A series of sophisticated voice phishing attacks was used to gain access to Cisco’s virtual private network (VPN) in 2022, the company has revealed.
TAG: Cisco attack
MALWARE FAMILY: Cobalt Strike
ATT&CK IDS: T1566 - Phishing, T1078 - Valid Accounts, T1569.002 - Service Execution, T1136.001 - Local Account, T1098 - Account Manipulation, T1546.012 - Image File Execution Options Injection, T1070 - Indicator Removal on Host, T1070.001 - Clear Windows Event Logs, T1036.005 - Match Legitimate Name or Location, T1562.004 - Disable or Modify System Firewall, T1112 - Modify Registry, T1003.001 - LSASS Memory, T1003.002 - Security Account Manager, T1021 - Remote Services, T1012 - Query Registry, T1071.001 - Web Protocols, T1219 - Remote Access Software, T1573.002 - Asymmetric Cryptography, T1090.003 - Multi-hop Proxy, T1048 - Exfiltration Over Alternative Protocol
Read More:
Commentaires