Yanluowang Ransomware Gang Leaked Cisco Stolen Data
Cisco Confirms the Data Authenticity but Denies Any Impact on Its Business.
The American technology giant, Cisco, confirmed that the data leaked by Yanluowang ransomware gang on September 11, 2022, is authentic.
The data now released on the dark web was stolen in a cyberattack in May, this year. The company’s network has been breached through the VPN account of an employee.
Cisco’s Take on the Attac
In an update to its initial declaration, the organization reiterates the fact that the stolen data do not contain important information, nor have any impact on the business.
The ransomware attack was stopped before the encryption began, and the data that the threat actors managed to exfiltrate supposedly are non-sensitive files from the employee’s Box folder.
“On September 11, 2022, the bad actors who previously published a list of file names from this security incident to the dark web, posted the actual contents of the same files to the same location on the dark web. The content of these files match what we already identified and disclosed.
Our previous analysis of this incident remains unchanged-we continue to see no impact to our business, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations”, says Cisco.
Hacker’s Take on the Attack
The hackers claim otherwise, pretending to have stolen 55GB of data that contains, among others, important technical documents and source code.
Yanluowang’s leader told BleepingComputer that they stole thousands of files amounting to 55GB and that the cache included classified documents, technical schematics, and source code.
The hacker did not provide any proof, though. They only shared a screenshot indicating access to what appears to be a development system.
Cisco denies all this, sticking to the information already disclosed about the stolen data.
“We have no evidence to suggest the actor accessed Cisco product source code or any substantial access beyond what we have already publicly disclosed,” – says the company, according to BleepingComputer.