Recent Cyber Attacks, Data Breaches & Ransomware Attacks January 2023
Date: 1 February 2023
The New Year has started and the cyber criminals are back with a bang. January 2023 has presented us with an exhaustive list of cyber-attacks, ransomware attacks and data breaches which are captured in this blog.
Several high-profile organisations, including healthcare providers, educational institutions and government bodies, have reportedly become targets of cyber-attacks already at the start of the year. In this blog, we have listed out the recent major cyber attacks, ransomware attacks and data breaches in January 2023. Wherever the data was available, we have also added information on who the attackers were and what the business impact was.
As always, the idea is not to create panic or fear-mongering. It is merely to reiterate the fact that the threat of cyber attacks and ransomware attacks continues to grow, and it is essential for you to take action to protect your organisation in 2023. By staying informed, implementing strong security measures, and educating employees, organisations across the world can reduce their risk of falling victim to these attacks.
If you need help with strengthening your cybersecurity posture and/or creating and refreshing your cyber incident plans, policies and procedures you can do so conveniently and cost-effectively through services such as the Virtual Cyber Assistant. The virtual cybersecurity experts can also help you conduct risk assessments and evaluate your breach readiness. You could also use their services to achieve compliance and become ready for various cybersecurity certifications.
Below are the other biggest cyber-attacks, ransomware attacks and data breaches in January 2023.
- Ransomware Attacks in January 2023
- Data Breaches in January 2023
- Cyber-Attacks in January 2023
- New Ransomware/Malware Detected in January 2023
- Vulnerabilities/Patches
- Advisories issued, reports, analysis etc. in January 2023
Ransomware Attacks in January 2023
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
January 1, 2023 |
SickKids hospital impacted in Ransomware Attack; LockBit gang apologised and gave the organisation a free decryptor. |
LockBit ransomware |
The attack impacted internal and corporate systems, hospital phone lines, and the website. |
||
January 1, 2023 |
Queensland University of Technology, one of the largest Australian universities, attacked by Royal Ransomware. The ransomware gang also allegedly has been leaking the university data. |
Royal ransomware |
The ransomware gang leaked HR files, email and letter communications, ID cards and documents, and financial and administrative documents. The university had to shut down all IT systems to contain the attack. |
||
January 04, 2023 |
Rackspace confirms Play ransomware was behind the recent cyberattack. |
Play ransomware |
Hackers accessed some of the customers' Personal Storage Table (PST) files which can contain a wide range of information, including emails, calendar data, contacts, and tasks. |
||
January 10, 2023 |
Australia’s Fire Rescue Victoria discloses data breach after Vice Society ransomware attack in December 2022. |
Vice Society ransomware |
Hackers have stolen personal and financial account information on FRV staff and applicants. |
||
January 10, 2023 |
Royal Mail cyber attack linked to LockBit ransomware. |
LockBit ransomware |
Royal Mail stopped its international shipping services due to the severe service disruption. |
||
January 16, 2023 |
Vice Society ransomware takes responsibility for the November 2022 attack on University of Duisburg-Essen. |
Vice Society |
Hackers stole and leaked sensitive details about the university's operations, students, and personnel. The university was forced to reconstruct its IT infrastructure after the attack. |
University of Duisburg-Essen’s data leaked on Vice Society’s darknet |
|
January 18, 2023 |
Yum! Brands, the owner of KFC, Taco Bell, and Pizza Hut fast food chains. |
Ransomware gang apparently stole data from Yum!Brands. However, the business said there is no indication that customer information was exposed. |
Unknown |
The attack forced Yum! Brands to temporarily close 300 locations in the United Kingdom. However, the company said that all restaurant operations have been restored to normal and it's unlikely that the attack will cause any further disruptions. |
|
January 20, 2023 |
LAUSD says the Vice Society ransomware has stolen files containing contractors' personal information, including Social Security Numbers (SSNs). |
Vice Society |
500 GB of data leaked as LAUSD refused to give into the hackers’ ransom demands. |
Vice Society hits Los Angeles Unified School District (LAUSD) |
|
January 20, 2023 |
Costa Rica’s Ministry of Public Works and Transport crippled by ransomware attack |
Unknown |
The attack encrypted 12 of MOPT’s servers and forced this public department to shut down its computer systems |
Ransomware attack on Costa Rica’s Ministry of Public Works and Transport |
|
January 24, 2023 |
Riot Games receives $10 million ransom demand from hackers who stole source code for the League of Legends (LoL) multiplayer online battle arena, the Teamfight Tactics (TFT) auto battler game, and a legacy anti-cheat platform. Riot Games has refused to pay the ransom. |
Unknown |
Riot Games said that while the attack certainly disrupted their build environment which could also cause issues in the future, no player data or player personal information was compromised. |
Ransomware attacks can be devastating to a business in both monetary terms as well as in terms of loss of reputation. However, they can be prevented by following best practices such as regularly updating software, backing up files, enabling firewalls, being cautious with email attachments, using strong passwords, enabling pop-up blockers, installing anti-virus software, and being cautious when clicking links. By taking these steps, you can help protect yourself from ransomware attacks and ensure that your business critical data and sensitive information stays safe.
You can also use these FREE resources created by our cybersecurity experts to help you prevent ransomware attacks and mitigate the damage they can cause:
Data Breaches in January 2023
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
January 3, 2023 |
Rail and locomotive company Wabtec hit by Lockbit ransomware attack |
LockBit Ransomware |
The stolen data includes a wide variety of sensitive information, including full names, dates of birth and other important Personal Identifiable Information. |
||
January 4, 2023 |
CircleCI, a software development service, has disclosed a data breach |
Unknown |
Not disclosed yet. However, the company has advised all customers to update their passwords. |
||
January 5, 2023 |
T-Mobile hacked & data of 37 million accounts stolen through one of its APIs. |
Unknown |
Hackers accessed a limited set of customer account data, including name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features. |
||
January 06, 2023 |
Air France and KLM |
Air France and KLM notify Flying Blue customers (a popular loyalty programme) that some of their personal information may have been exposed after a data breach. |
Unknown |
The compromised data includes customers’ names, phone numbers, email addresses, latest transactions, and Flying Blue information like their earned miles balance. |
|
January 11, 2023 |
MailChimp discloses a new breach through a social engineering attack on employees and contractors. |
Unknown |
Data of 133 customers accessed by threat actors. |
||
January 16, 2023 |
Nissan North America sends data breach notifications to customers. Event triggered by breach at third-party service provider. |
Unknown |
17,998 customers affected and the exposed data includes full names, dates of birth, and NMAC account numbers (Nissan finance account). |
||
January 18, 2023 |
PayPal notifies users whose accounts had been accessed through credential stuffing attacks that compromised their personal data. |
Unknown |
34,942 PayPal users have been impacted by the incident. Hackers apparently gained access to their full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers.
|
||
January 19, 2023 |
FanDuels warns customers to be vigilant against phishing emails as their data may have been breached after the January 2023 security breach at MailChimp. |
Unknown |
The threat actors accessed FanDuels customer names and email addresses in the breach at MailChimp. |
||
January 23, 2023 |
GoTo says customer data was breached as hackers stole encrypted backups containing personal information as well as the encryption key for a portion of the data. |
Unknown |
The incident had a significant impact on customer information including their account usernames, passwords and multi-factor authentication information. |
||
January 25, 2023 |
Zacks Investment Research data was breached last year and data of 820,000 clients was compromised. |
Unknown |
Personal and sensitive information such as names, email addresses and Zacks.com user passwords belonging to 820,000 customers exposed. |
||
January 25, 2023 |
What is allegedly a Yandex source code repository has been leaked as a Torrent on a popular hacking forum. |
Unknown |
The hacker leaked a Yandex Git repository containing technical data and code of apparently 44.7 GB about several of the Russian technology company’s products. Yandex has responded saying its systems were not hacked, and a former employee leaked the source code repository. |
||
January 25, 2023 |
Charter Communications says vendor breach exposed some customer data. |
Unknown |
Hackers allegedly stole information from the company that included names, account numbers, addresses and more for about 550,000 customers. |
||
January 30, 2023 |
JD Sports says hackers stole data of 10 million customers. |
Unknown |
Hackers were able to steal data of approximately 10 million unique customers, which consisted of their personal and credit card information. |
Cyber Attacks in January 2023
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
January 09, 2023 |
Iowa’s largest school district hit by cyber-attack; cancels classes. |
Unknown |
The school district took all its networked systems offline in response to "unusual activity" detected on its network. It also cancelled all classes in response to the event. |
Iowa’s largest school district Des Moines public schools cyber attack |
|
January 13, 2023 |
Solaris (Darknet Marketplace) |
Illegal Solaris darknet market hacked by competitor Kraken. |
Kraken (a darknet marketplace) |
Solaris, a large darknet marketplace focussed on illegal substances, has been taken over by a smaller competitor named 'Kraken,' who claims to have hacked the Tor site of Solaris which currently redirects to Kraken. |
|
January 15, 2023 |
Qulliq Energy Corporation impacted by a cybersecurity incident. |
Unknown |
While the company managed to ensure that its power plants continue to operate normally, its customer care and admin offices became unavailable. Due to the cyber attack, the company also remained unable to receive payments through credit cards. |
||
January 18, 2023 |
Bank of America starts restoring missing Zelle transactions. |
Unknown |
Due to the cyber attack, Zelle transactions disappeared from customers' bank accounts causing some to dip into negative balances. |
||
January 18, 2023 |
Cyber attack confirmed as cause for IT outages at the British music school. |
Unknown |
The cyberattack knocked out the school’s phone lines and impacted the IT systems. |
||
January 23, 2023 |
Canadian tool manufacturer hit by cyber attack. |
Unknown |
The victim company temporarily disabled some computer systems as it investigated the incident. It said, however, that there was no material impact on shipments to customers. |
||
January 26, 2023 |
The websites of key German administrations, including companies and airports |
Russian hackers launch cyberattack on Germany in Leopard retaliation |
Russian Killnet |
Hackers targeted the financial sector and federal government sites with DDoS attacks. |
|
January 26, 2023 |
Bitwarden password vaults targeted in Google ads phishing attack. |
Unknown |
Hackers are targeting Bitwarden and other password managers in Google ads phishing campaigns to steal users' password vault credentials. |
||
January 27, 2023 |
Ukraine: Sandworm hackers hit the news agency with 5 data wipers. |
Hackers are apparently the Russian Military Unit 74455 of the Main Intelligence Directorate (GRU) |
CERT-UA detected 5 samples of malicious programs (scripts) aimed at violating the integrity and availability of information (writing files/disks with zero bytes/arbitrary data and their subsequent deletion. |
Cyber attacks in January 2023 continued to make headlines and cause widespread damage to individuals and organisations. The frequency and severity of cyber attacks has also risen, making it more important than ever to stay informed and take proactive measures to protect against these threats.
One of the most significant ways in which you can reduce your organisational vulnerability is to train the weakest link in the chain - the human element. Effectively training your staff in cybersecurity best practices and cyber incident response is one of the time-tested ways of reducing exposure to basic online threats.
You can also conduct Cyber Attack Tabletop Exercises for the board and management that helps them understand your organisational threat landscape better and improves their awareness of contextual business risks.
New Ransomware/Malware Discovered in January 2023
New Ransomware |
Summary |
Source Link |
Stop/Djvu Ransomware (v0627) |
Extension: .bpws; Ransom note: _readme.txt |
|
Stop/Djvu Ransomware (v0625) |
Extension: .znto; Ransom note: _readme.txt |
|
CY3 ransomware; Dharma/CrySis family |
Extension: .CY3 (also appends filenames with victim's unique ID and developers' email address); Ransom notes: info.txt and pop-up window (Info.hta) |
|
Upsilon Ransomware |
Extension: .upsil0n; Ransom note: Upsilon.txt |
|
Bettercallsaul Ransomware |
Extension: .bettercallsaul; Ransom notes: DECRYPT_MY_FILES.txt and desktop wallpaper |
|
D0n ransomware; Dharma/CrySis family |
Extension: .d0n (also appends filenames with victim's unique ID and developers' email address); Ransom notes: info.txt and pop-up window (Info.hta) |
|
Stop/Djvu Ransomware (v0626) |
Extension: .bpsm; Ransom note: _readme.txt |
|
Mao ransomware; Dharma/CrySis family |
Extension: .mao (also appends filenames with victim's unique ID and developers' email address); Ransom notes: info.txt and pop-up window (Info.hta) |
|
Stop/Djvu Ransomware (v0629) |
Extension: .zoqw; Ransom note: _readme.txt |
|
RYKCRYPT Ransomware; VoidCrypt ransomware family |
Extension: .RYKCRYPT (filenames are also appended with victim's ID and developers' email address); Ransom note: unlock-info.txt |
|
KoRyA Ransomware; Xorist ransomware family |
Extension: .KoRyA; Ransom notes: HOW TO DECRYPT FILES.txt and pop-up window |
|
Stop/Djvu Ransomware (v0631) |
Extension: .zouu; Ransom note: _readme.txt |
|
A new Android malware named 'Hook' |
New 'Hook' Android malware lets hackers remotely control your phone |
Hackers sell a new Android malware that can control your phone remotely |
New Mimic ransomware |
New Mimic ransomware abuses leverages the APIs of the 'Everything' file search tool for Windows to look for files targeted for encryption |
New Mimic ransomware abuses ‘Everything’ Windows search tool |
Vulnerabilities/Patches Discovered in January 2023
Date |
Flaws/Fixes |
Summary |
Source Link |
January 3, 2023 |
CVE-2022-43931 |
NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers. |
|
January 4, 2023 |
CVE-2022-47523, an SQL injection vulnerability |
Zoho urges admins to patch severe ManageEngine bugs. |
Zoho urges admins to fix severe ManageEngine flaw immediately |
January 9, 2023 |
CVE-2022-23529 |
Auth0 fixes the RCE flaw in the JsonWebToken library used by 22,000 projects. |
Auth0 patches Remote Code Execution vulnerability in JsonWebToken library used by 22,000 projects |
January 9, 2023 |
Flaws behind 0x800700b7 errors |
Microsoft fixes Windows 11 bug behind 0x800700b7 provisioning errors |
|
January 10, 2023 |
39 Elevation of Privilege Vulnerabilities, 4 Security Feature Bypass Vulnerabilities, 33 Remote Code Execution Vulnerabilities, 10 Information Disclosure Vulnerabilities, 10 Denial of Service Vulnerabilities, 2 Spoofing Vulnerabilities, and CVE-2023-21674 - Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day |
Microsoft fixes 98 flaws, 1 zero-day in its January 2023 Patch |
January 12, 2023 |
server-side request forgery (SSRF) vulnerability CVE-2022-41080 |
Microsoft: Cuba ransomware hacks Exchange servers via OWASSRF flaw |
|
January 12, 2023 |
CVE-2022-42475 |
Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day |
|
January 17, 2023 |
CVE-2022-41903 in the commit formatting mechanism and CVE-2022-23521 in the .gitattributes parser |
Git has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses. |
|
January 17, 2023 |
CVE-2022-3236 |
Over 4,000 Sophos Firewall devices vulnerable to RCE attacks |
Over 4,000 Sophos Firewall appliances are vulnerable to RCE vulnerability |
January 20, 2023 |
CVE-2023-21433, CVE-2023-21434 |
Exploits released for two Samsung Galaxy App Store vulnerabilities |
NCC group published exploits details for two Samsung Galaxy App Store vulnerabilities |
January 20, 2023 |
CVE-2022-42475 |
New Boldmove Linux malware used to backdoor Fortinet devices |
Hackers use new Boldmove Linux malware to hit Fortinet devices |
January 20, 2023 |
CVE-2022-47966, a pre-authentication remote code execution (RCE) vulnerability |
Critical ManageEngine RCE bug now exploited to open reverse shells |
Hackers exploit critical ManageEngine RCE bug to open reverse shells |
January 23, 2023 |
CVE-2022-42856, a zero day flaw |
Apple fixes actively exploited iOS zero-day on older iPhones, iPads. |
|
January 24, 2023 |
CVE-2022-31703, a directory traversal vulnerability |
VMware fixes critical security bugs in vRealize log analysis tool. |
VMware fixes a directory traversal bug in vRealize log analysis tool |
January 27, 2023 |
Windows 11 vulnerability behind Remote Desktop freezes |
Microsoft fixes Windows 11 issues behind Remote Desktop freezes. |
Microsoft patched Windows 11 flaws responsible for Remote Desktop freezing |
Warnings/Advisories/Reports/Analysis
News |
Summary |
Sources Link |
Report |
Ransomware gang clones victim’s website to leak stolen data. |
ALPHV ransomware group cloned victim’s website to leak stolen data |
Report |
Ransomware impacts over 200 govt, edu, healthcare orgs in 2022. |
Ransomware attacks hit over 200 govt, edu, healthcare organisations in 2022 |
Warning |
The Polish government warns of a rise in cyberattacks from Russia-linked hackers, especially the state-sponsored hacking group known as GhostWriter. |
|
Report |
Slack's private GitHub code repositories stolen over holidays. |
|
Report |
Over 60,000 Exchange servers are vulnerable to ProxyNotShell attacks. |
Thousands of Microsoft Exchange servers are vulnerable to ProxyNotShell attacks |
Report |
Ongoing Flipper Zero phishing attacks target infosec community. |
Infosec community is under threat of Flipper Zero phishing attacks |
Report |
Bluebottle hackers used signed Windows driver in attacks on banks in French-speaking countries; $11 million allegedly stolen from various banks. |
Bluebottle hackers steal from banks by using signed Windows driver |
Report |
Toyota, Mercedes, BMW API flaws exposed owners’ personal information. |
Hackers exposed API flaws to steal customer information of big brands like Toyota, Mercedes, BMW |
Report |
Meta to fight €390 million fine by Ireland for breaching EU data privacy laws. |
DPC Ireland fined Meta €390 million for breaching EU data privacy laws |
Report |
Chick-fil-A is investigating reports of suspicious activity linked to some customers’ accounts. |
|
Report |
200 million Twitter users' email addresses allegedly leaked online. |
Hackers allegedly leak 200 million Twitter users' email addresses online |
Report |
WhatsApp adds proxy support to help its users to use the App where it has been blocked. |
|
Report |
France has fined Apple €8,000,000 ($8.5M) for collecting user data on the App Store without requesting user's consent. |
France fines Apple for targeted App Store ads without consent |
Warning |
Hackers abuse Windows Problem Reporting (WerFault.exe) error to load malware in compromised systems. |
Cyber criminals abuse Windows error reporting tool to deploy malware |
Report |
Hackers push fake Pokemon NFT game to take over Windows devices. |
Hackers try to take control over Windows devices through fake Pokemon NFT game |
Report |
FCC wants telecom carriers to report data breaches faster. |
Telecom companies have to report data breaches faster: U.S. FCC |
Warning |
VSCode Marketplace can be abused to host malicious extensions. |
Hackers can abuse VSCode Marketplace to host malicious extensions |
Report |
Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL. |
|
Report |
Over 1,300 fake AnyDesk sites push Vidar info-stealing malware. |
More than 1,300 bogus AnyDesk websites push Vidar data-stealing malware |
Report |
Hackers abused an open redirect on the United Kingdom's Environment, Food & Rural Affairs (DEFRA) department to direct visitors to fake OnlyFans adult dating sites. |
Fake OnlyFans dating sites abuse UK Environment Agency open redirect |
Report |
CISA orders agencies to patch Exchange bug abused by Play ransomware gang |
CISA orders agencies to fix Exchange flaws abused by ransomware group |
Report |
StrongPity hackers target Android users via trojanised Telegram app. |
Trojanised Telegram app becomes the gateway for StrongPity hackers to target Android users |
Report |
FBI: North Korean hackers stole $100 million in Harmony crypto hack |
North Korean hackers were responsible for $100 million theft of Harmony crypto token |
Warning |
Cisco warns of auth bypass bug with public exploit in EoL routers |
EoL routers are carrying auth bypass vulnerability with public exploit |
Warning |
Gootkit malware abuses VLC to infect healthcare orgs with Cobalt Strike |
Gootkit malware operators exploit VLC to infect Australian healthcare orgs with Cobalt Strike |
Warning |
Lorenz ransomware gang plants backdoors to use months later |
|
Report |
Android TV box on Amazon came pre-installed with malware |
|
Report |
European police takes down call centres behind cryptocurrency scams |
Call centres behind cryptocurrency scams are on the radar of European police |
Report |
Hackers now use Microsoft OneNote attachments to spread malware |
|
Report |
Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner |
Cyber ghosts spread malware via Google search ads for VLC, 7-Zip, CCleaner |
Report |
U.S. sues Google for abusing dominance over online ad market |
|
Report |
75k WordPress sites impacted by critical online course plugin flaws |
|
Report |
New stealthy Python RAT malware targets Windows in attacks |
|
Report |
Hive ransomware Tor payment and data leak sites were seized as part of an international law enforcement operation involving the US Department of Justice, FBI, Secret Service, Europol, and Germany's BKA and Polizei |
|
Report |
Threat actors auction the alleged source code for Riot Game's League of Legends and the Packman anti-cheat software, confirmed to be stolen in a recent hack of the game company's developer environment |
|
Warning |
UK warns of increased attacks from Russian, Iranian hackers |
UK fears an increase in attacks from Russian, Iranian hackers |
Report |
Massive Microsoft 365 outage caused by WAN router IP change |
WAN router IP change was responsible for January’s massive Microsoft 365 outage |
Report |
Hackers use new SwiftSlicer wiper to destroy Windows domains |
Cyber ghosts use new SwiftSlicer data swiping malware to destroy Windows domains |