Cisco says that the information recently posted on a ransomware group’s Tor-based leak site refers to data stolen in a cyberattack three years ago.
The data, a list of credentials apparently exfiltrated from Cisco’s systems, appeared over the weekend on a new data leak site operated by the Kraken ransomware group.
“Cisco is aware of certain reports regarding a security incident. The incident referenced in the reports occurred back in May 2022, and we fully addressed it at that time,” a Cisco spokesperson said, responding to a SecurityWeek inquiry.
“Based on our investigation there was no impact to our customers,” the company’s representative said.
Cisco detailed the cyberattack in August 2022, after a ransomware group named Yanluowang added the tech giant to its leak site, claiming the theft of gigabytes of information.
The incident was attributed to UNC2447, a Russia-linked threat actor known for using FiveHands and HelloKitty ransomware, to the infamous Lapsus$ hacking gang, which dispersed in late 2022 after two British members were arrested and convicted, and to Yanluowang.
In September 2022, the cybercriminals behind the attack leaked the files stolen from Cisco, and the company confirmed that the data originated from its network.
Over the weekend, part of that data, namely a list of usernames, identifiers, and password hashes, was posted on Kraken’s leak site, which features a total of six posts at this time.
Kraken appears to be a rebranding of the HelloKitty ransomware group, as referenced on the leak site, which explains why they have the Cisco data in possession.
The group changed its name more than once over time, and is likely looking to draw attention to the new brand by resurfacing older hacks.
Related: Alabama Man Pleads Guilty to Hacking SEC’s X Account
Related: HPE Says Personal Information Stolen in 2023 Russian Hack
Related: Hacker Who Targeted NATO, US Army Arrested in Spain
Related: US, Dutch Authorities Disrupt Pakistani Hacking Shop Network
