Cisco Talos shares insights related to recent cyber attack on Cisco

August 11, 2022

Once the attacker had obtained initial access, they enrolled a series of new devices for MFA and authenticated successfully to the Cisco VPN. The attacker then escalated to administrative privileges, allowing them to login to multiple systems, which alerted Cisco Security Incident Response Team (CSIRT), who subsequently responded to the incident. The actor in question dropped a variety of tools, including remote access tools like LogMeIn and TeamViewer, offensive security tools such as Cobalt Strike, PowerSploit, Mimikatz, and Impacket, and added their own backdoor accounts and persistence mechanisms.

Featured Resources

blog

When Operational Efficiency Equals Compliance

This is Part 3 of our five-part series on Continuous Threat Exposure Management (CTEM). In today’s regulatory landscape, operational efficiency

CUSTOMERS

Non-profit Increases Financial Efficiency and Strengthens Cybersecurity Defenses

Facing increasing threats and tighter budgets, Walsall Housing Group Limited (whg), a UK housing association, turned to Cymulate to optimize

blog

Finding the Right Fit: Vulnerability Assessment vs. Penetration Testing

With more cyber threats than ever before, protecting your organization’s assets and sensitive data has never been more critical. Businesses

Subscribe to Our Blog

Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.