In May this year, noted networking technology provider Cisco was targeted by a ransomware group that demanded millions to free up data from encryption. On August 10th 2022, Cisco released a press statement that the cyber-attack it experienced a few months ago was targeted by Yanluowang Ransomware Group, that has a history of stealing critical information and disrupt computer operations for its victim for many weeks.
The good news is that the American conglomerate company contained the malware spread on time and blocked the threat actors from sneaking more into the network. But the bad news is that the cyber crooks entered the network and accessed some details related to employees.
After Prima facie, Cisco concluded that no sensitive customer data or employee info was accessed or stolen by Yanluowang, unlike what is being speculated in a certain section of media.
After seeing the press notification of Cisco, hackers behind Yanluowang ransomware group released a portion of data that they allege to have stolen from the American technology company.
Cisco Security Incident Response Team, in coordination with Cisco Talos, launched an investigation deeply and concluded that the Yanluowang gang compromised an employee credential after gaining access to the personal BOX account of the said employee. But found no guilty of the employee as the account details were siphoned from a browser extension. Perhaps an inquiry is pending in this matter!
Cisco Talos concluded Yanluowang was tied up to other group of threat actors, including UNC2447 and Lapsus$ threat group.