Hacker breached our network via employee Google account: Cisco
"During the investigation, it was determined that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account," wrote Cisco Talos.
By IANS | Updated:
Reuters
Networking giant Cisco has admitted a cyber-security breach via the "successful compromise" of an employee's personal Google account, saying that no data was compromised.
The attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organisations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker, the company's own Cisco Talos threat research arm revealed in a blog post.
The incident occurred in May, and since then, the company has been working to remediate the attack.
"During the investigation, it was determined that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronised," wrote Cisco Talos.
The company said it had not identified evidence suggesting that the attacker gained access to critical internal systems, such as product development, code signing, etc.
"The threat actor was successfully removed from the environment and displayed persistence, repeatedly attempting to regain access in the weeks following the attack; however, these attempts were unsuccessful," said Cisco.
According to the company, the attack was conducted by an adversary previously identified as an initial access broker (IAB) with ties to the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators.
Lapsus$ is a threat actor group that is reported to have been responsible for several previous notable breaches of corporate environments.
Cisco said it implemented a company-wide password reset immediately upon learning of the incident.
The company did not observe ransomware deployment in this attack.
In many cases, threat actors have been observed targeting the backup infrastructure to further remove an organisation's ability to recover following an attack.
"Ensuring that backups are offline and periodically tested can help mitigate this risk and ensure an organisation's ability to recover following an attack effectively," said the company.
The attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organisations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker, the company's own Cisco Talos threat research arm revealed in a blog post.
The incident occurred in May, and since then, the company has been working to remediate the attack.
"During the investigation, it was determined that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronised," wrote Cisco Talos.
The company said it had not identified evidence suggesting that the attacker gained access to critical internal systems, such as product development, code signing, etc.
"The threat actor was successfully removed from the environment and displayed persistence, repeatedly attempting to regain access in the weeks following the attack; however, these attempts were unsuccessful," said Cisco.
ADVERTISEMENT
According to the company, the attack was conducted by an adversary previously identified as an initial access broker (IAB) with ties to the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators.
Lapsus$ is a threat actor group that is reported to have been responsible for several previous notable breaches of corporate environments.
Cisco said it implemented a company-wide password reset immediately upon learning of the incident.
The company did not observe ransomware deployment in this attack.
ADVERTISEMENT
In many cases, threat actors have been observed targeting the backup infrastructure to further remove an organisation's ability to recover following an attack.
"Ensuring that backups are offline and periodically tested can help mitigate this risk and ensure an organisation's ability to recover following an attack effectively," said the company.
ADVERTISEMENT
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
Related Articles
Google says ShinyHunters hackers targeting education sector via Oracle exploit2026-06-12T02:45:22Z- Anthropic pursues data center leases, seeks financial backing from Google2026-06-11T17:54:02Z
- Google to invest $50 million to train over 300,000 workers for construction and technical jobs2026-06-11T17:20:12Z
ADVERTISEMENT
