Multi-national tech conglomerate Cisco has confirmed that the Yanluowang ransomware gang breached its corporate network in late May, and that the group tried to extort them by threatening to leak stolen files online. The Yanluowang gang claims to have stolen 2.8 GB of data, consisting of approximately 3,100 files which Cisco has described as "not sensitive."
An investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that the threat actors compromised a Cisco employee’s credentials after gaining control of a personal Google account, where credentials saved in the victim’s browser were being synchronized.
After obtaining the credentials, the attackers launched voice-based phishing attacks in an attempt to trick the victim into accepting the multi-factor authentication (MFA) push notification started by the attacker. The attacker convinced the Cisco employee to accept MFA push notifications through MFA fatigue. Cisco says that the Yanluowang gang did not deploy any ransomware on its network during the attack.
The Advanced Email Security pack for Acronis Cyber Protect Cloud prevents malicious emails from reaching users' inboxes, while the included multi-layered detection identifies and blocks malware threats from executing before they can impact your systems or data.