"Cisco Confirms Network Breach Via Hacked Employee Google Account"

Cisco Systems disclosed information about a May hack by the Yanluowang ransomware group, which used a compromised employee's Google account. A post by the company's own Cisco Talos threat research arm calls the attack a potential compromise. During the investigation, it was discovered that the credentials of a Cisco employee were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronized. According to forensic evidence, the attack was carried out by the Yanluowang threat group, which has ties to both the UNC2447 and the Lapsus$ cybergangs. Cisco Talos stated that the adversaries were unsuccessful in deploying ransomware but were successful in breaching its network, planting offensive hacking tools, and conducting internal network reconnaissance. The attackers' ability to compromise the targeted employee's Cisco VPN utility and access the corporate network via that VPN software was the crux of the hack. With credentials, attackers used various techniques to circumvent the VPN client's multi-factor (MFA) authentication. Voice phishing and a type of attack known as MFA fatigue were among the efforts. The MFA fatigue attack technique, according to Cisco Talos, is the process of sending a high volume of push requests to the target's mobile device until the user accepts, either accidentally or to silence the repeated push notifications. This article continues to discuss the network breach faced by Cisco via a compromised employee's Google account. 

Threatpost reports "Cisco Confirms Network Breach Via Hacked Employee Google Account"