Cisco reveals it was target of phishing attack

The IT giant says it became aware of a potential compromise on May 24

Cisco has revealed it was the target of a cyber incident after a threat actor launched a phishing attack on an employee.

The IT giant says it became aware of a potential compromise on 24 May which targeted its corporate IT infrastructure.

An investigation found the employee's credentials were compromised after an attacker gained control of a personal Google account where details saved in the victim's browser were being synchronised.

It's Talos blog claims the attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organisations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications.

"The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to VPN in the context of the targeted user," Cisco said.

"After obtaining initial access, the threat actor conducted a variety of activities to maintain access, minimise forensic artifacts, and increase their level of access to systems within the environment."

Cisco claims the threat actor was successfully removed from the environment despite them repeatedly attempting to regain access in the weeks following the attack.

The company has since made steps to remediate the impact of the incident and further harden its IT environment.

Cisco says it did not identify any impact to the business because of this incident, including no impact to any Cisco products or services, sensitive customer data or sensitive employee information, intellectual property or supply chain operations.

"Every cybersecurity incident is an opportunity to learn, strengthen our resilience, and help the wider security community," it said.

"Cisco has updated its security products with intelligence gained from observing the bad actor's techniques, shared Indicators of Compromise (IOCs) with other parties."