urlscan Pro
45.33.53.57
Public Scan
URL:
https://www.exploitone.com/data-breach/yanluowang-ransomware-breaches-cisco-network-and-leaks-data/
Submission: On August 12 via api from GB — Scanned from GB
Submission: On August 12 via api from GB — Scanned from GB
Form analysis
1 forms found in the DOMGET https://www.exploitone.com/
<form method="get" class="searchform" action="https://www.exploitone.com/"><label for="s" class="screen-reader-text">Search</label><i class="fas fa-search"></i><input type="text" class="searchtext" name="s" placeholder="Type Search Term …"
value=""><input type="submit" class="submit forcehide" name="submit" value="Search"><span class="js-search-placeholder"></span></form>
Text Content
Skip to content Click Here TOP 7 Techniques to Steal NFT Secondary Navigation Menu Menu * Home * Cyber Security * Mobile Security * Technology * Vulnerabilities * Forensics * Data Breach * Virus * Tutorials * Facebook * Twitter * YouTube * Telegram Search YANLUOWANG RANSOMWARE BREACHES CISCO NETWORK AND LEAKS DATA Share this... Facebook Pinterest Twitter Linkedin Reddit Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort money from them under the threat of leaking stolen files online. The company revealed that the attackers were only able to collect and steal non-sensitive data from a account linked to a compromised employee’s account. “Cisco experienced a security incident on our corporate network in late May 2022 and we immediately took action to contain and root out bad actors”. “Cisco did not identify any impacts as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations. On August 10, the criminals published a list of files from this dark web security incident. We are also implementing additional measures to protect our systems and sharing technical details to help protect the broader security community.” STOLEN EMPLOYEE CREDENTIALS USED TO BREACH CISCO NETWORK Yanluowang threat actors gained access to the Cisco network using an employee’s stolen credentials after hijacking the employee’s personal Google account containing the credentials synced from their browser. The attacker convinced the Cisco employee to accept multi-factor authentication (MFA) push notifications through MFA fatigue and a series of sophisticated voice phishing attacks initiated by the Yanluowang gang posing as support organizations trustworthy The threat actors eventually tricked the victim into accepting one of the MFA notifications and gained access to the VPN in the context of the targeted user. Once they became entrenched in the company’s corporate network, Yanluowang’s operators spread laterally to Citrix servers and domain controllers. “They moved into the Citrix environment, compromising a number of Citrix servers and eventually gaining privileged access to domain controllers, ” Cisco said in a blog post published on Wednesday. After obtaining the domain administrator, they used enumeration tools such as ntdsutil, adfind and secretsdump to gather more information and installed a number of payloads on the compromised systems, including a backdoor. Cisco eventually caught them and kicked them out of their environment, but they continued to try to regain access for the next few weeks. “After gaining initial access, the threat actor performed a variety of activities to maintain access, minimize forensic artifacts, and increase their level of access to systems within the environment,” Cisco Talos added. “The threat actor was successfully removed from the environment and showed persistence, repeatedly attempting to regain access in the weeks following the attack, however these attempts were unsuccessful”. HACKERS CLAIM TO HAVE STOLEN CISCO DATA Last week, the threat actor behind the Cisco hack emailed BleepingComputer a list of file directories allegedly stolen during the attack. The threat actor claimed to have stolen 2.75 GB of data, consisting of approximately 3,100 files. Many of these files are non-disclosure agreements, data dumps, and engineering drawings. Threat actors also sent a redacted NDA document stolen in the attack as proof of the attack and a “hint” that they breached Cisco’s network and mined files. The extortionists announced the Cisco breach on their data leak site and posted the same directory listing. NO RANSOMWARE DEPLOYED ON CISCO SYSTEMS Cisco also said that although the Yanluowang gang is known for encrypting its victims’ files, it found no evidence of ransomware payloads during the attack. “While we did not observe ransomware deployment in this attack, the TTPs used were consistent with ‘pre-ransomware activity,’ activity commonly observed prior to ransomware deployment in victim environments, Cisco Talos added. “We assess with moderate to high confidence that this attack was carried out by an adversary previously identified as an initial access broker (IAB) with ties to the UNC2447 cybercrime gang, the LAPSUS$ threat actor group, and operators of Yanluowang ransomware”. The Yanluowang gang also claimed to have recently breached the systems of US retailer Walmart, which denied the attack, that it found no evidence of a ransomware attack. Atul Narula He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation. Share this... Facebook Pinterest Twitter Linkedin Reddit 2022-08-11 On: August 11, 2022 In: Data Breach Tagged: Cisco, Cyberattack, cybersecurity, Hacking, Information Security POPULAR POSTS: * Got warning “Unusual Instagram login attempt from… * Instashell: Free tool to hack Instagram accounts * How to hack Twitter accounts with just 10 commands… * How to hack WiFi routers from your smartphone with… * How to hack via smartphone like Mr. Robot using Termux * New scam and WhatsApp virus: The free Coca Cola fridge * Using TermGuard free antivirus in Termux to protect… * Top 10 underground Telegram bots to find personal… * Create your own wordlist to brute force a website,… * Encrochat, the encrypted phone used by cartels and… VULNERABILITIES MICROSOFT PATCHES CRITICAL VULENERBLITY IN WINDOWS SUPPORT DIAGNOSTIC TOOL YOUR TWITTER ACCOUNT PASSWORD COULD HAVE BE EXPOSED BY THIS ZERO DAY VULNERABILITY 5 VULNERABILITIES IN SAMBA. ONE CRITICAL FLAW CVE-2022-32744 ALLOWS ACTIVE DIRECTORY USERS TO CHANGE PASSWORDS OF OTHER USERS 10 CRITICAL VULNERABILITIES AFFECTING VMWARE WORKSPACE ONE ACCESS, IDENTITY MANAGER, VREALIZE AUTOMATION, CLOUD FOUNDATION & VREALIZE SUITE LIFECYCLE MANAGER 4 CRITICAL VULNERABILITIES IN DAHUA IP CAMERA ALLOW TO TAKE CONTROL OF CCTV SYSTEM REMOTELY. PATCH IMMEDIATELY View All DATA BREACH YANLUOWANG RANSOMWARE BREACHES CISCO NETWORK AND LEAKS DATA 4.5 MILLION DEVICES ARE VULNERABLE AND UNPATCHED, CHECK IF YOURS TOO IS IN THE LIST HOW CYBER CRIMINALS STOLE 600 MILLION USD USING LINKEDIN, FAKE JOB OFFER AND MALICIOUS PDF DATABASES OF 1 BILLION CHINESE HAVING NAME, ADDRESS, ID NUMBER & MOBILE NUMBER FOR SALE FOR 10 BITCOINS OPENSEA HAS BEEN HACKED AND USERS EMAIL IDS LEAKED PEGASUS AIRLINES LEAKS 23 MILLION CONFIDENTIAL FILES CONTAINING STAFF PHOTOS, SIGNATURES, FLIGHT RECORDS, AND MORE BIGGEST SOUTH AFRICAN PHARMACY COMPANY DIS-CHEM WAS HACKED View All TUTORIALS HOW TO USE FTK IMAGER THE DIGITAL FORENSICS TOOL TO INVESTIGATE COMPUTER CRIMES IN YOUR COMPANY? 7 EASY CONFIGURATION SETTINGS TO SECURE YOUR APACHE TOMCAT SERVER FROM HACKERS HOW TO TAKE CONTROL OF YOUR WINDOWS MACHINE FROM MALWARE WITHOUT ANTIVIRUS USING FREE MALWARE EFFECTS REMEDIATION TOOL HOW TO HACK AN ANDROID SMARTPHONE WITH EVIL DROID HOW TO CRACK THE PASSWORD OF A ZIP FILE WITH KALI LINUX HOW TO FIND NAMES, PHONE NUMBERS, EMAIL ADDRESSES AND MORE PERSONAL DATA OF ANY INSTAGRAM USER HOW CYBER CRIMINALS HIDE PHISHING WEBSITE ON THE INTERNET? COMPREHENSIVE MARYHAM FRAMEWORK TUTORIAL: OSINT TOOLS TO INCREASE YOUR EMPLOYEES’ INFORMATION SECURITY AWARENESS HOW TO HACK ANYONE USING JUST A QR CODE? HOW TO USE LEAKIX, THE NEW SEARCH ENGINE FOR CYBERSECURITY PROFESSIONALS THAT MAKES IT EASIER TO DETECT VULNERABLE DEVICES HOW HACKERS CREATE AN ANDROID SMARTPHONE VIRUS USING AHMYTH RAT AND SPY ON ANYONE? TOP 5 TECHNIQUES USED TO HACK INTO BLUETOOTH DEVICES THE BEST HACKING TOOLS FOR CYBERSECURITY PROFESSIONALS 7 EASY STEPS TO INSTALL A VIRTUAL IMAGE ON ANDROID PHONE TO SURF DARKNET AND PROTECT YOUR IDENTITY HOW TO FIND LOCATION OF A PHONE WITH JUST THE PHONE NUMBER FREE OF COST? View All VIRUS NEW MALWARE WOODY RAT EXPLOITS MICROSOFT OFFICE FOLINA VULNERABILITY CYBERCRIMINALS EXPLOIT GOOGLE SEARCH RESULTS FOR “DOWNLOAD CCLEANER” TO DELIVER MALWARE THIS NEW MALWARE CAN STEAL CRYPTOCURRENCY FROM ANY WALLET AND HAS ALREADY DONE IT THIS SIMPLE PHISHING EMAIL HIDES FILELESS MALWARE STRAINS AVEMARIARAT, BITRAT, AND PANDORAHVNC TO INFECT DEVICES NO MATTER WHAT ANTIVIRUS THEY USE GOODWILL COMPUTER VIRUS FORCES VICTIMS TO DO TO CHARITY AND HELP POOR PEOPLE IN PLACE OF DEMANDING A RANSOM View All * Facebook * Twitter * YouTube * Telegram * Mail © 2022 All Rights Reserved info@iicybersecurity.com We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok