Cisco has repudiated the purported compromise of its internal network by the Kraken ransomware operation, which proceeded to post sensitive information allegedly stolen from its systems, according to Hackread.
While Kraken ransomware was reported to have claimed the theft of Cisco's Windows Active Directory environment credentials, usernames and related domains, accounts' unique relative identifiers, and NTLM hashes through several credential dumping tools, Cisco disclosed that the stolen credentials had already been exposed in a breach nearly three years ago.
"The incident referenced in the reports occurred back in May 2022, and we fully addressed it at that time. Based on our investigation there was no impact to our customers," said Cisco, which previously noted the intrusion attributed to a UNC2447-linked initial access broker to not have resulted in any critical internal systems infiltration.
Such reemergence of previously exfiltrated information emphasizes the importance of proactive security defenses against mounting credential-based cyberattacks.
