Ransomware Group

Yanluowang

Status: inactive • First seen 2021-1050+ known victims

Yanluowang hackers broke into companies manually rather than using automated tools. They gained attention when they claimed to have breached Cisco, one of the largest networking companies.

Overview

Yanluowang was a manually deployed ransomware that targeted financial institutions and technology companies. The group was linked to the Lapsus$ breach of Cisco.

Target Industries

Finance, Manufacturing, Technology, Professional Services

How They Attack

  • Manual deployment
  • Financial sector focus
  • Process termination
  • Living-off-the-land

Notable Victims

Cisco (2022), Financial institutions

Is your business exposed?

How to Protect Against Yanluowang

  1. 1.

    Monitor for lateral movement techniques

  2. 2.

    Implement privileged access management

  3. 3.

    Deploy deception technology

MITRE ATT&CK Techniques

T1486, T1489, T1059, T1078

Related Groups

Lapsus

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices