Cisco confirms data leaked to dark web after cyber attack

The IT giant has posted an update on the cyber incident where a phishing attack was imposed on an employee

Cisco has confirmed that threat actors who hacked its network earlier this year leaked data to the dark web.

The IT giant has posted an update on the cyber incident where a phishing attack was imposed on an employee.

File names were published to the dark web following the attack, but on 11 September Cisco became aware the actual contents of the same files were published as well.

However, Cisco stressed the incident has not affected the business.

"Our previous analysis of this incident remains unchanged-we continue to see no impact to our business, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations," the company said on its Talos blog.

Cisco became aware of the attack on May 24 and an investigation was launched.

It found an employee's credentials were compromised after an attacker gained control of a personal Google account where details saved in the victim's browser were being synchronised.

The attacker also conducted a series of sophisticated voice phishing attacks under the guise of various trusted organisations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications.

After achieving this, they were granted access to VPN in the context of the targeted user.

While Cisco says the attack was not severe, it did say the bad actor was persistent and repeatedly attempted to regain access after being removed.

"However, these attempts were unsuccessful," Cisco said.

"Every cybersecurity incident is an opportunity to learn, strengthen our resilience, and help the wider security community.

"Cisco has updated its security products with intelligence gained from observing the bad actor's techniques, shared Indicators of Compromise (IOCs) with other parties."