Cyber Attackers Demand Ransom From Cisco
August 25, 2022

Cisco discovered a breach of its network on May 24, 2022. A ransomware gang had gained access to the company’s virtual private network (VPN) by convincing an employee to accept a malicious multifactor authentication (MFA) push notification. The breach resulted in cyber attackers gaining access to the company’s VPN, and the company announced the theft of an unspecified number of files from its network on August 10, 2022. Compromising the employee’s personal Google account gave the attackers access to the employee’s business credentials through the synchronized password store in Google Chrome. The attackers then moved through the network by escalating privileges, logging into multiple systems, and installing remote access software tools and offensive security tools. The company acknowledged that the threat actors published a list of files stolen from the network and demanded a ransom, although they did not deploy ransomware. Cisco believes the threat actor is an initial access broker — an adversary that gains unauthorized access to corporate networks and then sells that access as a service on the Dark Web.
Get our free daily newsletter
Subscribe for the latest news and business legal developments.
Read this next
The AI Executive Order’s Impact on the Healthcare Industry
President Biden’s Executive Order on the Safe, Secure, and Trustworthy Development and […]
Cybersecurity Agency Warns About Hacking Collective
The Cybersecurity and Infrastructure Security Agency and the FBI have issued a […]
Data Privacy and Reputation Concerns About Adopting AI
Reputational damage was the greatest source of concern about AI, followed by […]