Skip to main content

Employee’s compromised Google credentials led to Cisco breach

posted onAugust 15, 2022
by l33tdawg
SC Magazine
Credit: SC Magazine

Cisco shared on its website Wednesday that it identified a security incident targeting its corporate IT infrastructure on May 24, saying it took immediate action to remediate the impact and has since hardened its IT environment.

Also on Wednesday on its security blog on Cisco Talos, the company’s security team said an employee’s credentials were compromised after an attacker gained control of a Google account where credentials saved in the victim’s browser were synched.

Using a series of sophisticated voice phishing attacks, the victim eventually accepted multi-factor authentication (MFA) push notifications made by the attacker, which granted access to the VPN of the victim. The security team posted that the attacker did not gain access to critical systems, but tried to give themselves the ability to maintain and increase their access to systems before being successfully removed. The attacker has been observed repeatedly trying to regain access in the weeks following the attack, but were unsuccessful.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th