Cisco Denies Recent Chinese Hack
Hackers refute; Data Released on Dark Web
Finally, tech giant Cisco confirmed a recent data leak that occurred in May. The Chinese ransomware gang, “Yanluowang” is the culprit behind the stolen data that was retrieved from the company’s private network. But the reported cyber attack, according to Cisco, is not as devastating, as the hijack has no meaningful effect on the company’s core operation.
Further details about the leak released by the company’s initial assessment; states the hack has no damaging impact on Cisco products or services. Also, there were no identifiable effects on sensitive data of customers and employees, as well as intellectual property, or supply chain operations.
However, on September 11, 2022, the hackers again posted a list of file names from the Cisco security breach to the dark web. With the second publication, the threat actors published the actual contents of the same files to the same location – based on previous identification and disclosure.
Apparently, while Cisco denied the effect of the latest hack on its network; it clearly shows that the Yanluowang ransomware gang infiltrated and breached its network. Analytical reports highlighted that the hackers gain entrance through a Cisco employee VPN account. Most of the stolen data consisted of non-sensitive files from the employee’s inbox folder. However, according to the company, the hack was halted before Yanluowang even had a chance to encrypt its systems.
FiveHands and Evil Corp Attacks
Meanwhile, the strange hacking saga gets a little foggy, with Yanluowang’s leader rebuffing Cisco’s claims. According to the hacking group’s leader, they successfully stole thousands of files totaling 55GB, which includes classified documents, technical schematics, and even some of the tech company’s source codes. And while the hackers released no solid evidence to back up their claim, a single screenshot of what resembles a development system was revealed by the Chinese hackers.
For now, the reason why the criminal hackers’ claims cannot be easily shot down is largely due to researchers at cybersecurity firm eSentire. The cyber security team had published hacking evidence, which links Cisco to the FiveHands ransomware (UNC2447). In addition, the prime suspects, Yanluowang, “Evil Corp” (UNC2165), indeed breached Cisco’s network.
And so the mystery continues with Cisco’s denial of the recent hack done in May. The tech giant still refutes the notion that hackers from the dark web accessed, much less exfiltrated any source code from its private database.