Cisco has confirmed that the data leaked yesterday by the Yanluowang ransomware gang was stolen from the company network during a cyberattack in May.
On September 11, 2022, the bad actors who previously published a list of file names from this security incident to the dark web, posted the actual contents of the same files to the same location on the dark web.
In a report in August, Cisco announced that its network had been breached by the Yanluowang ransomware after the hackers compromised an employee’s VPN account.
According to the company, the stolen data included non-sensitive files from the employee’s Box folder and the attack was contained before Yanluowang ransomware could start encrypting systems.
The threat actor, however, claimed otherwise. Yanluowang’s leader told BleepingComputer that they stole thousands of files amounting to 55GB and that the cache included classified documents, technical schematics, and source code.
The hacker did not provide any proof, though. They only shared a screenshot indicating access to what appears to be a development system. BleepingComputer could not verify the accuracy of this claim.
When asked for a comment on the matter, Cisco denied the possibility that the intruders had exfiltrated or accessed any source code.