By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Security Parrot - Cyber Security News, Insights and ReviewsSecurity Parrot - Cyber Security News, Insights and Reviews
Notification
Latest News
Malicious WhatsApp spreads through legitimate applications
October 16, 2022
Scammers fake Windows problems, forcing users to call them back
October 15, 2022
Another 0-day bug has been found in Microsoft Exchange, and LockBit ransomware operators are exploiting it
October 15, 2022
Microsoft has fixed more than 80 vulnerabilities, but there are still no patches for ProxyNotShell
October 14, 2022
Roskomnadzor regularly updates the list of blocked VPN services
October 14, 2022
Aa
  • News
  • Tutorials
  • Security InsiderComing Soon
  • Expert InsightComing Soon
Reading: Cisco hacking linked to Russian-speaking hackers
Share
Security Parrot - Cyber Security News, Insights and ReviewsSecurity Parrot - Cyber Security News, Insights and Reviews
Aa
Search
  • News
  • Tutorials
  • Security InsiderComing Soon
  • Expert InsightComing Soon
Follow US
Security Parrot - Cyber Security News, Insights and Reviews > News > Cisco hacking linked to Russian-speaking hackers
News

Cisco hacking linked to Russian-speaking hackers

Last updated: 2022/09/06 at 10:14 AM
Security Parrot Editorial Team Published September 6, 2022
Share
SHARE

Experts from eSentire have determined that the infrastructure used to attack Cisco in May 2022 was used to compromise an unnamed HR solutions company a month earlier. Researchers believe that malicious actors associated with Evil Corp. are behind these incidents.

Let me remind you that in August 2022, Cisco representatives confirmed that in May, the company’s corporate network was hacked by the Yanluowang extortionist group. Later, the attackers tried to extort money from Cisco, otherwise threatening to publish the data stolen during the attack in the public domain. Then the company emphasized that the hackers managed to steal only non-confidential data from the Box folder associated with the hacked employee account.

Analysts at eSentire now say that the attack could have been the work of a criminal known as mx1r. It is believed that he is a member of one of the “branches” of the well-known Russian-speaking group Evil Corp (aka UNC2165).

The researchers write that the victim’s network was initially accessed using stolen VPN credentials, and then the attackers used ready-made tools for lateral movement.

“With the help of Cobalt Strike, the attackers were able to gain a foothold in the system. They acted quickly from the moment of initial access to the moment when they were able to register their own virtual machine in the victim’s VPN network, ”the experts say.

Researchers suspect mx1r’s connection with Evil Corp due to the coincidence of a number of attackers’ tactics. Including due to the organization of a kerberoas attack on the Active Directory service and the use of RDP for promotion in the company’s network.

At the same time, despite these connections, the HiveStrike infrastructure used to organize the attack generally corresponds to the infrastructure of one of the “partners” of the Conti group, which had previously distributed the Hive and Yanluowang ransomware. It was these hackers who eventually published the stolen data that Cisco has on its dark website.

Cisco representatives themselves wrote that the attack was most likely “carried out by an attacker who was previously an initial access broker and had connections with the UNC2447 cybercrime group, the Lapsus $ group, and the Yanluowang ransomware operators.”

Weekly Updates For Our Loyal Readers!

Security Parrot Editorial Team September 6, 2022
Share this Article
Facebook Twitter Email Copy Link Print

Archives

  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

You Might Also Like

News

Malicious WhatsApp spreads through legitimate applications

October 16, 2022
News

Scammers fake Windows problems, forcing users to call them back

October 15, 2022
News

Another 0-day bug has been found in Microsoft Exchange, and LockBit ransomware operators are exploiting it

October 15, 2022
News

Microsoft has fixed more than 80 vulnerabilities, but there are still no patches for ProxyNotShell

October 14, 2022

© 2022 Parrot Media Network. All Rights Reserved.

  • Home
  • Parrot Media Group
  • Privacy Policy
  • Terms and Conditions
Join Us!

Subscribe to our newsletter and never miss our latest news, podcasts etc..

Zero spam, Unsubscribe at any time.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?