Community Edition
Total Tests:
This Week:
Today:
Recent Blog Posts
An Ex-Amazon Security Engineer Gets 3 Years In Jail For Hacking And Crypto Theft
April 18, 2024
Hacker Fakes His Own Death To Avoid Child Support Payments
April 11, 2024
ATM Skimming Ring Leader Sentenced To 75 Months In Prison
April 4, 2024
German Authorities Dismantle the Nemezis Market Dark Web Marketplace
March 28, 2024
A Cybercrime Ring Responsible For Hijacking Over 100M Email, Instagram Accounts Dismantled
March 21, 2024
Stay in Touch

Get exclusive updates and invitations to our events and webinars:


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

Cisco Confirms Data Breach, Hacked Files Leaked

By Robert Lemos for Dark Reading
Thursday, August 11, 2022

Breaches of technology companies have become commonplace, often as part of supply chain attacks. In one of the original supply chain attacks, in 2011, two state-sponsored groups linked to China compromised security vendor RSA to steal critical data underpinning the security of the company's SecurID tokens. In the most significant modern attack, the Russia-linked Nobelium group — which is Microsoft's designation — compromised SolarWinds and used a compromised update to compromise the company's clients.

The attack on Cisco likely had multiple goals, Ilia Kolochenko, founder of cybersecurity startup ImmuniWeb, said in a statement sent to Dark Reading.

"Vendors usually have privileged access to their enterprise and government customers and thus can open doors to invisible and super-efficient supply chain attacks," he said, adding that "vendors frequently have invaluable cyber threat intelligence: bad guys are strongly motivated to conduct counterintelligence operations, aimed to find out where law enforcement and private vendors are with their investigations and upcoming police raids."

While some security experts characterized the attack as "sophisticated," Cisco pointed out that it was a social-engineering play.

"The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to VPN in the context of the targeted user," the Cisco Talos team stated in an analysis of the attack. "Once the attacker had obtained initial access, they enrolled a series of new devices for MFA and authenticated successfully to the Cisco VPN."

With access established, the attacker then tried to move through the network by escalating privileges and logging into multiple systems. The threat actor installed several tools, such as remote access software LogMeIn and TeamViewer, as well as offensive security tools, such as Cobalt Strike and Mimikatz, both in wide use by attackers. Read Full Article


Previous Media Publications:

ITWeb: Cisco admits being hacked by ransomware gang

Agefi.com: Cybersécurité: les nouvelles lois ne vont pas assez loin, selon des spécialistes

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential