A month after confirming its systems were breached, networking giant Cisco reported that the attack was a failed ransomware attempt conducted on behalf of the Lapsus$ group.
The cybercriminals obtained access to Cisco’s systems with a social engineering attack that began with an attacker taking control of an employee’s personal Google account, where credentials saved in the victim’s browser were being synchronized. Then, in a series of sophisticated voice phishing attacks, the gang convinced the victim to accept multifactor authentication (MFA) push notifications, giving crooks the ability to log in to the corporate VPN as if they were the victim.
