Recent Cyber Attacks, Data Breaches & Ransomware Attacks December 2022

Date: 2 January 2023

Featured Image

Ending the year with a bang has a very different connotation in the world of cybersecurity. Here is a roundup of all the cyber-attacks, data breaches, ransomware attacks in December 2022, along with the new malware & vulnerabilities that made the news in the last month of the year.

2022 has been nothing short of a watershed year for the world of IT & cyber security. Uber made the news repeatedly for two data breaches and the conviction of its former CISO - a never-seen-before moment in world cyber history.  The attacks on Australian organisations in the year could fill up pages and we'd still not be done. Add the many crypto attacks, healthcare attacks, high-profile victims like Nvidia and Toyota, the rampage of Conti and Lapsus$ ransomware and you truly have a cybersecurity potboiler.   

The idea of the above statement and the data below is not to create panic or chaos. We do a monthly roundup of the biggest cyber attacks, data breaches and ransomware simply to turn the spotlight back on the conversation about organisational preparedness and cyber resilience. 

If 2022 has taught us anything it is that you can NEVER be prepared enough - regardless of your size, your industry or your location. It's therefore in the best interest of every organisation to put cybersecurity as their #1 priority in 2023.

If you need help getting started or having your cyber incident plans and procedures reviewed and refreshed, consider hiring an expert conveniently and cost-effectively through services such as the Virtual Cyber Consultant and Virtual Cyber Assistant. These cybersecurity experts can also help you achieve compliance and become certification-ready.  

Some of the areas in which our Virtual Cyber Experts can help include: 

- Creating new or refreshing existing Business Continuity and Disaster Recovery Plans
- Testing the effectiveness of your Incident Management Policies and Procedures
- Becoming Cyber Essentials ready or ISO 27001 certified  

Below are the other biggest cyber-attacks, ransomware attacks and data breaches in December 2022 that made headlines in the month gone by. 

  1. Cyber-Attacks in December 2022
  2. Data Breaches in December 2022
  3. Ransomware Attacks in December 2022
  4. New Ransomware/Malware Detected in December 2022
  5. Vulnerabilities/Patches 
  6. Advisories issued, reports, analysis etc. in December 2022 

Cyber Attacks in December 2022

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

Dec 1, 2022

COWIN

After AIIMS, another Indian health sector asset, COWIN platform, suffers an attack

Nazil Blackhat

The Iranian hacker who targeted COWIN portal had shared his Telegram username on Darkweb and wrote that the person who wants to buy COWIN's ACCESS from him should contact him on Telegram.

Indian Corona Vaccine platform CoWin cyber attack

Dec 1, 2022

Russian court, Russian mayor's offices

Data-wiping malware hits Russian courts, city halls

CryWiper

A data erasing malware that masquerades as ransomware but wipes data from infected devices instead of holding it for ransom has been found targeting Russian organisations.

Russian courts and mayor offices hit by data wiping malware attack

Dec 2, 2022

Voyager Worldwide

Voyager Worldwide hit by a cyber attack

Unknown

Hackers took all systems of Voyager Worldwide (that boasts of more than 1,000 shipping companies as customers around the world) offline. 

Voyager Worldwide cyber attack

Dec 3, 2022

BTC.com

BTC.com loses $3 million worth of cryptocurrency in cyberattack

Unknown

In the cyberattack, certain digital assets were stolen, including approximately US$700,000 in asset value owned by BTC.com's clients, and approximately US$2.3 million in asset value owned by the Company.

BTC.com cyberattack

Dec 5, 2022

VTB bank

Massive DDoS attack takes Russia’s second-largest bank VTB offline

The pro-Ukraine hacktivist group, 'IT Army of Ukraine’

VTB Bank has called the attack the 'worst cyber attack' in its history after its website and mobile apps were taken offline.

Russia’s second-largest bank VTB goes offline due to a DDoS attack

Dec 7, 2022

Metropolitan Opera

Metropolitan Opera dealing with "crippling" cyber attack that shut down website, box office

Unknown

The attack impacted the network systems, including their website, box office, and call center. 

Metropolitan Opera cyber-attack

Dec 14, 2022

TPG Telecom

TPG Telecom enters the list of hacked Australian companies; shares slide

Unknown

Australian Internet services provider TPG Telecom became the latest victim of a cyber attack as the hacker accessed up to 15,000 emails of of its corporate customers.

TPG Telecom Ltd cyber attack

Dec 14, 2022

FuboTV

FuboTV faces outage due to cyber attack during World Cup semifinal

Unknown

Football fans were left seething as they were unable to watch the World Cup semifinal on FuboTV due to a cyber attack that knocked out the platform.

FuboTV cyber attack hurts sentiments of FIFA World Cup fans 

Dec 14, 2022

Japanese Ministry

Hackers target Japanese politicians with new MirrorStealer malware

MirrorFace

A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named ‘MirrorStealer’.

Japanese ministry attack

Dec 15, 2022

Ukrainian Government

Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government

Allegedly Russian hackers 

Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.

Ukrainian government attack

Dec 16, 2022

Fire Rescue Victoria

Fire Rescue Victoria confirms cyber attack from 'external third party' 

Unknown

The attack affected most of the systems, including FRV network, emails and dispatch.

Fire Rescue Victoria Cyber-Attack

Dec 16, 2022

DELTA Military Systems

Ukraine's DELTA military system users targeted by info-stealing malware

Unknown

A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the 'DELTA' situational awareness program to infect systems with information-stealing malware.

DELTA military system users under attack

Dec 20, 2022

Comcast, Xfinity

Comcast Xfinity accounts hacked in widespread 2FA bypass attacks

Unknown

Customer accounts allegedly hacked in widespread attacks that bypassed two-factor authentication. Compromised accounts were then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges.

Comcast Xfinity  cyber-attack

Dec 26, 2022

BitKeep

Hackers steal $8 million from users running trojanized BitKeep apps

Unknown

BitKeep has not determined how much money was lost due to these hacks, but transaction tracking service PeckShield reported that approximately $8 million worth of assets have been stolen so far.

BitKeep apps cyber attack incident

 

Cyber-attacks are coming one way or the other. The only solution? Get ready. 

Being prepared with a robust, effective and fit-for-purpose cyber incident response plan is critical for 2023. Don't have a plan yet? No problem. Download our FREE cyber incident response plan template and start building yours today. Make sure it's simple, fuss-free and focussed on what really matters. 

Back to Top 

New call-to-action

Data Breaches in December 2022

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

Dec 5, 2022

Amnesty International Canada

Amnesty International Canada breached by suspected Chinese hackers in early October, 2022.

Chinese hackers suspected

It’s not clear whether the attackers exfiltrated donor or membership data

Amnesty International Canada data breach

Dec 10, 2022

Uber

Uber suffers new data breach after attack on vendor, info leaked online

A breach forum, UberLeaks, that tries to link itself to Autistic Fisherman 

The newly leaked data consisted of source code, IT asset management reports, data destruction reports, Windows domain login names and email addresses for over 77,000 Uber employees, and other corporate information.

Uber’s new data breach

Dec 11, 2022

SentinelOne SDK python client

Malicious ‘SentinelOne’ PyPI package steals data from developers.

Unknown

Threat actors published a malicious Python package on PyPI, named 'SentinelOne,' that pretends to be the legitimate SDK client for the trusted American cybersecurity firm but, in reality, steals data from developers.

Malicious ‘SentinelOne’ package 

Dec 12, 2022

The city of Diest

The city of Diest becomes the victim of a cyber attack: city services and schools, amongst others, affected.

Unknown

All of the city services were taken down. Local residents could not be helped at the counters of the town hall as the library, schools and cultural centre Den Amer were also affected by the cyber attack. 

City of Diest cyber-attack

Dec 12, 2022

Twitter

Twitter confirms recent user data leak is from 2021 breach

Unknown

Twitter confirmed that the November 2022 leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022 and it further linked this to the incident in which a threat actor released a JSON file containing the complete set of 5.4 million records scraped in 2021.

Twitter data breach incident relates with 2021 breach

Dec 13, 2022

San Gorgonio Memorial Hospital

California hospital breach that occurred in October 2022 exposed patients’ Social Security numbers, medical info

Unknown

The hospital said: “At this time, we have identified documents containing patient names, addresses, dates of birth, medical record numbers, visit ID numbers, and/or clinical information, such as dates of service, provider names, and/or department names as in some instances, patients’ Social Security numbers, drivers’ licence numbers, financial account information, and/or health insurance information may have also been reflected in the documents involved.”

San Gorgonio Memorial Hospital data breach

Dec 13, 2022

Gemini crypto exchange

Hackers leak personal info allegedly stolen from 5.7M Gemini users.

M.V.P. User on BreachForums

Gemini crypto exchange announced that its customers were targeted in phishing campaigns after a threat actor collected their personal information from a third-party vendor. The hacker offered to sell a database allegedly from Gemini containing phone numbers and email addresses of 5.7 million users.

Gemini crypto exchange data breach 

Dec 14, 2022

Social Blade

Social media analytics service Social Blade disclosed a security breach after a database containing allegedly stolen data from the company was offered for sale.

Unknown

The exposed data includes email addresses, password hashes, client IDs, IP addresses, and tokens for business API users, authentication tokens for connected accounts, and non-personal and internal data. 

Social Blade data breach

Dec 15, 2022

Restaurant CRM platform ‘SevenRooms

Restaurant CRM platform ‘SevenRooms’ confirms breach after data put up for sale.

Threat actor named ‘GOD’

The threat actor began selling stolen data on a hacking forum by posting data samples and claimed to have stolen a 427 GB backup database with thousands of files containing information about SevenRooms’ customers. The samples provided by the seller included folders named after big restaurant chains, clients of SevenRooms, API keys, promo codes, payment reports, reservation lists, and more.

‘SevenRooms’ data breach

Dec 16, 2022

MAS New Zealand

Cyber attack on a third-party services provider of NZ’s insurance company MAS exposes personal data of members. 

Unknown

A cyber attack on the after-hours call service of New Zealand’s largest insurer of medical professionals potentially exposed the personal data of its members.

New Zealand’s insurance services provider MAS data breach 

Dec 20, 2022

Okta

Okta discloses a data breach incident with an impact on its source code repositories.

Unknown

Hackers accessed Okta's code repositories.

Hackers steal Okta source code 

Dec 21, 2022

Sports betting firm BetMGM

Leading sports betting firm BetMGM discloses data breach that occurred in November 2022.

Unknown

Hackers obtained a wide range of data, including names, contact info (like postal addresses, email addresses, and phone numbers), dates of birth, hashed Social Security numbers, account identifiers (like player IDs and screen names) and info related to transactions with BetMGM.

BetMGM November data breach 

Dec 21, 2022

Lastpass

Hackers stole customer vault data in a cloud storage breach that hit Lastpass in August 2022.

Unknown

The cyber criminals stole information from vault data that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.

Lastpass cloud storage breach 

Dec 26, 2022

IRCTC

Indian railway ministry denies reports about a potential data breach of IRCTC and says that the data breach was not from the IRCTC servers

ShadowHacker (a BreachForum name)

It was reported that hackers have stolen the data of 30 million people who have booked railway tickets. This includes personal information such as email id, mobile number, address, age and gender.

Indian railway ministry denies IRCTC data breach

Dec 28, 2022

Crypto company 3Commas

Crypto platform 3Commas admits hackers stole API keys

Unknown

An anonymous Twitter user published a set of 10,000 API keys allegedly obtained from the 3Commas cryptocurrency trading platform.

Crypto platform 3Commas data breach

 

Back to Top 

New call-to-action

Ransomware Attacks in December 2022

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

Dec 2, 2022

Rackspace

Rackspace confirms that its recent Hosted Exchange outage was caused by a ransomware attack

Unknown

American cloud computing services provider Rackspace says an ongoing outage affecting its hosted Microsoft Exchange environments and likely thousands of customers was caused by a security incident. List of impacted services includes MAPI/RPC, POP, IMAP, SMTP, ActiveSync, and the Outlook Web Access (OWA) interface used to access the Hosted Exchange instance to manage email online.

Rackspace ransomware attack 

Dec 3, 2022

André-Mignot hospital

Ransomware attack forces French hospital to transfer patients.

Unknown

The ransomware attack forced the André-Mignot teaching hospital in the suburbs of Paris to shut down its phone and computer systems. It was also forced to shift 6 patients from its neonatal & ICU units to other healthcare facilities.  

André-Mignot hospital ransomware attack

Dec 5, 2022

City of Antwerp

Cybercriminals target the computer system of the city of Antwerp with Play ransomware.

Play ransomware

The attack impacted the city's computer  systems. Some employees were not able to read their emails, and apart from this, urban education and the local police also experienced problems.

Ransomware attack on the city of Antwerp

Dec 6, 2022

Mercury IT 


Te Whatu Ora


New Zealand, ministry of justice



Privacy Commissioner considers action on ransomware attack which hit New Zealand based company Mercury IT in November 2022. 

LockBit 3.0

The attack disrupted dozens of organisations in the country, including several government departments and public authorities like health insurer Accuro, architectural firm Catalyst Group, business mentoring programme Business Central, commercial flooring business Polyflor as the stolen data is listed for sale for prices between $99,000 and $999,000 and the attack also impacted business advocacy group BusinessNZ and the New Zealand National Nurses Association. 


Mercury IT has also worked with the New Zealand Ministry of Justice and healthcare company Te Whatu Ora, reportedly losing 14,500 coroners’ files and 4000 post-mortem reports, although none of this is for sale on the dark web as of yet. 


LockBit 3.0 ransomware attack on Mercury IT, New Zealand Ministry of Justice & healthcare company Te Whatu Ora

Dec 11, 2022

H-Hotels

Play ransomware claims attack on German hotel chain H-Hotels.

Play Ransomware 

The Play Ransomware gang’s attack on H-Hotels (h-hotels.com) has resulted in communication outages for the company.

Ransomware attack on German hotel chain H-Hotels

Dec 12, 2022

California Department of Finance

California Department of Finance Hit By Cyber-Attack, LockBit Claims Responsibility

LockBit

LockBit said they stole 76 GB of data, including IT and financial documents, confidential data and sexual proceedings in court as they warned that the Department of Finance has until Dec 24 to pay up or else the group will publish a cache of stolen files.

California Department of Finance ransomware attack

Dec 13, 2022

Colombian energy supplier EPM

Colombian energy supplier EPM hit by BlackCat ransomware attack

BlackCat

EPM instructed its approximately 4,000 employees to work from home, with IT infrastructure down as the company’s websites were no longer available and it provided alternative methods for customers to pay for services and the attack caused devices to be encrypted and data to be stolen.

Colombian energy supplier EPM ransomware attack

Dec 20, 2022

Guardian newspaper

Guardian newspaper hit by suspected ransomware attack, staff told not to come to office

Unknown

The attack has impacted a number of business services at the 200-year-old news organisation, but not its online site and apps which will continue to publish stories

Guardian newspaper ransomware attack

Dec 21, 2022

The Lake Charles Memorial Health System (LCMHS)

Ransomware attack at Louisiana hospital impacts 270,000 patients

Unknown

Hackers gained unauthorised access to LCMHS' network and stole sensitive files contained 270,000 patients’ personal and medical information

Louisiana hospital ransomware attack 

Dec 27, 2022

Intrado telecom

Royal ransomware claims responsibility for attack on telecommunications provider Intrado 

Royal ransomware

Hackers impacted all of Intrado's services, including Unified Communication Services, Healthcare, and Unified Communications as a Service (UCaaS). The hackers also allegedly shared a 52.8 MB archive containing scans of passports, business documents, and driver's licence as proof of the breach. The initial ransom demand was $60 million.

Intrado telecom ransomware attack

 

Ransomware attacks have probably made more news in 2022 than they've ever done before. The rise in cryptocurrency and the anonymity of payments it offers is further fueling the confidence of ransomware attackers. 

Our cybersecurity experts have created several FREE resources that you can put to use immediately to boost your ransomware readiness. They'll also help you mitigate the damage if you do become the victim of a ransomware attack.  

  1. Ransomware Mitigation Checklist
  2. Ransomware Response Checklist
  3. Ransomware Response Workflow Guide  

Back to Top 

New call-to-action

New Ransomware/Malware Discovered in December 2022

New Ransomware

Summary

Source Link

DuckLogs

‘DuckLogs’ gives low-skilled attackers easy access to multiple modules to steal information, log keystrokes, access clipboard data, and remote access to the compromised host.

New DuckLogs malware service claims having thousands of ‘customers’

NTRUEncrypt and ChaCha20-Poly1305

The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305

Vice Society ransomware gang switches to new custom encryptor

Puspa2 Ransomware

Ransom note: XXX_HELLO'S_READ_ME._txt; Changes the desktop wallpaper

Extension: .puspa2#mejukeni7sala029; Puspa2 Ransomware

Stop/Djvu Ransomware (v0612)

Ransom note: _readme.txt

Extension: .mppn; Stop/Djvu Ransomware (v0612)

OBZ Ransomware

OBZ Ransomware; Ransom note: ReadMe.txt

OBZ Ransomware; Extension: .OBZ

Allock Ransomware

MedusaLocker ransomware family Extension: .allock8 (the number may differ depending on the sample); Ransom note: how_to_back_files.html

Allock Ransomware, Extension: .allock8 (the number may differ depending on the sample); Ransom note: how_to_back_files.html

Juli Ransomware

VoidCrypt ransomware family; Extension: .Juli (filenames are also appended with victim's ID and developers' email address); Ransom note: unlock-info.txt

Juli Ransomware; Extension: .Juli (filenames are also appended with victim's ID and developers' email address); Ransom note: unlock-info.txt

 

 

Vulnerabilities/Patches Discovered in December 2022

Date

Flaws/Fixes

Summary

Source Link

Dec 2, 2022

CVE-2022-4262

Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw (CVE-2022-4262), the ninth Chrome zero-day exploited in the wild since the start of the year.

Google Chrome emergency update fixes 9th zero-day of the year

Dec 6, 2022

CVE-2022-20472, CVE-2022-20473, CVE-2022-20411, CVE-2022-20498

Google has released the Dec 2022 security update for Android, fixing four critical-severity vulnerabilities CVE-2022-20472, CVE-2022-20473, CVE-2022-20411, CVE-2022-20498, including a remote code execution flaw exploitable via Bluetooth. as this update addressed 45 vulnerabilities in core Android components with patch level 2022-12-01, and another 36 vulnerabilities impacting third-party components addressed in patch level 2022-12-05

Android Dec 2022 security updates fix 81 vulnerabilities

Dec 8, 2022

CVE-2022-20968

Cisco has disclosed a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks

Cisco discloses high-severity IP phone zero-day with exploit code

Dec 13, 2022

Image repository vulnerability

Amazon Web Services (AWS) has fixed a new vulnerability affecting a website for finding and sharing public container images – foundational files containing code that runs on IT infrastructure

AWS fixes vulnerability affecting container image repository

Dec 13, 2022

The tenth zero-day vulnerability (CVE-2022-42856)

Apple has fixed zero-day vulnerability, actively used in attacks against iPhones like iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation 

Apple security update fixes new iOS zero-day used to hack iPhones

Dec 13, 2022

(CVE-2022-27518)

Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks

CCritical Citrix ADC and Gateway zero day patched 

Dec 13, 2022

CVE-2022-44698 - Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2022-44710 - DirectX Graphics Kernel Elevation of Privilege Vulnerability

Microsoft's Dec 2022 Patch: fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws




Microsoft Dec 2022 Patch Tuesday fixes 2 zero-days, 49 flaws

Dec 13, 2022

CVE-2022-27518

Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks

Hackers exploit critical Citrix ADC and Gateway zero day, patched now

Dec 13, 2022

CVE-2022-31703, CVE-2022-31703, CVE-2022-31705

VMware released security updates to address a critical-severity vulnerability impacting ESXi, Workstation, Fusion, and Cloud Foundation, and a critical-severity command injection flaw affecting vRealize Network Insight

VMware fixes critical ESXi and vRealize security flaws

Dec 14, 2022

Security vulnerability CVE-2022-44698

Microsoft has fixed a security vulnerability CVE-2022-44698 used by threat actors to circumvent the Windows SmartScreen security feature and deliver Magniber ransomware and Qbot malware payloads

Microsoft patches Windows zero-day used to drop ransomware

Dec 16, 2022

The security flaw (dubbed Achilles) tracked as CVE-2022-42821

Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions

Microsoft finds macOS bug that allows malware to bypass security checks

Dec 16, 2022

Windows taskbar flicker issues and app instability

Microsoft says that Windows 10 updates released in late September are causing Windows taskbar flicker issues and app instability

Microsoft fixes Windows taskbar bug causing Explorer, Office freezes

Dec 20, 2022

OWASSRF consists of CVE-2022-41080 and CVE-2022-41082

CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA)

CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations

Dec 21, 2022

Intune enrollment issue in Android and Apple devices

Microsoft has confirmed today that Samsung and Google have fixed an Intune enrollment issue affecting Galaxy S22 smartphones running Android 13

Samsung and Google fix Microsoft Intune Android 13 enrollment issue

 Back to Top 

New call-to-action

Warnings/Advisories/Reports/Analysis

News

Summary

Source Link

Report

Vulnerabilities in Hyundai and Genesis mobile apps allow unauthorised users to unlock and start cars.

Hyundai/Genesis app bugs 

Report

The Department of Homeland Security (DHS) Cyber Safety Review Board will review attacks linked to extortion gang Lapsus$ which breached multiple high-profile companies in recent incidents.

DHS Cyber Safety Board to review Lapsus$ hacking tactics

Report

A Florida man was sentenced to 18 months in prison for his involvement in a fraud scheme that used SIM Swapping to steal millions from cryptocurrency investor Michael Terpin.

SIM swapper gets 18-months jail for involvement in $22 million crypto heist

Warning

Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter.

Microsoft warns of Russian cyberattacks throughout the winter

Advisory

Flaw (tracked as CVE-2022-4262) was patched as an actively exploited zero-day bug in the Google Chrome web browser for Windows, Mac, and Linux users.

CISA orders agencies to patch exploited Google Chrome bug by Dec 26th

Report

Apple introduces Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, photos, notes, and more.

Apple rolls out end-to-end encryption for iCloud backups

Report

'CryptosLabs' has stolen up to €480 million ($505 million) from victims in France, Belgium, and Luxembourg, since the launch of its operation in 2018.

CryptosLabs ‘pig butchering’ ring has stolen up to $505 million since 2018

News

CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during the October ransomware attack.

CommonSpirit Health ransomware attack exposed data of 623,000 patients

Analysis

Indian cybersecurity firm CloudSEK says the threat actor who gained access to its Confluence server using stolen credentials for one of its employees' Jira accounts belonged to a notorious Cyber Security company that is into Dark web monitoring.

CloudSEK claims it was hacked by another cybersecurity firm

Report

MuddyWater hackers, a group associated with Iran’s Ministry of Intelligence and Security (MOIS), used compromised corporate email accounts to deliver phishing messages to their targets.

Hacked corporate email accounts used to send MSP remote access tool

Report

Microsoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies.

Threat actor DEV-0139 launches targeted attacks against the cryptocurrency industry over Telegram

Warning

The Department of Health and Human Services (HHS) issued a new warning for the country's healthcare organisations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang.

US Health Dept warns of Royal Ransomware targeting healthcare organisations

Report

The networks of several local governments in the U.S. have been targeted with the Drokbk malware, allegedly wielded by Iranian government-backed groups exploiting the Log4j vulnerability

Local governments allegedly targeted with Iranian ‘Drokbk’ malware through Log4j vulnerability

Warning

A new attack method named COVID-bit uses electromagnetic waves to transmit data from air-gapped systems, which are isolated from the internet, over a distance of at least two meters (6.5 ft), where it's captured by a receiver

Air-gapped PCs vulnerable to data theft via power supply radiation

Report

A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information (PII).

Phishing attack uses Facebook posts to evade email security

Report

After a loss of $420 in a cyber attack, the Port of South Louisiana has hired a cybersecurity firm and plans to create an in-house team to guard against digital breaches at one of the nation's largest ports by volume.

Port of South Louisiana hires firm, plans own cyber security department after costly hack

Report

A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site.

New GoTrim botnet brute forces WordPress site admin accounts

Report

The United States seized dozens of Internet domains and charged six people in a sting intended to bring down a network of cyber-attack-for-hire services.

US seizes 48 websites in sting against cyber-attack-for-hire services

Report

The cost of the cyber-attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m).

HSE cyber-attack costs Ireland $83m so far

Analysis

A survey has found that nearly half of the UK’s manufacturers (42 per cent) have been victims of cyber crime over the last year.

42% British manufacturers hit by cyber-attack in the last year

Report

A group of cybercriminals allegedly managed to dupe the director of a security services firm of Rs 50 lakh via a fraudulent transfer from his bank account as they made the transaction without asking for a one-time password (OTP).

Delhi Cyber Attack: Man Loses ₹50 Lakh

Report

A cyberespionage group (tracked as TA453 but also commonly referred to as Phosphorus, Charming Kitten and APT42) aligned with Iran, has been observed to be attacking targets, including medical researchers, an aerospace engineer and even a Florida-based realtor.

Iran-linked cyber spies expand target base 

Report

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Window

Attackers use SVG files to smuggle QBot malware onto Windows systems

Report

Security analysts have discovered two API security vulnerabilities in BrickLink.com, LEGO Group’s official second-hand and vintage marketplace for LEGO bricks.

LEGO BrickLink bugs let hackers hijack accounts, breach servers

Warning

Microsoft said that Australia’s critical infrastructure such as the energy grid and essential services like sewage treatment plants could be hit by cyber attacks, shutting down operations and threatening lives.

Microsoft says Australia at increased risk of cyber attacks

Warning

Organizations in the food sector are now also targeted in business email compromise (BEC) attacks that aim to steal entire shipments of food, according to a joint advisory issued by several U.S. federal agencies.

FBI warns that BEC attacks now also target food shipments

Report

Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme where he unlocked and unblocked cellphones by hacking into T-Mobile's internal systems.

T-Mobile hacker gets 10 years for $25 million phone unlock scheme

Warning

A new cross-platform malware botnet named 'MCCrash' is infecting Windows, Linux, and IoT devices to conduct distributed denial of service attacks on Minecraft servers.

Microsoft warns of new Minecraft DDoS malware infecting Windows, Linux

Report

A California man has been sentenced to 42 months in federal prison for his role in accessing, monitoring and conveying confidential and sensitive information that could be used to identify and locate Twitter users of interest to the Saudi Royal Family.

Former Twitter employee sentenced to 3.5 years in jail for spying on behalf of Saudi Arabia

Report

The Federal Trade Commission (FTC) says Epic Games, the maker of Fortnite, will pay $520 million to settle allegations of violating children's privacy laws and using dark patterns to trick millions of gamers into making unintentional in-game purchases.

Epic Games to pay $520 million for privacy violations, dark patterns

Report

A hacking group associated with Russia’s Federal Security Service (FSB) unsuccessfully attempted to compromise a large petroleum refining company within a NATO member state in end August.

Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine

Report

According to the unsealed indictment published by the U.S. Department of Justice, two men, Daniel Abayev and Peter Leyman, with the assistance of Russian hackers, breached the JFK taxi dispatch system between September 2019 and September 2021.

Two Russian men arrested for conspiring with russian nationals to hack the taxi dispatch system at JFK airport

Report

The U.S. Federal Communications Commission proposed today a record-breaking $300 million fine against an auto warranty robocall operation that made billions of calls to more than 550 million phones across the United States.

FCC proposes record-breaking $300 million fine against robocaller

Warning

The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges.

FBI warns of search engine ads pushing malware, phishing

Report

The notorious FIN7 hacking group uses an automated attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size.

FIN7 hackers create auto-attack platform to breach Exchange servers

Report

The Irish Data Protection Commission (DPC) has launched an inquiry following last month's news reports of a massive Twitter data leak.

Massive Twitter data leak investigated by EU privacy watchdog

Report

A threat actor named 'Ryushi' on the breached hacking forum claimed to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability and put data on sale for $200,000.

Hacker claims to be selling Twitter data of 400 million users

Report

Wladimir Palant, a security researcher calls LastPass' recent statement “full of omissions, half-truths and outright lies”

The LastPass disclosure of leaked password vaults is being torn apart by security experts

 

Back to Top