CISCO got hit and they immediately took control of the story.
The threat actors posted a directory of Drive C on their leak site.
The directory listed 3,176 files, comprising 2,875,897,023 bytes in 2111 Directories.
That information matches was sent as a tip.
It was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
The attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organizations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker.
The attacker succeeded in achieving an MFA push acceptance which grant them access to VPN in the context of the targeted user.
Source: https://response.idx.us/crcs-information-texas/
TPRM report: https://scoringcyber.rankiteo.com/company/cisco
"id": "cis193201022",
"linkid": "cisco",
"type": "Cyber Attack",
"date": "08/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Technology',
'name': 'CISCO',
'type': 'Company'}],
'attack_vector': ['Voice Phishing', 'Credential Compromise'],
'data_breach': {'data_exfiltration': True},
'description': 'CISCO experienced a cyber incident where threat actors gained '
'access to a directory of Drive C and posted it on their leak '
'site. The incident involved credential compromise and '
'sophisticated voice phishing attacks.',
'impact': {'data_compromised': ['3,176 files',
'2,875,897,023 bytes in 2111 Directories']},
'initial_access_broker': {'entry_point': 'Personal Google Account'},
'motivation': 'Data Theft',
'post_incident_analysis': {'root_causes': 'Credential Compromise via Voice '
'Phishing'},
'threat_actor': 'Unknown',
'title': 'CISCO Cyber Incident',
'type': 'Data Breach',
'vulnerability_exploited': 'MFA Push Notification Acceptance'}