Google: A Hacker Breached Our Network Through Employee’s Google Account: Cisco

Networking giant Cisco has admitted a cybersecurity breach through Google’s “successful compromise,” saying no data was compromised.

The attacker carried out a series of sophisticated voice phishing attacks under the guise of various trusted organizations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker, the own the company’s Cisco Talos threat research arm in a blog post.

The incident happened in May and since then the company has been working to remediate the attack.

“During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker took control of a personal Google account where the credentials saved in victim’s browser were synced,” Cisco Talos wrote.

Advertising

The company said it did not identify evidence to suggest the attacker gained access to critical internal systems, such as product development, code signing, etc.

“The threat actor was successfully removed from the environment and demonstrated persistence, repeatedly attempting to regain access in the weeks following the attack; however, these attempts failed,” Cisco said.

Discover the stories that interest you

According to the company, the attack was carried out by an adversary previously identified as an Initial Access Broker (IAB) with ties to the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware Operators.

Lapsus$ is a group of threat actors believed to have been responsible for several previous notable breaches of corporate environments.

Cisco said it implemented a company-wide password reset immediately after learning of the incident.

The company did not observe the deployment of ransomware in this attack.

In many cases, threat actors have been observed targeting backup infrastructure to further suppress an organization’s ability to recover from an attack.

“Ensuring backups are offline and tested periodically can help mitigate this risk and ensure an organization’s ability to recover effectively from an attack,” the company said.

Leave a Comment