Cisco Data Breach Attributed to Lapsus$ Ransomware Group

  /     /     /  
Publicated : 23/11/2024   Category : security


Cisco Data Breach Attributed to Lapsus$ Ransomware Group


Analysis shows attackers breached employee credentials with voice phishing and were preparing a ransomware attack against Cisco Systems.



A month after confirming its systems were breached, networking giant Cisco reported that the attack was a failed ransomware attempt conducted on behalf of the
Lapsus$ group
.
The cybercriminals obtained access to Ciscos systems with a
social engineering attack
that began with an attacker taking control of an employees personal Google account, where credentials saved in the victim’s browser were being synchronized. Then, in a series of sophisticated voice phishing attacks, the gang convinced the victim to accept multifactor authentication (MFA) push notifications, giving crooks the ability to log in to the corporate VPN as if they were the victim.
From there, the attackers were able to compromise Cisco systems, elevate privileges, drop remote access tools, deploy Cobalt Strike and other offensive malware, and add their own backdoors into the system.
Based upon artifacts obtained, tactics, techniques, and procedures (TTPs) identified, infrastructure used, and a thorough analysis of the backdoor utilized in this attack, we assess with moderate to high confidence that this attack was conducted by an adversary that has been previously identified as an initial access broker (IAB) with ties to both UNC2447 and Lapsus$, the Cisco Talos team explained in a
Sept. 11 update
 on the August breach. While we did not observe ransomware deployment in this attack, the TTPs used were consistent with pre-ransomware activity, activity commonly observed leading up to the deployment of ransomware in victim environments.

Last News

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cisco Data Breach Attributed to Lapsus$ Ransomware Group