back to article Cisco admits corporate network compromised by gang with links to Lapsus$

Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee's personal Google account was compromised – an act a ransomware gang named "Yanluowang" has now claimed as its work. The world's largest networking vendor disclosed the months-old compromise after a list of files …

  1. Pascal Monett Silver badge

    Once again

    Somebody clicked on a stupid attachment, and miscreants walked all over Cisco's IT.

    I would say kudos to Cisco's security team for at least detecting them, but unfortunately they still got off with data.

    Ideally, they should have been blocked before that.

    Now the question is : why on God's Green Earth didn't they deploy an encryption tool ?

    Did they save that for next time ?

  2. Kurgan

    So a Cisco Employee had their credentials on personal google drive?

    So a Cisco Employee had their credentials on personal google drive? It seems like a TOTAL NO-NO. Someone did not teach security practices properly or that employee has to be fired, mega-fired, ultra-fired.

  3. Anonymous Coward
    Anonymous Coward

    "The attacker "then escalated to administrative privileges, allowing them to login to multiple systems" "

    Cisco should definitely demand that their hardware vendor fix their broken and obviously insufficient device security. Oh, wait...

    You'd think that Cisco, being Cisco, would be running all the newest high-end IDS/IPS wiz-bang stuff and would have seen this coming from a mile away and dealt with it before it got anywhere or could send any data out. I mean, hell, if Cisco can't even keep control of the networks that they themselves design and build, what hope do any of the rest of us mere mortals have?

  4. Anonymous Coward
    Anonymous Coward

    The biter bit..............................


    Golden Rule: There are NO good guys!!

    So Cisco and their friends in Fort Meade get some of the crap which they have dished out to millions of others in the last twenty years.

    Do they like it? Looks like they think "It's OK for us (good guys) to dish out this crap.......but please be sympathetic when WE get the same treatment!". sympathy here!!

    Please....someone.....just close down Fort Meade and Cheltenham!!!

    1. gerdesj Silver badge

      Re: The biter bit..............................

      Cheltenham? Lovely old town, some delightful architecture.

  5. Anonymous Coward
    Anonymous Coward

    It's fun ... but

    It's fun because it's Cisco but it points out that many of the ransomware stories we see are the result of a clueless employee letting the bad guys in.

    It's easy for a gang to fake it til they make it until they find that clueless employee and then they have a hole they can exploit.

    Cisco responded much quicker than most companies do (or could do). But as for their "nothing to see here" statements, they are Cisco and I doubt we'll ever get the full story.

    1. sanmigueelbeer Silver badge

      Re: It's fun ... but

      Cisco responded much quicker than most companies do

      Most other companies have a (small) team but Cisco, however, has a large army of security specialist plus other subsidiaries, like TALOS.

      And the intruders were not prepared. They got in and move laterally exfiltrated a few GB worth of data. They did not lock up any files nor destroyed any. Yup, the intruders were ill-prepared.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like