Ransomware

Cisco Continues to Deny Kraken Ransomware Attack

A digital warning sign with "SYSTEM HACKED" in bright red, overlaying a complex background of computer code and digital interfaces, with a deep blue and black color scheme, creating a sense of urgency and alarm.

(Adobe Stock)

Cisco has again rebuffed claims that its internal networks were compromised by the Kraken ransomware operation, which proceeded to post sensitive information allegedly stolen from its systems, according to Hackread.

The Kraken ransomware gang claimed it stole Cisco's Windows Active Directory environment credentials, usernames and related domains, accounts' unique relative identifiers, and NTLM hashes through several credential dumping tools.

However, Cisco disclosed that the stolen credentials had already been exposed in a breach nearly three years ago.

"The incident referenced in the reports occurred back in May 2022, and we fully addressed it at that time. Based on our investigation, there was no impact to our customers," said Cisco.

Cisco previously noted the intrusion, attributed to a UNC2447-linked initial access broker, did not result in any critical internal systems infiltration. The reemergence of previously exfiltrated information emphasizes the importance of proactive security defenses against mounting credential-based cyberattacks.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

You can skip this ad in 5 seconds