How a Former Cisco Engineer Sabotaged Cloud Infrastructure and What It Means for Security

U.S. prosecutors and the FBI announced on August 26 that former Cisco employee Sudhish Kasaba Ramesh pleaded guilty in the San Jose federal court, admitting he illegally intruded into Cisco’s cloud infrastructure and caused extensive damage.

Ramesh was employed by Cisco from July 2016 to April 2018. Five months after leaving, on September 24 2018, he accessed Cisco’s Amazon Web Services‑hosted cloud environment without authorization and deployed code from his Google Cloud project, which deleted 456 WebEx Teams virtual‑machine instances.

During his plea, Ramesh said he acted recklessly and deliberately ignored the huge risk of harming Cisco.

The attack disabled more than 16,000 WebEx Teams accounts for two weeks, forcing Cisco to spend roughly $1.4 million in staff time to restore the service and to refund over $1 million to affected customers.

No customer data was leaked. Ramesh is charged under 18 U.S.C. § 1030(a)(5)(B) and (c)(4)(A)(i)(I) for intentional unauthorized access to a protected computer and reckless damage, offenses punishable by up to five years in prison and a $250,000 fine.

Ramesh remains out on $50,000 bail, with a sentencing hearing scheduled for December 9 2020 in San Jose.

Cisco stated that the issue was resolved promptly in September 2018, no customer information was exposed, and additional protective measures have been implemented to prevent similar incidents.