Cisco confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee’s personal Google account that contained passwords synced from their web browser.
“Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account” “The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account.”Besides the credential theft, there was also an additional element of phishing wherein the adversary resorted to methods like vishing (aka voice phishing) and multi-factor authentication (MFA) fatigue to trick the victim into providing access to the account.