According to Cisco Systems Inc., it was the target of a cyberattack in which a hacker made many attempts to penetrate the corporate network of the Silicon Valley Company.
After the hacker posted a list of the files it had taken on the dark web on August, Cisco claimed it first learned of a potential compromise on March 24.
All about the Hack
The San Jose, California-based company said in a blog post mentioned that an investigation revealed the hacker gained access to Cisco’s network by breaking into an employee’s personal Google account, which synced their saved passwords online. The attacker then successfully convinced the employee to accept a multifactor push authentication notification to their device by posing as reputable businesses during phone calls. As a result, the hacker was able to access Cisco’s network using the employee’s login information.
In the blog post, Cisco stated that it had “not uncovered any evidence suggesting that the attacker got access to vital internal systems, such as those connected to product development, code signing, etc.” “The sole successful data exfiltration that took place throughout the attack involved the contents of a Box folder linked to a compromised employee’s account. In this scenario, the adversary’s information was not sensitive.
The attack, according to investigators, was carried out by an opponent who has previously been named as an initial access broker for a number of well-known cybercrime organisations, including the UNC2447, Lapsus$, and Yanluowang ransomware operators. Initial access brokers make an effort to obtain elevated access to business computer networks before offering it to additional hackers. Investigators think UNC2447, Lapsus$, and Yanluowang ransomware operators were behind the attack. This opponent has already been identified as an initial access broker for several infamous cybercrime organizations. Before selling it to other hackers, first access brokers make an effort to obtain privileged access to corporate computer networks.
The cybersecurity company Mandiant concluded last year that UNC2447 is a “aggressive financially driven group” that has attacked enterprises with ransomware in North America and Europe. According to Symantec, a ransomware strain called Yanluowang, named after a Chinese god, has been utilised against US businesses since August 2021. The Lapsus$ group was charged with launching a string of well-publicized assaults against tech giants like Okta Inc., Microsoft Corp., and Nvidia Corp. The breach has been reported by Bleeping Computer.
According to Bloomberg News, the alleged mastermind was a 16-year-old British adolescent who lived with his mother.
Cisco claimed to have discovered proof that the hacker was attempting to encrypt files but was unable to do so before being discovered and thrown out. After the attack had been expelled, there were numerous tries to recover access, according to Cisco.
About the Lapsus$ Gang
Researchers looking into the Lapsus$ group hacks claim that the adolescent hacker is very proficient and quick, to the point where his/her activities were initially assumed to be automated.
Major multinational technological companies have been the target of a hacker group’s one-by-one attacks; well-known companies including Microsoft, Nvidia, Ubisoft, and Samsung have already fallen victim. According to a recent revelation, the notorious Lapsus$ hacking organization is being directed by a kid in England.
The allegations come to light as a result of the multiple cybersecurity experts’ continuous investigations of the impacted companies. According to Bloomberg, at least four experts looking into the Lapsus$ hacking have identified the 16-year-old living with his mother not far from Oxford, England, as the attacker.
There is currently no concrete evidence linking the alleged adolescent to any of the Lapsus$ attacks. Researchers suspect that the adolescent may be connected to the hacker gang based on “forensic evidence from the hacks” and publicly available information.
Although the teen’s real name has not yet been made public, his online aliases of “White” and “breachbase” have been verified. According to the report, the alleged hacker’s personal data has already been exposed by adversarial hackers.
According to Bloomberg, the teenager’s mother spoke with reporters for approximately 10 minutes; she appears to be unaware of the charges currently surrounding her child. Law enforcement agencies are not currently involved in the investigation because there isn’t enough solid evidence to do so.
The youngster is very proficient and quick at hacking, according to the cybersecurity researchers, to the point where they initially believed that his/her activities were automated. Another potential member of the Lapsus$ organization, who may be a teenager living in Brazil, has also been located by the investigators. Up to now, seven distinct accounts connected to the hacking gang have been found, indicating the presence of additional Lapsus$ members.
The organization has so far been successful in attacking major technology companies like Microsoft, Nvidia, Samsung, Ubisoft, Okta, , and others. In a blog post acknowledging the hack, Microsoft noted that Lapsus$ tries to “hack companies, steal their data, and demand a ransom to keep it from being released.” The article continued by pointing out that the gang has even been successful in enlisting insiders from their target companies to assist with their hacking.
However, researchers have a more upbeat outlook on the group’s operations and note that they have “poor operational security.” Researchers have now learned a lot about the alleged teenage hackers as a result of this. Given that the gang is quite public about its cyberattacks and activities, according to Microsoft, it might not take long for cybersecurity researchers to identify the individuals responsible for these attacks.
For more such news read here.