Kraken ransomware gang claims breach of Cisco, the company says it's old data
Learn More
The Kraken ransomware gang is claiming a breach of the Cisco internal network and published what appeared to be sensitive credentials from Cisco's internal network on their dark web site.
The published data allegedly contains:
- Domain user accounts
- Unique identifiers (Relative Identifiers or RIDs)
- NTLM password hashes
- Privileged administrator accounts
- Regular user accounts
- Service and machine accounts
- Kerberos Ticket Granting Ticket (krbtgt) account information
The leaked dataset appears to be structured with:
- Username and Domain information
- Relative Identifier (RID)
- LM Hash (typically disabled)
- NTLM Hash
The number of affected individuals is not disclosed.
Security researchers believe the data was extracted using credential-dumping tools such as Mimikatz, pwdump, or hashdump. The exposure of such credentials could potentially enable various attack techniques, including privilege escalation, lateral movement, and unauthorized access to critical systems.
Cisco has clarified that this incident is not new - it relates to a previously disclosed breach from May 2022, details of which were published in an August 2022 Cisco Talos blog post. A Cisco spokesperson has officially stated: "The incident referenced in the reports occurred back in May 2022, and more details can be found in this blog post that Cisco Talos, our threat intelligence organization, published back in August 2022."
