Cisco Systems Inc. today confirmed that its network was breached in a ransomware attack in May.

The attack was undertaken by the Yanluowang ransomware gang, which then attempted to extort Cisco with the threat that if a ransom wasn’t paid, the stolen files would be released.

“Cisco experienced a security incident on our corporate network in late May 2022 and we immediately took action to contain and eradicate the bad actors,” a spokesperson for the company said. “Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations.”

The Cisco spokesperson added that the Yanluowang gang published a list of files from the attack on the dark web on Aug. 10. The gang is claiming to have stolen 2.8 gigabytes of data.

The Yanluowang ransomware gang gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s Google account that contained credentials synced from their browser, Bleeping Computer reported. The attackers persuaded the Cisco employee to accept multifactor authentication requests and also used voice to phish the employee as well, meaning fooling the employee into believing the requests were legitimate.

The ransomware gang is not well-known. Yanluowang first appeared in October, according to a report that month from the Symantec Threat Hunter Team. The gang was described at the time as attempting a ransomware attack against a large organization. Trend Micro described Yanluowang, which is named after the Chinese deity Yanluo Wang, in December as using files that are code-signed using a valid digital signature.

“It is difficult to detect attacks that appear to be legitimate user activity,” Patrick Tiquet, vice president of security and architecture at cybersecurity software provider Keeper Security Inc., told SiliconANGLE. “Attacks are constantly evolving and it is important for all organizations to be monitoring the cybersecurity landscape and ensure they have the ability to detect and prevent the latest attack vectors. It’s equally important for organizations to consistently train their employees to recognize potential attacks.”

Mike Parkin, senior technical engineer at cyber risk management company Vulcan Cyber Ltd., also noted that detecting attacks against an organization’s staff that falls outside their work environment can be very difficult.

“The attackers compromised a user’s personal account and leveraged that to break into the corporate environment,” Parkin explained. “Without visibility into their user’s personal assets, there’s not much they can do to protect them, though this does show some of the risks of having our personal and professional lives sharing the same systems.”

Photo: DeinnsM2/Flickr