Cisco under Yanluowang ransomware attack

The world's largest networking vendor Cisco discovered on Aug 10 that its corporate network was accessed by hackers after an employee's personal Google account was compromised.

A ransomware group called Yanluowang has now claimed as its work:

The Yanluowang ransomware, named after a Chinese deity, is typically used against financial institutions, but has been known to infect companies in manufacturing, IT services, consultancy and engineering.

A Cisco statement asserts the firm:

did not identify any impact to [its] business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations.

Threat actors, reportedly, obtained access to Cisco networks, enrolled a series of devices for MFA and authenticated successfully to the Cisco VPN.

The hacker "then escalated to administrative privileges, allowing them to login to multiple systems." That action alerted the Cisco Security Incident Response Team (CSIRT), which swooped in with "extensive IT monitoring and remediation capabilities" to "implement additional protections, block any unauthorized access attempts, and mitigate the security threat." Efforts were also made to improve "employee cybersecurity hygiene."

In the same time, communications giant Twilio has confirmed hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials.