Yanluowang Ransomware Hackers Steal 55GB of Data From Cisco Network

The Yanluowang ransomware gang reportedly infiltrated Cisco's network back in May. The popular IT company based in San Jose, California, has confirmed the said attack.

According to the latest report, the cybercriminals behind the scheme have already admitted to the data leak that took place months ago.

In a report by Security Affairs on Monday, Sept. 12, Cisco Talos and Cisco Security Incident Response (CSIRT) have discovered that the hackers have taken control of a Google account where several personal information was stored.

The investigation includes that the credentials in the network were contained in the browser of the victim. This data was synchronized to it.

When the Yanluowang attackers accessed the network, a series of phishing attacks were deployed. The hackers used this to deceive the victim via an MFA push alert.

By the time the victim receives a push notification, the hacker will finally get the VPN information of the user. As such, the attacker will ask the victim to get the multi-factor authentication sent by the remote attacker.

At the time, the ransomware gang utilized various Cisco tools, including Mimikatz, TeamViewer, Impacket, Cobalt Strike, and other remote access software.

Although a huge data breach occurred, Cisco said that the security scheme left no impact on its business. In short, there was no confidential data that the hackers stole during the intrusion.

"On September 11, 2022, the bad actors who previously published a list of file names from this security incident to the dark web, posted the actual contents of the same files to the same location on the dark web. The content of these files matches what we already identified and disclosed.

Our previous analysis of this incident remains unchanged-we continue to see no impact to our business, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations,"

Yanluowang Hackers Stole a Huge Chunk of Files

In another story from Bleeping Computer, the leader of the hackers confessed that the group managed to rob away 55GB of precious files from Cisco.

In an interview with the information security news site, the stolen data were source codes, documents, schematics, and more.

Although no proof was provided, the ransomware member shared a quick screenshot of a system hack. Even Bleeping Computer could not tell if the information was legit or not.

The hacker said that they have no affiliation with other hacking groups.

This was not the first time the Yanluowang hackers were involved in a security incident. A few weeks ago, eSentire wrote a report that the same group also has a connection to FiveHands ransomware and Evil Corp ransomware.

Late last month, HoYoVerse, the creator behind "Genshin Impact," discovered a ransomware exploit on the said game.