Cisco has fallen victim to a ransomware attack, compromising sensitive data from its internal network. The breach, attributed to the ‘Kraken ransomware group’, has raised serious concerns about the security of the tech giant’s operations and the potential impact on its clients.
The attack, which was publicly disclosed by Cyber Press Research Report on February 10, 2025, involved the theft of sensitive credentials from Cisco’s Windows Active Directory environment. The Kraken ransomware group, known for its sophisticated cyber tactics, allegedly gained access to Cisco’s network and extracted usernames, security identifiers (SIDs), and NTLM password hashes. These credentials were then leaked online, posing severe security risks to Cisco’s corporate environment.
The attackers reportedly used credential-dumping tools like Mimikatz to harvest data from the Local Security Authority Subsystem Service (LSASS) memory. The compromised accounts include privileged administrator accounts, regular user accounts, and service and machine accounts tied to domain controllers. The breach has the potential to escalate privileges within Cisco’s network, deploy ransomware, and exfiltrate sensitive corporate and customer data.
To address the breach, cybersecurity experts recommend forced password resets for all affected user and service accounts, disabling NTLM Authentication to reduce credential reuse risks, enhanced monitoring of network activity, and the deployment of advanced security tools to detect and respond to malicious activities. Organizations are also advised to adopt proactive defense strategies such as Endpoint Detection and Response (EDR) and enabling Multi-Factor Authentication.
#CyTech #CyTechNewsRoom #Cybersecurity #CISO #CISOWorkplace™ #EDR #CIM #CSRM #Ransomware #Kraken #Cisco
Leave a Reply