Recent Cyber Attacks, Data Breaches & Ransomware Attacks March 2023
Date: 31 March 2023
Cyber attacks, ransomware attacks and data breaches continued to wreak havoc for organisations worldwide in March 2023. Businesses and individuals have been left reeling from their impact. These attacks have been highly sophisticated and targeted, causing significant financial and reputational damage to the affected parties. Check out this list of all the known attacks that took place in the month gone by.
- Ransomware Attacks in March 2023
- Data Breaches in March 2023
- Cyber-Attacks in March 2023
- New Ransomware/Malware Detected in March 2023
- Vulnerabilities/Patches
- Advisories issued, reports, analysis etc. in March 2023
Biggest Cybersecurity News of March 2023
Amongst the biggest headlines of March 2023 is the latest zero-day exploits hitting Fortra’s GoAnywhere software and by extension several major organisations that used the software. Luxury brand retailer Saks Fifth Avenue, the City of Toronto, consumer goods giant Procter & Gamble, mining company Rio Tinto, and the U.K.’s Pension Protection Fund (PPF) are just amongst the few large organisations to have been hit by Cl0p ransomware as a result of the GoAnywhere attack.
The other biggest news of the month? The major 3CX supply chain attack that has left millions at risk. The desktop app supposedly has 12 million users in 190 countries including big names like BMW, Honda, American Express, Toyota etc.
These series of attacks have yet again turned the conversation to supply chain and third-party security. Businesses worldwide are beginning to recognise the cautionary tale that lies here. This is simply that one must focus on bolstering one's own cyber defences and making sure that their third-party vendors are doing the same.
It has also turned the spotlight once again on making sure your incident response plans and processes are up to date and relevant. Enlisting the assistance of highly-skilled and experienced cybersecurity practitioners such as our Virtual Cyber Assistants can be of critical importance here.
Cybersecurity specialists can not only help you refresh your incident response policies and plans but also help you evaluate your business's breach readiness. It is also time to invest in third-party assessments to ensure that your organisation stays as safe as possible in the current threat landscape.
Ransomware Attacks in March 2023
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
March 1, 2023 |
Washington state public bus system confirms ransomware attack. |
LockBit ransomware |
The threat actors disrupted the IT infrastructure of the state bus system and stole its customers’ information with a data leak warning. |
||
March 1, 2023 |
City of Oakland |
Play ransomware claims disruptive attack on City of Oakland. |
Play ransomware |
The Play ransomware gang claimed to have stolen documents containing private, confidential data, financial and government papers, identity documents, passports, personal employee data, and even information allegedly proving human rights violations. On March 4, 2023, the ransomware gang published stolen files. The initial data leak consists of a 10 GB multi-part RAR archive. |
|
March 2, 2023 / March 24, 2023 |
Sun Pharma reports security breach, isolates impacted assets. Ransomware Group ALPHV BlackCat claimed responsibility for the ransomware attack, threatening to release sensitive data. |
ALPHV Ransomware group |
The attack impacted its IT systems but Sun Pharma isolated them on an immediate basis (March 2, 2023). The ransomware group has posted screenshots of data samples on their leak site, in addition to a data sample of 28 MB and claimed that they have over 17 TB (17000 GB) of data from the Indian Pharmaceutical major which they will release soon (March 24, 2023). |
||
March 3, 2023 |
LockBit published data stolen from La Segunda including judicial files, expert reports and medical data. |
LockBit |
LockBit group encrypted the insurer's systems and exposed 52 GB of sensitive information from the Rosario insurance company La Segunda. |
||
March 5, 2023 |
Hospital Clínic de Barcelona severely impacted by ransomware attack. |
RansomHouse ransomware operation |
The ransomware attack impacted the emergency services of three medical centres associated with Clínic de Barcelona, including CAP Casanova, CAP Borrell, and CAP Les Corts and forced hospital staff to run operations manually. |
||
March 6, 2023 |
Institute of Space Technology Pakistan |
Pakistan’s Institute of Space Technology hacked and student and staff’s personal data put up for ransom. |
Medusa ransomware |
Hackers stole passports, payslips, analysis details, etc. and demanded $500,000 from the university. |
|
March 7, 2023 |
Minneapolis Public Schools (MPS) district |
Ransomware gang posts video of data stolen from Minneapolis schools. |
Medusa ransomware |
The Medusa ransomware gang listed Minneapolis Public Schools (MPS) district as a victim on its Tor data leak site and threatened to publish all data it allegedly stole from the school. Demanded a $1,000,000 ransom from the school to delete stolen data. |
|
March 10, 2023 |
BlackCat confirms attack on Fonasa. |
BlackCat |
A news source shared a stolen data file that includes a directory of files as well as some correspondence with the names, addresses, and city of Fonasa health beneficiaries, etc. |
||
March 14, 2023 |
Essendant, a wholesale distributor of stationery and office supplies |
LockBit ransomware claims Essendant attack; company says “network outage.” |
LockBit ransomware |
Due to the alleged ransomware attack on Essendant, customers were unable to place orders and contact customer care. |
|
March 20, 2023 |
Ferrari discloses data breach after receiving ransom demand. |
Unknown |
Italian luxury sports car maker said the attackers gained access to its network and the attackers demanded a ransom not to leak data stolen from its systems. |
||
March 22, 2023 |
Food giant Dole |
Dole discloses employee data breach after February ransomware attack. |
Unknown |
The ransomware group accessed information of an undisclosed number of employees. |
|
March 24, 2023 |
Tennessee city-(Oak Ridge) |
Tennessee city hit with ransomware attack. |
Unknown |
The attack affected the IT systems of the City of Oak Ridge, leaving its website unresponsive. |
|
March 27, 2023 |
Crown Resorts confirms ransom demand after GoAnywhere breach. |
Cl0p Ransomware |
Crown Resorts confirmed that it is being extorted by Cl0p, which claims to have stolen data from its networks; it says there is no evidence of the data breach impacting customers. |
Worried by the recent rise in ransomware attacks and demands? Use these FREE resources created by our cybersecurity experts to help you prepare for ransomware attacks and mitigating the damage they can cause:
Data Breaches in March 2023
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
March 2, 2023 |
British retail chain WH Smith says it suffered a data breach in which information was stolen. |
Unknown |
The data breach exposed information belonging to current and former employees. |
||
March 2, 2023 |
Hatch Bank discloses data breach after Cl0p ransomware attack on GoAnywhere MFT. |
Cl0p ransomware (Apparently) |
Hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform. |
||
March 2, 2023 |
Chick-fil-A |
Chick-fil-A confirms accounts hacked in months-long "automated" attack. |
Unknown |
Chick-fil-A confirmed that they suffered a credential stuffing attack in which its customers' accounts were breached between December 18th, 2022, and February 12th, 2023. |
|
March 2, 2023 |
Hackers steal gun owners’ data from firearm auction website. |
Unknown |
The breach exposed high volumes of sensitive personal data for more than 550,000 users. Also, the stolen data, allegedly, makes it possible to link a particular person with the sale or purchase of a specific weapon. |
||
March 2, 2023 |
Unknown users of credit and debit cards |
BidenCash market leaks information of over 2 million stolen credit cards, debit cards and charge cards for free. |
Dark Web marketplace BidenCash |
A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary. |
|
March 2, 2023 |
Sandbox blockchain game breached to send emails linking to malware. |
Unknown |
An attacker hacked an employee of The Sandbox in February, 2023 to gain access to several email addresses belonging to the company and has leveraged this access to send emails to users that appeared to come from The Sandbox, containing links to malware hosted at another site. |
||
March 6, 2023 |
DrayTek Vigor |
New malware infects business routers for data theft, surveillance. |
Unknown |
An ongoing hacking campaign called 'Hiatus' targeted DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network. |
|
March 6, 2023 |
FBI investigates DC Health Link data breach impacting U.S. House members and staff. |
A hacker who calls himself IntelBroker on Breach Forums |
The breach affected about 170,000 individuals as the account information and PII of hundreds of Member and House staff were stolen. |
||
March 6, 2023 |
Acer confirms breach after threat actors attacked a server hosting private documents used by repair technicians. |
A hacker who calls himself IntelBroker on Breach Forums |
The threat actor hacked servers and claimed 160 GB of stolen data containing technical manuals, software tools, backend infrastructure details, product model documentation for phones, tablets, and laptops, BIOS images, ROM files, ISO files, and replacement digital product keys (RDPK). |
||
March 6, 2023 |
HDFC Bank |
HDFC Bank denies data breach even as 7.5 GB of customer information is allegedly leaked for free on Hacker Forum. |
Threat actor using the title Kernelware on Breach Forums |
The threat actor posted 7.5 GB of stolen data belonging to HDFC Bank for download without any payment. |
|
March 7, 2023 |
AT&T alerts 9 million customers of data breach after vendor hack. |
Unknown |
In a January hack, a vendor that AT&T uses for marketing experienced a security incident in which hackers exposed information of 9 million customers as they accessed Customer Proprietary Network Information from some wireless accounts, such as the number of lines on an account or wireless rate plan, etc. |
||
March 9, 2023 |
Swiss technology and cybersecurity firm, Acronis, has been hit by a data breach in which the hacker has apparently leaked 21 GB of data. |
A hacker who calls himself Kernelware on Breach Forums |
The hacker stole and leaked data of about 21 GB including various certificate files, command logs, system configurations, system information logs, archives of their filesystem, and python scripts for their maria.db database, backup configuration stuff, and loads of screenshots of their backup operations. |
||
March 10, 2023 |
Mental healthcare provider Cerebral |
Mental healthcare provider Cerebral alerts 3.1M people of data breach. |
Human Error |
The company disclosed that they had been using invisible pixel trackers from Google, Meta (Facebook), TikTok, and other third parties on its online services since October 12, 2019. Cerebral said the sensitive medical information of people who used the provider's platform was exposed to third parties without the patient's permission. |
|
March 12, 2023 |
Hackers steal $197 million in crypto in Euler Finance attack. |
Unknown |
The cryptocurrency theft involved multiple tokens, including $8.75 million worth of DAI, $18.5 million in WBTC, $33.85 million in USDC, and $135.8 million in stETH. |
||
March 12, 2023 |
STALKER 2 game developer hacked by Russian hacktivists, data stolen. |
Hackers’ community from a Russian social network |
The hackers posted a message on the Russian social media platform VK, claiming to have stolen a “vast amount of STALKER 2 material,” including the entire storyline, cutscene descriptions, concept art, global maps, and more. |
||
March 13, 2023 |
LA housing authority HACLA |
LA housing authority HACLA discloses data breach after ransomware attack. |
LockBit Ransomware gang |
The examined server logs showed that the hackers might have accessed the personal and financial information including passports belonging to members of HACLA. |
|
March 15, 2023 |
US-based cybersecurity firm Rubrik confirms data breach due to “unauthorised access”. |
Cl0p Ransomware |
The company said that “there was no lateral movement,” meaning cybercriminals did not manage to infect other parts of the company’s IT infrastructure. It insists that no sensitive data, such as social security and financial account numbers or payment details, were accessed. |
||
March 16, 2023 (Updated on March 27, 2023) |
A Deutsche Bank subsidiary, Latitude Financial Services (Latitude) |
Latitude Financial data breach now impacts 14 million customers. |
Unknown |
Latitude confirmed it was impacted by a cyberattack on March 16, affecting 330,000 customers, but, after further investigating the incident, on March 27, 2023, Latitude revealed that the impact of the incident is much more significant, now believed to have affected 14 million customers or loan applicants from Australia and New Zealand. |
|
March 17, 2023 |
Hitachi Energy confirms data breach after Cl0p GoAnywhere attacks. |
Cl0p Ransomware |
The ransomware group stole employees' data in some countries. |
||
March 17, 2023 |
NBA alerts fans of a data breach exposing personal information held by a third-party newsletter service provider. |
Unknown |
NBA said it recently became aware that an unauthorised third party gained access to, and obtained a copy of its fans’ names and email addresses, which was held by a third-party service provider that helps NBA communicate via email with fans. It said that there is no indication that NBA’s own systems, users’ username, password, or any other information has been impacted. |
||
March 19, 2023 |
Donut Leaks-(A data extortion group) |
MONTI ransomware gang leaks login cpanel credentials of Donut Leaks-(A data extortion group). |
MONTI Ransomware |
The leaked listing provided the login credentials to what is allegedly Donut Leaks’ admin cpanel. |
|
March 20, 2023 |
Saks Fifth Avenue becomes a victim of GoAnywhere zero-day attack. |
Cl0p Ransomware |
The company stated that no real customer data was impacted. It did not address if corporate or employee data was stolen. |
||
March 21, 2023 |
City of Oakland |
LockBit ransomware gang now also claims the City of Oakland breach. |
LockBit ransomware |
After Play ransomware group claimed a data breach in February, City of Oakland got a second threatening call by Lockbit group with a warning that it has stolen information of the City’s employees etc. and it will publish it on April 10, 2023. |
|
March 23, 2023 |
City of Toronto |
City of Toronto confirms data theft, Cl0p claims responsibility. |
Cl0p Ransomware |
The City spokesperson stated that the hacker's access is limited to files that were unable to be processed through the third party secure file transfer system. |
|
March 23, 2023 |
Pension Protection Fund confirms employee data exposed in GoAnywhere breach. |
Cl0p Ransomware |
A fund spokesperson said that hackers obtained data on some employees of the UK’s Pension Protection Fund after exploiting a third-party data transfer service. |
||
March 23, 2023 |
Procter & Gamble confirms data theft via GoAnywhere zero-day. |
Cl0p Ransomware |
Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees. |
||
March 23, 2023 |
Virgin Group added to Cl0p gang’s victim leak site. |
Cl0p Ransomware |
Virgin's representative said the attack only involved Virgin Red, not the group itself and the exposed files don't pose any risks to customers or employees. |
||
March 23, 2023 |
Rio Tinto becomes victim of GoAnywhere breach. |
Cl0p Ransomware |
Rio Tinto said personal data of some of its Australian employees may have been stolen. |
||
March 23, 2023 |
Kids tech camp iD Tech |
Kids tech camp iD Tech still silent weeks after data breach. |
Unknown |
The hacker claims to have stolen close to 1 million user records, including names, dates of birth, passwords stored in plaintext and about 415,000 unique email addresses. |
|
March 24, 2023 |
OpenAI reveals the Redis bug was behind the ChatGPT user data exposure incident. |
Open-source library bug behind data leak |
The company said due to the bug, some subscription confirmation emails generated during that window were sent to the wrong users. It explained that in the hours before the service was disrupted on Monday (March 20), it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits of the credit card number, and credit card expiration date. |
||
March 27, 2023 |
Crown Resorts |
Crown Resorts investigating potential data breach (GoAnywhere) after being contacted by hacking group. |
Cl0p Ransomware (apparently) |
The gaming and entertainment group said it was recently contacted by a ransomware group claiming to have illegally obtained a limited number of Crown files through the breach of third-party file transfer service GoAnywhere, but the company said no customer data has been compromised and business operations have not been impacted. |
Cyber Attacks in March 2023
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
March 1, 2023 |
Poland blames Russian hackers for a cyber attack on a tax service website. |
Pro-Russian hacker group NoName057(16) |
The cyber attack caused the website to crash for approximately one hour and blocked users’ access to the online tax filing system. |
||
March 06, 2023 |
Essendant, a wholesale distributor of stationery and office supplies |
Essendant, owned by Staples, faced multi-day "outage"; orders froze. |
LockBit ransomware |
Essendant experienced a multi-day systems "outage" preventing customers and suppliers from placing and fulfilling online orders. |
|
March 7, 2023 |
Commonwealth Bank of Australia's Indonesian arm hit by cyber attack |
Unknown |
The incident involves unauthorised access of a web-based software application used for project management, and the bank's Australian systems were segregated from PTBC systems. |
Commonwealth Bank of Australia's Indonesian unit cyber attack |
|
March 29, 2023 |
Supreme Court of Pakistan |
Supreme Court website recovers after cyber attack |
Unknown |
Undisclosed |
|
March 29, 2023 |
Hackers compromise 3CX desktop app in a major supply chain attack. The attacker appears to be using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers. |
A suspected North Korean state-backed hacking group tracked as Labyrinth Collima. |
In this ongoing supply chain attack, the attackers are targeting both Windows and macOS users of the compromised 3CX softphone app. Malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads. The most common post-exploitation activity observed to date is the spawning of an interactive command shell. |
||
March 28, 2023 |
A Kansas School district - Newton Public Schools |
Cyber attack prompts school closure |
Unknown |
The cyber attack forced the school district to cancel classes for two days. |
|
March 29, 2023 |
Apartment giant Meriton targeted in cyber attack. |
Unknown |
Meriton has revealed it was targeted in a cyber attack in January which potentially impacted the details of almost 2000 people as the company said both guests who have stayed at Meriton suites as well as past and present employees could have been affected by the hack. 35.6 GB of data was potentially compromised. |
New Ransomware/Malware Discovered in March 2023
New Ransomware |
Summary |
Source Link |
A new Linux version of APT27’s SysUpdate |
The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware. |
Iron Tiger hackers create Linux version of their custom malware |
A custom backdoor MQsTTang |
The Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year. |
|
New Stop/Djvu Ransomware (v0655) |
Stop/Djvu Ransomware (v0655); Extension: .gosw; Ransom note: _readme.txt |
|
Skynetwork Ransomware |
Skynetwork Ransomware; MedusaLocker ransomware family; Extension: .skynetwork8 (the number may differ); Ransom note: How_to_back_files.html |
|
A new version of the ‘Soul’ malware framework |
The Sharp Panda cyber-espionage hacking group is targeting high-profile government entities with a new version of the ‘Soul’ malware framework. |
New malware variant has “radio silence” mode to evade detection |
New version of Xenomorph Android malware |
New Xenomorph Android malware is capable of conducting malicious attacks, including a new automated transfer system (ATS) framework and the ability to steal credentials for 400 banks. |
|
Acessd Ransomware-(MedusaLocker) |
Acessd Ransomware; MedusaLocker ransomware family; Extension: .acessd; Ransom note: How_to_back_files.html |
|
GoBruteforcer |
A new Golang-based botnet malware scans for and infects web servers. |
New GoBruteforcer malware targets phpMyAdmin, MySQL, FTP, Postgres |
BACKJOHN ransomware |
BACKJOHN ransomware; Phobos ransomware family; Extension: .BACKJOHN (also appends filenames with victim's unique ID and developers' email address); Ransom notes: info.txt and info.hta |
|
Youhau Ransomware |
Youhau Ransomware; VoidCrypt ransomware family; Extension: .youhau (filenames are also appended with victim's ID and developers' email address); Ransom note: Dectryption-guide.txt |
|
Merlin Ransomware |
Merlin Ransomware; Extension: .Merlin; Ransom note: Merlin_Recover.txt |
|
DrWeb Ransomware |
DrWeb Ransomware; Xorist ransomware family; Extension: .DrWeb; Ransom notes: КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt and pop-up window |
|
Usr ransomware |
Usr ransomware; Phobos ransomware family; Extension: .usr (also appends filenames with victim's unique ID and developers' email address); Ransom notes: info.txt and info.hta |
|
Stop/Djvu Ransomware (v0668) |
Stop/Djvu Ransomware (v0668); Extension: .darj; Ransom note: _readme.txt |
|
Stop/Djvu Ransomware (v0671) |
Stop/Djvu Ransomware (v0671); Extension: .tywd; Ransom note: _readme.txt |
|
Rans-A Ransomware |
Rans-A Ransomware; Xorist ransomware family; Extension: .Rans-A; Ransom notes: pop-up window and HOW TO DECRYPT FILES.txt |
|
Stop/Djvu Ransomware (v0673) |
Stop/Djvu Ransomware (v0673); Extension: .tyos; Ransom note: _readme.txt |
Vulnerabilities/Patches Discovered in March 2023
Date |
Flaws/Fixes |
Summary |
Source Link |
March 1, 2023 |
Windows 11 22H2 known issue |
A Windows 11 22H2 issue causing some apps not to be installed during Windows provisioning has been fixed. |
Microsoft fixes bug causing apps to not install during provisioning |
March 1, 2023 |
RCE flaw (CVE-2023-20078) |
Cisco has addressed a critical security vulnerability found in the Web UI of multiple IP Phone models that unauthenticated and remote attackers can exploit in remote code execution (RCE) attacks. |
Cisco patches critical Web UI RCE flaw in multiple IP phones |
March 1, 2023 |
The command injection vulnerabilities are tracked as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750 and the stack-based buffer overflow bugs are tracked as CVE-2023-22751 and CVE-2023-22752, and |
Aruba Networks published a security advisory to inform customers about six critical-severity vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. |
Aruba Networks fixes six critical vulnerabilities in ArubaOS |
March 4, 2023 |
CVE-2023-1017 (out-of-bounds read) and CVE-2023-1018 (out-of-bounds write) |
The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys. |
New TPM 2.0 flaws could let hackers steal cryptographic keys |
March 8, 2023 |
CVE-2023-27532 |
Veeam urged customers to patch a high-severity Backup Service security vulnerability impacting its Backup & Replication software. |
Veeam fixes bug that lets hackers breach backup infrastructure |
March 12, 2023 |
Microsoft’s known issue in Windows 11 |
Microsoft has finally addressed a known issue causing significant performance hits when copying large files over SMB after installing the Windows 11 2022 update. |
Microsoft finally fixes Windows 11 slow file copy issues over SMB |
March 13, 2023 |
(CVE-2022-41328) |
Unknown attackers used zero-day exploits to abuse a new FortiOS bug-(CVE-2022-41328) patched this month in attacks targeting government and large organisations that have led to OS and file corruption and data loss. |
Fortinet: New FortiOS bug used as zero-day to attack govt networks |
March 13, 2023 |
CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Vulnerability, CVE-2023-24880 - Windows SmartScreen Security Feature Bypass Vulnerability |
Microsoft's March 2023 Patch Tuesday fixed two actively exploited zero-day vulnerabilities and a total of 83 flaws. |
Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws |
March 14, 2023 |
Zero-day-(CVE-2023-24880) |
Microsoft has patched another zero-day bug-(tracked as CVE-2023-24880) used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red flags. |
Microsoft fixes Windows zero-day exploited in ransomware attacks |
March 27, 2023 |
CVE-2023-23529 |
Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug-(CVE-2023-23529) for older iPhones and iPads. |
Apple fixes recently disclosed WebKit zero-day on older iPhones |
March 28, 2023 |
A security flaw in the design of the IEEE 802.11 WiFi protocol standard |
Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form. |
WiFi protocol flaw allows attackers to hijack network traffic |
March 29, 2023 |
CVE-2023-22809. |
Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability. |
QNAP warns customers to patch Linux Sudo flaw in NAS devices |
Warnings/Advisories/Reports/Analysis
News |
Summary |
Source Link |
Report |
Russia’s internet watchdog agency Roskomnadzor bans the use of many foreign private messaging applications in Russian government and state agencies including Discord, Microsoft Teams, Skype, Snapchat, Telegram, Threema, Viber, WhatsApp, WeChat. |
Russia bans foreign messaging apps in government organisations |
Report |
Microsoft is investigating an ongoing outage blocking Exchange Online customers worldwide from accessing their mailboxes or sending/receiving emails. |
Microsoft Exchange Online outage blocks access to mailboxes worldwide |
Warning |
An ongoing phishing campaign is pretending to be Trezor data breach notifications attempting to steal a target's cryptocurrency wallet and its assets. |
|
Report |
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released 'Decider,' an open-source tool that helps defenders and security analysts quickly generate MITRE ATT&CK mapping reports. |
CISA releases free ‘Decider’ tool to help with MITRE ATT&CK mapping |
Warning |
CISA and the FBI have issued a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many U.S. critical infrastructure sectors, including healthcare, communications, and education. |
FBI and CISA warn of increasing Royal ransomware attack risks |
Report |
An opposition-linked Polish mayor had his phone hacked using Pegasus spyware, amid allegations that the country’s special services have used the technology against government opponents. |
|
Report |
A new report has revealed that India accounted for 20 percent of all records exposed as a result of data breaches in 2022. |
India suffered second-highest data breaches in 2022 with 450 million records exposed |
Report |
Online travel agency giant Booking.com said that it was not compromised through a vulnerability on the platform that was recently discovered by researchers from Salt Security |
Online travel giant says it was not compromised through recently-discovered vulnerability |
Report |
The Federal Trade Commission (FTC) has proposed to ban the online counselling service BetterHelp from sharing its customers’ sensitive mental health data with advertising networks and marketers. |
FTC to ban BetterHelp from sharing mental health data with advertisers |
Report |
Nvidia has released a display driver hotfix to address recently reported high CPU usage and blue screen issues on Windows 10 and Windows 11 systems. |
Nvidia releases driver hotfix for Windows performance issues |
Analysis |
Threat actors linked to the IceFire ransomware operation now actively target Linux systems worldwide with a new dedicated encryptor. |
IceFire ransomware now encrypts both Linux and Windows systems |
Report |
A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that establishes long-term persistence for cyber espionage campaigns. |
SonicWall devices infected by malware that survives firmware upgrades |
Analysis |
Microsoft’s Security Intelligence team investigated a business email compromise (BEC) attack and found that attackers move rapidly, with some steps taking mere minutes. |
Microsoft: Business email compromise attacks can take just hours |
Report |
Akamai reports having mitigated the largest DDoS (distributed denial of service) attack ever launched against a customer based in the Asia-Pacific region. |
Akamai mitigates record-breaking 900 Gbps DDoS attack in Asia |
Report |
An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan. |
Police seize Netwire RAT malware infrastructure, arrest admin |
Report |
Blackbaud has agreed to pay $3 million to settle charges brought by the SEC, alleging that it failed to disclose the full impact of a 2020 ransomware attack that affected more than 13,000 customers. |
Blackbaud to pay $3M for misleading ransomware attack disclosure |
Report |
The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it's becoming an excellent opportunity. |
|
Report |
An international law enforcement operation has seized the cryptocurrency mixing service 'ChipMixer' which is said to be used by hackers, ransomware gangs, and scammers to launder their proceeds. |
ChipMixer platform seized for laundering ransomware payments, drug sales |
Report |
A new threat actor named 'YoroTrooper' has been targeting energy organisations in CIS countries as the threat actor has compromised accounts of a critical European Union agency engaged in healthcare, WIPO, and various European embassies. |
|
Warning |
According to a public service announcement issued by the Federal Bureau of Investigation (FBI), Americans are increasingly targeted in 'pig butchering' cryptocurrency investment schemes. |
FBI warns of spike in ‘pig butchering’ crypto investment schemes |
Report |
The FBI confirmed they have access to the database of the notorious BreachForums (aka Breached) hacking forum after the U.S. Justice Department also officially announced the arrest of its owner. |
|
Warning |
German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users' Gmail inboxes. |
German and South Korean Agencies Warn of Kimsuky's Expanding Cyber Attack Tactics |
Report |
The Australian Federal Police (AFP) has arrested four members of a cybercriminal syndicate that has laundered $1.7 million stolen from at least 15 victims between January 2020 and March 2023. |
Australian police arrest four BEC actors who stole $1.7 million |
Report |
A new ransomware operation named 'Dark Power' has appeared, and it has already listed its first victims on a dark web data leak site, threatening to publish the data if a ransom is not paid. |
New Dark Power ransomware claims 10 victims in its first month |
Warning |
The Federal Bureau of Investigation is warning companies in the U.S. of threat actors using tactics similar to business email compromise that allow less technical actors to steal various goods from vendors. |
FBI: Business email compromise tactics used to defraud U.S. vendors |
Report |
Twitter has taken down internal source code for its platform and tools that was leaked on GitHub for months. Now it's using a subpoena to search for those who leaked and downloaded its code. |
Twitter takes down source code leaked online, hunts for downloaders |
Report |
A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users' cryptocurrency transactions. |
Trojanized Tor browsers target Russians with crypto-stealing malware |
Warning |
Experts are warning of a rise in cyberattacks and potential malicious activity, an average increase of 45 percent is observed and will likely continue during the Ramadan period. |
UAE residents under cyberattack as Ramadan deals drive shopping spree |