New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Yanluowang Ransomware Group Leaked Cisco Data

Cisco has confirmed that the data leaked by the Yanluowang ransomware gang was stolen from the company’s network during an intrusion in May. According to the latest update from the company, the leak does not change the earlier conclusion that the attack had no impact on the company’s operations. “On September 11, 2022, the bad actors who previously published a list of file names from this security incident to the dark web, posted the actual contents of the same files to the same location on the dark web. The content of these files match what we already identified and disclosed. Our previous analysis of this incident remains unchanged-we continue to see no impact to our business, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations,” stated Cisco.

Analyst Notes

According to a report published by Cisco in August, the network had been compromised after the gang gained access to an employee’s VPN account. The company claims that non-sensitive files from an employee’s Box folder were part of the stolen data. The intrusion was stopped before the ransomware could start encrypting files. However, the threat actor claimed that they had obtained 55GB of data, including classified documents, technical schematics, and source code. On the other hand, the gang didn’t provide any evidence except a screenshot that showed access to what appeared to be a development system. According to reporters, Cisco denied that the intruders had stolen or gained access to any source code. “We have no evidence to suggest the actor accessed Cisco product source code or any substantial access beyond what we have already publicly disclosed,” stated Cisco.