“MFA Fatigue” Help Attackers Breach Cisco Corporate Network

Share post:

Cisco has confirmed a ransomware attack on its corporate network that happened in late May.

Behind the attack was the Yanluowang Ransomware gang. According to Cisco, the attackers were able to steal non-sensitive data from a box folder linked to the account of a compromised employee.

MFA fatigue was critical to helping the attacker break through Cisco’s network. MFA fatigue is also known as MFA prompt spamming. After gaining access to compromised login credentials, a hacker tricks a user by repeatedly sending push notifications to authorize the login.

Through MFA fatigue and a series of sophisticated voice phishing attacks that faked trusted support organizations, the attacker convinced the CISCO employee to accept multi-factor authentication (MFA) push notifications.

The employee was eventually tricked into accepting one of the MFA notifications. The attackers then gained access to the VPN in the context of the target user.

After gaining access to the corporate network, the Yanluowang operators spread laterally to Citrix servers and domain controllers.

The attackers used enumeration tools such as ntdsutil, adfind, and secretsdump to collect more information after accessing domain administrators, and then installed a number of payloads on compromised systems, including a backdoor.

Their activities were discovered by Cisco and eventually driven out of the environment.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways