Cisco Systems Inc. revealed on Wednesday that it had been hacked by a cyberattack from a hacker linked to a number of known cybercrime organizations.
In a blog post, Cisco Talos — the company’s threat intelligence business — said it became aware of the attack on May 24. He said a hacker used the credentials of a Cisco employee and “performed a series of sophisticated voice phishing attacks,” ultimately gaining access to his corporate network.
Earlier Wednesday, “bad actors released a list of files from this security incident onto the dark web,” Cisco said in a separate statement.
Cisco CSCO, based in San Jose, California,
said the incident was limited to its corporate IT environment and did not appear to involve sensitive customer data or private employee information.
“We have not identified any evidence to suggest that the attacker gained access to critical internal systems, such as those related to product development, code signing, etc.,” the company said. “The only successful data exfiltration that occurred during the attack involved the contents of a Box folder associated with a compromised employee’s account. The data the adversary obtained in this case was not sensitive.
Cisco said the hacker was successfully removed, but “was persistent and made repeated attempts to gain access in the weeks following the attack; however, these efforts failed.
No ransomware was detected and steps were taken to “further harden” Cisco’s IT environment, the networking giant said.
Cisco said it believed the hacker was an initial access broker with ties to the UNC2447 ransomware gang, Lapsus$ cybercrime group and Yanluowang ransomware operators. Earlier this year, Lapsus$ systems from Okta Inc. OKTA,
and Microsoft Corp. MSFT,
Cisco shares are down 27% year-to-date, compared with the 8% drop in the Dow Jones Industrial Average DJIA,
of which it is a component.