Cisco Confirms it has been Hacked by Yanluowang Ransomware Gang
Cisco Confirms Hack: Yanluowang Ransom Gang Claims a pair of.8GB of knowledge
Stolen worker credentials accustomed breach Cisco’s network
The Yanluowang threat actors gained access to Cisco’s network victimization associate degree employee’s purloined credentials when hijacking the employee’s personal Google account containing credentials synced from their browser.
The offender convinced the Cisco worker to simply accept multi-factor authentication (MFA) push notifications through MFA fatigue and a series of subtle voice phishing attacks initiated by the Yanluowang gang that impersonated sure support organizations.
MFA fatigue is associate degree attack manoeuvre wherever threat actors send a continuing stream of multi-factor authentication requests to bother a target within the hopes that they’ll finally settle for one to prevent them from being generated.
The threat actors finally tricked the victim into acceptive one amongst the MFA notifications and gained access to the VPN within the context of the targeted user.
Once they gained a grip on the company’s company network, Yanluowang operators unfold laterally to Citrix servers and domain controllers.
“They captive into the Citrix surroundings, compromising a series of Citrix servers and eventually obtained privileged access to domain controllers,” Cisco Talos aforesaid.