Networking giant Cisco confirms hacking as ransomware group publishes a partial list of files it claims to have exfiltrated. The confirmation, that came by way of a Talos blog posting, stated Cisco was first made aware of a potential compromise on May 24. The potential compromise became a confirmed network breach following further investigation by the Cisco Security Incident Response (CSIRT) team.
Cisco said that the initial access vector was through the successful phishing of an employee’s personal Google account, which ultimately led to the compromise of their credentials and access to the Cisco VPN.
No ransomware deployed, Cisco says
Importantly, Cisco says that there was no ransomware deployment during the attack that it could find. CSIRT has stated “Cisco did not identify any impact to our business as a result of this incident, including no impact to any Cisco products or services, sensitive customer data or sensitive employee information, Cisco intellectual property, or supply chain operations. On August 10 the bad actors published a list of files from this security incident to the dark web.”