www.picussecurity.com
Open in
urlscan Pro
2606:2c40::c73c:67e3
Public Scan
URL:
https://www.picussecurity.com/resource/blog/october-2023-regions-and-industries-at-risk
Submission: On November 14 via manual from JP — Scanned from DE
Submission: On November 14 via manual from JP — Scanned from DE
Form analysis 1 forms found in the DOM
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7048931/10a2d0b0-9f91-4cd7-a1e0-1cff39706638
<form id="hsForm_10a2d0b0-9f91-4cd7-a1e0-1cff39706638_6142" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7048931/10a2d0b0-9f91-4cd7-a1e0-1cff39706638"
class="hs-form-private hsForm_10a2d0b0-9f91-4cd7-a1e0-1cff39706638 hs-form-10a2d0b0-9f91-4cd7-a1e0-1cff39706638 hs-form-10a2d0b0-9f91-4cd7-a1e0-1cff39706638_1f6d1ded-e370-4cbd-b532-64da08a14672 hs-form stacked hs-custom-form"
target="target_iframe_10a2d0b0-9f91-4cd7-a1e0-1cff39706638_6142" data-instance-id="1f6d1ded-e370-4cbd-b532-64da08a14672" data-form-id="10a2d0b0-9f91-4cd7-a1e0-1cff39706638" data-portal-id="7048931" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-10a2d0b0-9f91-4cd7-a1e0-1cff39706638_6142" class="" placeholder="Enter your " for="email-10a2d0b0-9f91-4cd7-a1e0-1cff39706638_6142"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-10a2d0b0-9f91-4cd7-a1e0-1cff39706638_6142" name="email" required="" placeholder="Email*" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_blog_resources_35190412163_subscription hs-blog_resources_35190412163_subscription hs-fieldtype-radio field hs-form-field" style="display: none;"><label
id="label-blog_resources_35190412163_subscription-10a2d0b0-9f91-4cd7-a1e0-1cff39706638_6142" class="" placeholder="Enter your Notification Frequency"
for="blog_resources_35190412163_subscription-10a2d0b0-9f91-4cd7-a1e0-1cff39706638_6142"><span>Notification Frequency</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="blog_resources_35190412163_subscription" class="hs-input" type="hidden" value=""></div>
</div>
<div class="legal-consent-container">
<div>
<div class="hs-dependent-field">
<div class="hs_LEGAL_CONSENT.subscription_type_8300688 hs-LEGAL_CONSENT.subscription_type_8300688 hs-fieldtype-booleancheckbox field hs-form-field">
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input">
<ul class="inputs-list" required="">
<li class="hs-form-booleancheckbox"><label for="LEGAL_CONSENT.subscription_type_8300688-10a2d0b0-9f91-4cd7-a1e0-1cff39706638_6142" class="hs-form-booleancheckbox-display"><input
id="LEGAL_CONSENT.subscription_type_8300688-10a2d0b0-9f91-4cd7-a1e0-1cff39706638_6142" class="hs-input" type="checkbox" name="LEGAL_CONSENT.subscription_type_8300688" value="true"><span>
<p>I would like to receive emails including latest blog posts about emerging threats, events, product news, and more from Picus.</p><span class="hs-form-required">*</span>
</span></label></li>
</ul>
</div>
</div>
</div>
<legend class="hs-field-desc checkbox-desc" style="display: none;"></legend>
</div>
<div class="hs-richtext">
<p>By clicking the button below, you agree our <a href="https://www.picussecurity.com/privacy" target="_blank">Privacy Policy</a>.</p>
</div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Subscribe"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1699936456305","formDefinitionUpdatedAt":"1697746403519","legalConsentOptions":"{\"communicationConsentCheckboxes\":[{\"communicationTypeId\":8300688,\"label\":\"<p>I would like to receive emails including latest blog posts about emerging threats, events, product news, and more from Picus.</p>\",\"required\":true}],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"processingConsentType\":\"IMPLICIT\",\"processingConsentText\":\"<p>By clicking the button below, you agree our <a href=\\\"https://www.picussecurity.com/privacy\\\" target=\\\"_blank\\\">Privacy Policy</a>.</p>\",\"processingConsentCheckboxLabel\":\"<p>I have read the <a href=\\\"https://www.picussecurity.com/hubfs/GDPR%20-%20KVKK%20-%20Privacy%20Docs/Picus_Clarification%20Text.pdf\\\">Clarification Text</a> related to Protection and Processing of Personal Data. I agree that the information that I will provide by filling out this form will be processed under the GDPR and the Personal Data Protection Law No. 6698 in accordance with the conditions specified in the specified in the Clarification Text related to Protection and Processing of Personal Data.</p>\",\"isLegitimateInterest\":false}","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36","pageTitle":"October 2023: Regions and Industries at Risk","pageUrl":"https://www.picussecurity.com/resource/blog/october-2023-regions-and-industries-at-risk","pageId":"144890960240","isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://www.picussecurity.com/resource/blog/october-2023-regions-and-industries-at-risk","contentType":"blog-post","hutk":"eba697eed52bcf277d43d528223edf93","__hsfp":972325071,"__hssc":"51282614.1.1699936457671","__hstc":"51282614.eba697eed52bcf277d43d528223edf93.1699936457670.1699936457670.1699936457670.1","formTarget":"#hs_form_target_form_245758734","formInstanceId":"6142","pageName":"October 2023: Regions and Industries at Risk","boolCheckBoxFields":"LEGAL_CONSENT.subscription_type_8300688","rumScriptExecuteTime":1276.400001525879,"rumTotalRequestTime":1545.900001525879,"rumTotalRenderTime":1591.900001525879,"rumServiceResponseTime":269.5,"rumFormRenderTime":46,"locale":"en","timestamp":1699936457679,"originalEmbedContext":{"portalId":"7048931","formId":"10a2d0b0-9f91-4cd7-a1e0-1cff39706638","region":"na1","target":"#hs_form_target_form_245758734","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"6142","formsBaseUrl":"/_hcms/forms","css":"","isMobileResponsive":true,"pageName":"October 2023: Regions and Industries at Risk","pageId":"144890960240","contentType":"blog-post","formData":{"cssClass":"hs-form stacked hs-custom-form"},"isCMSModuleEmbed":true},"correlationId":"1f6d1ded-e370-4cbd-b532-64da08a14672","renderedFieldsIds":["email","blog_resources_35190412163_subscription","LEGAL_CONSENT.subscription_type_8300688"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.4130","sourceName":"forms-embed","sourceVersion":"1.4130","sourceVersionMajor":"1","sourceVersionMinor":"4130","allPageIds":{"embedContextPageId":"144890960240","analyticsPageId":"144890960240","contentPageId":144890960240,"contentAnalyticsPageId":"144890960240"},"_debug_embedLogLines":[{"clientTimestamp":1699936456440,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"getExtraMetaDataBeforeSubmit\"]"},{"clientTimestamp":1699936456442,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"October 2023: Regions and Industries at Risk\",\"pageUrl\":\"https://www.picussecurity.com/resource/blog/october-2023-regions-and-industries-at-risk\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36\",\"pageId\":\"144890960240\",\"contentAnalyticsPageId\":\"144890960240\",\"contentPageId\":144890960240,\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1699936456446,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1699936457675,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"eba697eed52bcf277d43d528223edf93\",\"canonicalUrl\":\"https://www.picussecurity.com/resource/blog/october-2023-regions-and-industries-at-risk\",\"contentType\":\"blog-post\",\"pageId\":\"144890960240\"}"}]}"><iframe
name="target_iframe_10a2d0b0-9f91-4cd7-a1e0-1cff39706638_6142" style="display: none;"></iframe>
</form>Text Content
This site uses cookies. We use them to collect information about how you
interact with our website and help us to improve your experience. By clicking
“Accept”, you agree to the use of all cookies. You can opt-out or change your
settings by clicking on “Cookie Settings”. You can find out more in our Privacy
Policy.
Cookie settings
Accept Decline All
Previous
Download the latest Gartner® Report: Top Strategic Technology Trends for 2024
Download Now >>
Introducing, Attack Surface Validation!
Read the Blog >>
Join the Webinar: Leverage Attack Simulations to Enhance Detection Coverage
Register Now >>
Frost & Sullivan Frost Radar™ report - Global Breach and Attack Simulation
Market
Download Now >>
Download the Blue Report for Effective Threat Exposure Management.
Get Your Copy >>
Download the latest Gartner® Report: Top Strategic Technology Trends for 2024
Download Now >>
Introducing, Attack Surface Validation!
Read the Blog >>
Join the Webinar: Leverage Attack Simulations to Enhance Detection Coverage
Register Now >>
Frost & Sullivan Frost Radar™ report - Global Breach and Attack Simulation
Market
Download Now >>
Download the Blue Report for Effective Threat Exposure Management.
Get Your Copy >>
Download the latest Gartner® Report: Top Strategic Technology Trends for 2024
Download Now >>
Next
Login
Login
Platform
PLATFORM
* The Complete Security Validation Platform
* Security Control Validation
* for Prevention Controls
* for Detection Controls
* Attack Surface Validation
* Cloud Security Validation
* Attack Path Validation
* Detection Rule Validation
USE CASES
* Security Posture Management
* Security Control Validation
* Security Control Rationalization
* Enhancing Detection Efficacy
* Compliance Enablement
Integrations
INTEGRATIONS
* View all Integrations
* Network Security Technologies
* Security Incident and Event Management (SIEM)
* Endpoint Detection and Response (EDR)
* Security Orchestration, Automation and Response (SOAR)
* Extended Detection and Response (XDR)
Company
Partners
PARTNER PROGRAM
* About the Partner Program
* Become a Picus Partner
* Partner Portal
TECHNOLOGY ALLIANCES
* Technology Alliance Partner (TAP) Program and Benefits
ACHIEVING A THREAT-CENTRIC APPROACH WITH BAS
To stay ahead of changing threat landscape, a mindset shift is needed
Resources
OCTOBER 2023: KEY THREAT ACTORS, MALWARE AND EXPLOITED VULNERABILITIES
Read More
DATA SHEET | ATTACK SURFACE VALIDATION
Read More
* View all Resources
* Blog
* Purple Academy
* Webinars
* Reports
* Case Studies
* Press Releases
* MITRE ATT&CK
* Datasheets
* Cyberpedia
* Events
GET A DEMO
FREE TRIAL
OCTOBER 2023: REGIONS AND INDUSTRIES AT RISK
Sıla Özeren | November 10, 2023
THE RED REPORT 2023
The Top 10 MITRE ATT&CK Techniques Used by Adversaries
DOWNLOAD
Welcome to Picus Security's monthly cyber threat intelligence roundup!
Each month, we aim to provide a comprehensive yet digestible analysis of the
evolving threat landscape, including insights into the most targeted and at-risk
sectors, industries, and regions by cybercriminals in the wild.
Our research is conducted throughout the entire month, utilizing a diverse range
of resources that span across threat intelligence and malware dump platforms,
blogs, exploit databases, sandboxes, and network data query results. We draw
upon this wealth of information to provide you with a holistic understanding of
the cyber threat environment, with a particular focus on dissecting malware
campaigns, attack campaigns conducted by threat actors and advanced persistent
threat (APT) groups, and new malware samples observed in the wild.
By following our monthly threat report, you'll be able to ascertain which threat
actors or malware could potentially impact your sector, gauge if your country is
being specifically targeted, and understand if there is a surge in threat
activity correlated with geopolitical events or state-backed actions.
Simulate Emerging Cyber Threats with 14-Day Free Trial of the Picus Platform
TOP FOUR MOST TARGETED REGIONS IN OCTOBER
October 2023 witnessed a sharp rise in cyberattacks around the world,
highlighting the urgent need for better cybersecurity defenses. Below, we detail
the specific threat actors and malware campaigns that have targeted different
regions including
* North America,
* the Middle East,
* Europe, and
* East Asia.
We also list the organizations that were impacted by these attacks, along with
the relevant sources for this information.
FROM SEA TO CYBER SEA: NORTH AMERICA'S UNWANTED LEADERSHIP IN THE HACKING
HEMISPHERE
The recent surge of cyberattacks in North America demonstrates sophisticated and
varied threat vectors targeting multiple sectors.
Threat Actors & Attack Campaigns
Malware & Tools
SingularityMD Hacking Group [1], Aleksandr Derebenetc and Kirill Shipulin [2],
LockBit Ransomware Group [3], Lazarus Group [4], Russian Speaking Attackers
Targeting Departments of Defense and Justice [5], Akira Ransomware Group [6],
Octo Tempest [7], Hunters International (with aliases Hive) [8], RansomedVC [9],
Sandu Diaconu (with aliases WinD3str0y) [10], Black Basta Ransomware [11], Dark
Angels [12], Cuba Ransomware Gang [13], 23andMe [14], North Korean Lazarus and
Andariel [15], BianLian Extortion Group [16], ALPHV Ransomware Gang [17],
Crambus Attack Campaign by APT34 [18]
Xenomorph Malware [19], The SIGNBT and LPEClient Malware [4], LockBit Ransomware
[3], Akira Ransomware [6], Black Basta Ransomware [11], Cuba Ransomware [13],
BlackCat Ransomware [17]
Table 1. North America as the Most Targeted Region by Threat Actors
The Defense and Justice Departments of the U.S. fell victim to a
Russian-speaking hacking group [5] that exploited the MOVEit vulnerability,
leading to the theft of 632,000 federal employees' email addresses. JFK
Airport's taxi dispatch system was compromised by Russian hackers Aleksandr
Derebenetc and Kirill Shipulin [2], who manipulated the queue system for
financial gain.
Stanford University's encounter with the Akira ransomware [6] group resulted in
the theft of 430GB of data, while the aerospace giant Boeing was reportedly
breached by the LockBit ransomware group [3] through a zero-day vulnerability,
threatening national security. Inside threats were highlighted by incidents at
the NSA, ASML, and U.S. Immigration and Customs Enforcement, with employees
using their access for illicit activities.
The financial sector saw the Xenomorph malware [19] campaign targeting U.S.
banks by using phishing to capture personal data, while the Toronto Public
Library experienced service disruptions due to a Black Basta ransomware [11]
attack. In the healthcare sector, Hunters International [8] targeted Dr. Jaime
Schwartz's plastic surgery clinic, leaking sensitive patient photos for ransom.
The integrity of the electoral process was threatened when the DC Board of
Elections reported a potential theft of the entire voter roll by the RansomedVC
gang [9]. The credential-selling marketplace E-Root was disrupted after the
extradition of its admin, Sandu Diaconu (with aliases WinD3str0y) [10], to the
U.S., impacting numerous sectors through the sale of illegal credentials.
Okta, an InfoSec company, suffered a breach via a third-party vendor, exposing
the personal information of its employees [20]. Major ransomware attacks on
conglomerates like Johnson Controls and public health departments, such as the
Rock County Public Health Department, resulted in substantial demands and data
theft [12].
The genetic testing company 23andMe disclosed a breach of 1.3 million clients'
records [14], and North Korean hacker groups exploited a critical TeamCity
vulnerability to breach networks [15], possibly for software supply chain
attacks. The BianLian extortion group [16] claimed to breach Air Canada's
network, and ALPHV ransomware gang [17] announced an attack on Florida's circuit
court, exposing sensitive information.
Lastly, the Iranian Crambus espionage group [18] engaged in a prolonged campaign
against a Middle Eastern government, demonstrating the extensive reach of
state-sponsored cyber activities. These events reflect an alarming trend of
increased cyber aggression, underscoring the need for advanced, comprehensive
security measures across all affected sectors.
GEOPOLITICAL TENSIONS ARE MIRRORED IN CYBERSPACE IN MIDDLE EAST
The Middle East continues to be a hotspot for diverse and sophisticated cyber
threats, leveraging both novel and previously known malware to target a range of
victims.
Threat Actors & Attack Campaigns
Malware & Tools
Rhysida Ransomware Group [21], Threat Actors Behind the Attack Campaign
Targeting Azerbaijani Entities [22], Budworm APT [23], Scarred Manticore Attack
Campaign [24], Tortoiseshell (with aliases Crimson Sandstorm, Imperial Kitten,
TA456, Yellow Liderc) [25], Crambus Attack Campaign by APT34 [18], Scarred
Manticore [26], OilRig Threat Actor [27], Kazakhstan’s State-owned Attacker
YoroTrooper [28]
Bibi-Linux Wiper Malware [29], Rhysida Ransomware [21], LIONTAIL Malware [24],
IMAP Loader [25], PowerExchange Backdoor [18], Malicious “RedAlert - Rocket
Alerts” Application [30], Ballistic Bobcat Backdoor, Redline Stealer and Private
Loader [31]
Table #. Middle East as the Second Most Targeted Regions by Threat Actors and
Malware Campaigns
In Israel, organizations faced the new BiBi-Linux wiper [29], which destroys
data on compromised Linux systems.
The Rhysida ransomware group attacked Kuwait’s Ministry of Finance [21], but
reportedly did not access financial data. Azerbaijani entities were lured into
spyware infections through emails feigning to contain information about the
Azerbaijan-Armenia conflict [22]. Meanwhile, the Iranian APT group Scarred
Manticore used the LIONTAIL malware [24] to execute a cyber espionage campaign
against various sectors in Saudi Arabia, UAE, Jordan, and others, through
IIS-based backdoors.
Continuing Iran's cyber activity in the region, the Tortoiseshell group launched
IMAPLoader
malware [25] attacks against the maritime, shipping, and logistics industries in
the Mediterranean. In parallel, the Iranian espionage group Crambus (aka OilRig,
APT34) compromised a Middle Eastern government over eight months, employing
PowerExchange, a PowerShell backdoor [18], and using the Plink tool for remote
access, along with modifying firewall rules for maintaining access.
Hacktivist movements in the Israel-Hamas conflict also saw the deployment of
scareware and malware like Redline Stealer and PrivateLoader [31], leading to
data leaks and disruptions. An Iranian cyber-espionage group, Ballistic Bobcat,
deployed a novel backdoor targeting entities in Brazil, Israel, and the UAE.
These incidents collectively indicate that threat actors are not only persistent
but also constantly evolving their malware and tactics to exploit geopolitical
tensions and organizational vulnerabilities within the Middle East.
CYBER STORMS OVER EUROPE: THE CONTINENT RISES AS HACKERS' THIRD FAVORITE TARGET
Cybersecurity landscapes across Europe are under siege by a range of threat
actors deploying sophisticated malware and ransomware attacks.
Threat Actors & Attack Campaigns
Malware & Tools
Hunters International Ransomware-as-a-Service (RaaS) [32], Threat Actors Behind
British Mobile Virtual Network Operator Company Lyca Mobile Breach [33], Winter
Vivern Cyber Spy Group (with aliases Fancy Bear) [34], Sandu Diaconu (with
aliases WinD3str0y) [10], UAC-0165 [35], TA473 Cyberespionage Group [36],
Sandworm APT [37], Void Rabisu APT [38]
Xenomorph Android Malware [19], RomCom Malware [38]
The Xenomorph malware [19] has notably been targeting banks in Spain, Portugal,
Italy, and Belgium, with cybercriminals focusing on financial gain. This malware
is adept at stealing personal information using deceptive overlays and has
evolved to include features that avoid detection and simulate user actions. It
has also been distributed in conjunction with other malware families, indicating
a collaborative and dangerous malware ecosystem.
Hunters International [32], a new ransomware-as-a-service operation, has emerged
as a potential successor to the Hive ransomware group. The group has already
claimed a UK school as a victim, exposing sensitive data on nearly 50,000
files.
Meanwhile, Lyca Mobile in the UK suffered a breach that led to significant
customer disruption [33], hinting at compromised client passwords and forced
system shutdowns as a precautionary response.
The espionage landscape is also brimming with activity as the Winter Vivern
group, also known with aliases Fancy Bear, exploits zero-day vulnerabilities to
target European governments [34]. Their methods demonstrate a high level of
sophistication, leveraging phishing and known software flaws to gain access to
sensitive information. The group's persistence and technical advancement present
an ongoing threat to governmental cybersecurity.
Parallel to these espionage efforts, the E-Root marketplace's admin, Sandu
Diaconu, was extradited to the US, signifying a substantial disruption to an
illicit network that facilitated ransomware attacks, wire fraud, and other
cybercrimes. Over 350,000 credentials were trafficked on this platform,
affecting individuals, companies, and government agencies.
In Ukraine, a series of cyberattacks orchestrated by an unidentified group
disrupted services across 11 telecom providers. These attacks highlight a
pattern of reconnaissance and exploitation, utilizing compromised servers to
conduct operations, especially within the Ukrainian internet space. Finally, the
RomCom malware [38] phishing campaign targeted the Women Political Leaders
Summit in Brussels. The attackers deployed a new backdoor variant using a fake
website resembling the official WPL portal, demonstrating a continuous threat to
political events and the individuals involved.
Each of these incidents underscores a multifaceted threat environment in Europe,
where financial gain, espionage, and disruption are key motivators for diverse
and increasingly sophisticated cyber adversaries.
FROM SILICON TO CYBER SILK ROAD: EAST ASIA EMERGES AS FOURTH MOST HACKED REGION
In East Asia, a series of cyber attacks has highlighted the vulnerability of
both the entertainment and telecommunications sectors, as well as the burgeoning
cryptocurrency market.
Threat Actors & Attack Campaigns
Malware & Tools
RansomedVC Threat Group [39], Threat Actors Behind the Mixin Breach [40],
Budworm APT [23], Threat Actors Behind the Casio Breach [41]
SysUpdate Backdoor Malware [23]
Japanese conglomerates Sony and NTT Docomo fell victim to ransomware attacks
orchestrated by the RansomedVC group [39], which demanded millions in ransom and
threatened to leak sensitive data. In the realm of cryptocurrency, the Hong
Kong-based exchange Mixin suffered a major security breach resulting in the
theft of $200 million [40]. The attackers exploited vulnerabilities in a cloud
provider's database, showcasing the sophisticated methods used by cybercriminals
to siphon off vast sums from digital currency platforms.
The activity of Chinese APT group Budworm has also been noted; this group
employed DLL sideloading techniques to deploy SysUpdate malware, targeting
government entities in Asia and a telecom company in the Middle East [23]. The
SysUpdate malware acts as a backdoor, signifying an advanced persistent threat
with the potential for long-term espionage and data extraction.
Casio, a global leader in consumer electronics, experienced a significant data
breach involving a ClassPad server [41] Personal information of customers from
149 countries was compromised, including names, email addresses, purchase
information, and service usage details. This breach, attributed to disabled
network security settings and inadequate operational management, could expose
customers to identity theft, phishing, and other cyber threats.
TOP FIVE MOST TARGETED SECTORS IN OCTOBER 2023
In this section, we will list the most targeted sectors:
* Government and Administration,
* Technology,
* Finance,
* Education, and
* Telecommunications.
For each sector, we will provide the corresponding threat actors and APT
(Advanced Persistent Threat) groups, as well as their malware campaigns.
TOP OF THE HACKER'S HITLIST: GOVERNMENT AND ADMINISTRATION UNDER SIEGE!
The government and administrative sector is increasingly besieged by
sophisticated cyber threats from various global actors, each with unique tools
and methods of attack.
Threat Actors & Attack Campaigns
Malware & Tools
Winter Vivern Russia Hacking Group [36], Rhysida Ransomware Group [21], Threat
Actors Behind the Attack Campaign Targeting Azerbaijani Entities [22], Budworm
APT [23], RansomedVC [42], Scarred Manticore Attack Campaign [24], TA473
Cyberespionage Group [36], TetrisPhantom Threat Group [43], Void Rabisu APT
[38], Kazakhstan’s State-owned Attacker YoroTrooper [28]
Bibi-Linux Wiper Malware [29], Rhysida Ransomware [21], LIONTAIL Malware [24],
DinodasRAT [44], RomCom Malware [38], SysUpdate Malware [23]
The Chinese APT group Budworm [23] has been active, using advanced techniques
such as DLL sideloading to implant its SysUpdate malware [23] into government
and telecommunications entities, operating as a versatile backdoor for
espionage. Similarly, the RansomedVC ransomware [42] gang compromised the
District of Columbia Board of Elections through a breach in their hosting
provider's server, threatening the integrity of sensitive US voter information.
In the Middle East, the Iranian APT group Scarred Manticore [24], also known as
Storm-0861 or OilRig, has been leveraging IIS-based backdoors named LIONTAIL
[24] for cyberespionage against governmental and military targets, exhibiting
their prowess since at least 2019.
Moreover, the Asia-Pacific region has not been spared, with the emergence of the
TetrisPhantom [43] hackers who exploit secure USB drives to pilfer data from
government systems. This threat underscores the ingenuity of threat actors in
breaching even air-gapped security measures. At the same time, the Women
Political Leaders Summit in Brussels became the target of a phishing campaign
utilizing a new variant of the RomCom backdoor [38], indicating a trend towards
more stealthy and sophisticated malware.
Additionally, the Kazakhstani group YoroTrooper has been identified by Cisco
Talos [28], highlighting the diverse linguistic and regional expertise of
state-sponsored cyber threats. These incidents collectively underline the
critical need for robust cybersecurity measures and constant vigilance in the
government sector against a backdrop of escalating and evolving cyber threats.
DIGITAL CROSSHAIRS: TECHNOLOGY SECTOR SEIZES THE SILVER IN CYBERSECURITY BREACH
STAKES!
The technology sector continues to grapple with sophisticated cyber threats,
with recent breaches indicating a high level of targeted activity.
Threat Actors & Attack Campaigns
Malware & Tools
Lazarus APT [4], Octo Tempest [45], Okta Breach [46], Diamond Sleet, Onyx Sleet
(with aliases ZINC, PLUTONIUM) [47], An Unidentified APT Group [48]
SIGNBT and LPEClient Malware [4], ALPHV/BlackCat Ransomware [45], ForestTiger
Backdoor, RollSling, FeedLoad, HazyLoad Malware [47], API SbieDll_Hook, loading
tools such as Cobalt Strike Stager, Cobalt Strike Beacon, the Havoc framework,
and NetSpy [48]
North Korean threat actors, particularly Diamond Sleet and Onyx Sleet, have
exploited a vulnerability in JetBrains TeamCity (CVE-2023-42793) to deploy
malware such as ForestTiger, RollSling, FeedLoad, and HazyLoad, suggesting an
elevated risk to software development and technology organizations [47]. These
actors, also known as ZINC and PLUTONIUM, are motivated by cyber espionage,
seeking persistent access to compromise systems, and have been active since
early October 2023.
In a similar vein, the notorious Lazarus group breached a software vendor
repeatedly, aiming for source code theft or supply chain attacks, using
sophisticated malware like SIGNBT and LPEClient, despite available patches for
known software flaws [4].
Further demonstrating the sector's vulnerability, Octo Tempest [45], an adept
English-speaking hacking group, has been executing ransomware attacks and data
extortion against various industries, including technology, by deploying
ALPHV/BlackCat ransomware [45] and sophisticated phishing tools.
Additionally, a new APT group [48] has been observed conducting targeted attacks
against the manufacturing and IT industries, employing a unique combination of
custom malware and known exploits like CVE-2019-0803 for credential theft and
system control.
These incidents highlight the ongoing and diverse threats facing the technology
sector, where threat actors leverage a mix of old and new vulnerabilities and
malware to achieve their objectives, from espionage to financial gain.
MONETARY MAYHEM: FINANCE HOLDS THE THIRD PLACE TROPHY IN CYBER INTRUSIONS
The finance sector has faced a series of cyber threats, with multiple actors and
malware targeting financial institutions and cryptocurrency platforms.
Threat Actors & Attack Campaigns
Malware & Tools
Threat Actor Behind the LastPass Cryptocurrency Breach [49], Octo Tempest [45],
Threat Actors Behind the Mixin Breach [40], Scarred Manticore Attack Campaign
[24], KibOrg and NLB Hacktivist Groups
Xenomorph Android Malware [19], ALPHV/BlackCat Ransomware [45], LIONTAIL Malware
[24], SeroXen Remote Access Trojan (RAT) [50]
The LastPass cryptocurrency breach [49], attributed to the theft of $4.4
million, was conducted by threat actors who exploited stolen databases to access
cryptocurrency wallet passphrases, credentials, and private keys. This breach
underscores the growing trend of cybercriminals targeting password managers to
facilitate cryptocurrency theft.
In another event, developers were deceived by malicious NuGet packages, which
amassed over two million downloads, impersonating crypto wallets and exchanges.
These packages were designed to distribute the SeroXen remote access trojan
(RAT) [50], highlighting the risks posed to software supply chains by malicious
actors.
In a notable cyber operation, Ukrainian hacktivist groups KibOrg and NLB [51],
reportedly in collaboration with Ukraine's Security Services (SBU), breached
Alfa-Bank, Russia's largest private bank. They claimed to have accessed the
private information of over 30 million clients, including sensitive personal
data. This incident not only reflects the direct impact of geopolitical tensions
on cybersecurity but also serves as a reminder of the high stakes involved in
protecting customer data within the finance sector.
These diverse and significant cyber threats demonstrate the finance sector's
position as a high-value target for a variety of cybercriminal activities, from
politically motivated attacks to complex financial fraud schemes.
HACKING THE HALLS OF LEARNING: EDUCATION SECTOR TAKES FOURTH PLACE IN CYBER
THREATS
The education sector has been hit by a wave of cyberattacks affecting
institutions of various sizes and significance.
Threat Actor
UNC Behind Toronto Public Library Service Downing Attack [52], Hunters
International Ransomware-as-a-Service (RaaS) [32], SingularityMD Hacking Group
[1], Akira Ransomware Gang [53], Threat Actors Behind the University of Michigan
Breach [54], Threat Actors Behind University of Tokyo Breach [55], AvosLocker
Double-Extortion Group [56]
The Toronto Public Library [52], a key educational resource in Canada,
experienced a cyberattack that disrupted its online services. The incident
affected a vast network of 100 branch libraries and over a million registered
members, challenging the library's considerable operational budget that
surpasses $200M.
Stanford University also fell victim to a cyberattack by the Akira ransomware
gang [53], which claimed to have exposed 430GB of sensitive data. This breach
targeted the systems of Stanford's Department of Public Safety, potentially
affecting the security of the university's community.
The University of Michigan disclosed a data breach involving unauthorized access
to servers containing sensitive information such as Social Security and driver's
license numbers, government IDs, payment information, and healthcare details
[54].
Similarly, the University of Tokyo suffered a data leak resulting from a malware
infection, compromising the personal information of students across nearly two
decades (from 2003 to 2022) [55]. Both incidents highlight the vulnerability of
personal data within educational institutions.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an
advisory regarding AvosLocker, a Ransomware-as-a-Service group with a
significant focus on the education sector [56], constituting a quarter of their
attacks. The United States was the primary target of these attacks, showcasing
the persistent threat of ransomware within the educational landscape. This
pattern of attacks underscores the need for robust cybersecurity measures in
educational institutions, which house a wealth of sensitive information and are
integral to the learning process and personal development of students.
SIGNALS INTERCEPTED: TELECOMMUNICATIONS NAMED FIFTH IN THE CYBER STRIKE LEAGUE
The telecommunications sector has been under persistent cyber threat, with
various nation-state actors conducting targeted attacks to disrupt services and
gather intelligence.
Threat Actors & Attack Campaigns
Malware & Tools
Budworm APT [23], Threat Actors Behind British Mobile Virtual Network Operator
Company Lyca Mobile Breach [33], Scarred Manticore Attack Campaign [24],
UAC-0165 [35], Sandworm APT [37], ToddyCat Hackers [57], Kazakhstan’s
State-owned Attacker YoroTrooper [28], Staying Alive Attack Campaign [58]
LIONTAIL Malware [24], POEMGATE, POSEIDON and HITECAT [35], CurKeep Malware
[57]
In October 2023, The Computer Emergency Response Team of Ukraine (CERT-UA)
identified that at least 11 service providers had been compromised by threat
actors, designated as UAC-0165 [35], between May and September of that year. The
reconnaissance activities were carried out from servers previously compromised
within Ukraine. These attacks involved scanning for vulnerable RDP or SSH
interfaces to gain entry, which led to significant service interruptions for
customers.
In the Middle East, the Iranian threat actor Scarred Manticore [24], linked to
OilRig (APT34, EUROPIUM, Hazel Sandstorm), has been actively targeting
government and telecommunications sectors. Meanwhile, the notorious Russian
Sandworm APT [37] group breached 11 Ukrainian telecom providers within the same
timeframe, resulting in service disruptions and potential data breaches.
Sandworm's operations are characterized by sophisticated espionage tactics
including phishing, Android malware, and data-wiping tools.
Additionally, the 'Stayin' Alive' campaign [58] orchestrated by the Chinese
espionage actor ToddyCat [57] has been targeting telecoms across Asia. This
campaign employed "disposable" malware, including downloaders and loaders like
CurKeep, to avoid detection and maintain a foothold in targeted networks.
The persistent and varied nature of these attacks highlights the strategic
importance of telecommunications infrastructure in geopolitical cyber
operations, and the need for heightened security measures in this sector.
REFERENCES
[1] L. Abrams, “Hackers email stolen student data to parents of Nevada school
district,” BleepingComputer, Oct. 28, 2023. Available:
https://www.bleepingcomputer.com/news/security/hackers-email-stolen-student-data-to-parents-of-nevada-school-district/.
[Accessed: Nov. 07, 2023]
[2] T. Claburn, “Now Russians accused of pwning JFK taxi system to sell top
spots to cabbies,” The Register, Oct. 31, 2023. Available:
https://www.theregister.com/2023/10/31/russians_nyc_jfk_taxi_hacking/.
[Accessed: Nov. 08, 2023]
[3] “Website.” Available:
https://thecyberwire.com/stories/fe240f10e10049b9b2b9407216696e1b/lockbit-claims-a-cyberattack-against-boeing
[4] B. Toulas, “Lazarus hackers breached dev repeatedly to deploy SIGNBT
malware,” BleepingComputer, Oct. 27, 2023. Available:
https://www.bleepingcomputer.com/news/security/lazarus-hackers-breached-dev-repeatedly-to-deploy-signbt-malware/.
[Accessed: Nov. 07, 2023]
[5] “Bloomberg.” Available:
https://www.bloomberg.com/news/articles/2023-10-30/hackers-accessed-632-000-email-addresses-at-defense-doj.
[Accessed: Nov. 08, 2023]
[6] C. Jones, “Stanford schooled in cybersecurity after Akira claims ransomware
attack,” The Register, Oct. 30, 2023. Available:
https://www.theregister.com/2023/10/30/stanford_university_confirms_investigation_into/.
[Accessed: Nov. 08, 2023]
[7] C. Jones, “Microsoft unveils shady shenanigans of Octo Tempest and their
cyber-trickery toolkit,” The Register, Oct. 27, 2023. Available:
https://www.theregister.com/2023/10/27/octo_tempest_microsoft/. [Accessed: Nov.
08, 2023]
[8] C. Jones, “Hunters International leaks pre-op plastic surgery pics in
negotiation no-no,” The Register, Oct. 25, 2023. Available:
https://www.theregister.com/2023/10/25/rebuilt_hive_ransomware_gang_stings/.
[Accessed: Nov. 08, 2023]
[9] J. L. Hardcastle, “DC elections agency warns entire voting roll may have
been stolen,” The Register, Oct. 23, 2023. Available:
https://www.theregister.com/2023/10/23/washington_elections_agency_breach/.
[Accessed: Nov. 08, 2023]
[10] J. L. Hardcastle, “Admin behind E-Root stolen creds souk extradited to US,”
The Register, Oct. 20, 2023. Available:
https://www.theregister.com/2023/10/20/eroot_admin_extradited/. [Accessed: Nov.
08, 2023]
[11] L. Abrams, “Toronto Public Library outages caused by Black Basta ransomware
attack,” BleepingComputer, Nov. 01, 2023. Available:
https://www.bleepingcomputer.com/news/security/toronto-public-library-outages-caused-by-black-basta-ransomware-attack/.
[Accessed: Nov. 08, 2023]
[12] G. Cluley, “Ransomware group demands $51 million from Johnson Controls
after cyber attack,” Hot for Security. Available:
https://www.bitdefender.com/blog/hotforsecurity/ransomware-group-demands-51-million-from-johnson-controls-after-cyber-attack/.
[Accessed: Nov. 08, 2023]
[13] J. Greig, “Wisconsin county dealing with ransomware attack on public health
department.” Available:
https://therecord.media/wisconsin-county-dealing-with-ransomware-attack-healthcare.
[Accessed: Nov. 08, 2023]
[14] J. Greig, “23andMe scraping incident leaked data on 1.3 million users of
Ashkenazi and Chinese descent.” Available:
https://therecord.media/scraping-incident-genetic-testing-site. [Accessed: Nov.
08, 2023]
[15] L. Abrams, “North Korean hackers exploit critical TeamCity flaw to breach
networks,” BleepingComputer, Oct. 18, 2023. Available:
https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-critical-teamcity-flaw-to-breach-networks/.
[Accessed: Nov. 08, 2023]
[16] S. Gatlan, “BianLian extortion group claims recent Air Canada breach,”
BleepingComputer, Oct. 11, 2023. Available:
https://www.bleepingcomputer.com/news/security/bianlian-extortion-group-claims-recent-air-canada-breach/.
[Accessed: Nov. 08, 2023]
[17] S. Gatlan, “ALPHV ransomware gang claims attack on Florida circuit court,”
BleepingComputer, Oct. 09, 2023. Available:
https://www.bleepingcomputer.com/news/security/alphv-ransomware-gang-claims-attack-on-florida-circuit-court/.
[Accessed: Nov. 08, 2023]
[18] “Crambus: New Campaign Targets Middle Eastern Government.” Available:
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/crambus-middle-east-government.
[Accessed: Nov. 08, 2023]
[19] R. Priyanka, “Xenomorph Malware targets US banks,” Latest Cyber Security
News, Leading Cyber Security News, Sep. 27, 2023. Available:
https://cybersafe.news/xenomorph-malware-targets-us-banks/. [Accessed: Nov. 07,
2023]
[20] B. Toulas, “Okta hit by third-party data breach exposing employee
information,” BleepingComputer, Nov. 02, 2023. Available:
https://www.bleepingcomputer.com/news/security/okta-hit-by-third-party-data-breach-exposing-employee-information/.
[Accessed: Nov. 09, 2023]
[21] J. Greig, “Kuwait isolates some government systems following attack on its
Finance Ministry.” Available:
https://therecord.media/kuwait-isolates-systems-after-ransomware-attack.
[Accessed: Nov. 08, 2023]
[22] F. Gutierrez, “Threat Actors Exploit the Tensions Between Azerbaijan and
Armenia,” Fortinet Blog, Sep. 27, 2023. Available:
https://www.fortinet.com/blog/threat-research/threat-Actors-exploit-the-tensions-between-azerbaijan-and-armenia.
[Accessed: Nov. 08, 2023]
[23] “Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and
Telecoms Org.” Available:
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/budworm-tool-update-telecoms-govt.
[Accessed: Nov. 08, 2023]
[24] “From Albania to the Middle East: The Scarred Manticore is Listening,”
Check Point Research, Oct. 31, 2023. Available:
https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/.
[Accessed: Nov. 08, 2023]
[25] 2023 newsroom Oct 26, “Iranian Group Tortoiseshell Launches New Wave of
IMAPLoader Malware Attacks,” The Hacker News, Oct. 26, 2023. Available:
https://thehackernews.com/2023/10/iranian-group-tortoiseshell-launches.html.
[Accessed: Nov. 08, 2023]
[26] “AlienVault - Open Threat Exchange,” AlienVault Open Threat Exchange.
Available: https://otx.alienvault.com/pulse/6540ef652aec427c2989429d. [Accessed:
Nov. 09, 2023]
[27] “AlienVault - Open Threat Exchange,” AlienVault Open Threat Exchange.
Available: https://otx.alienvault.com/pulse/650d6ec6b48cdeb3e1205751. [Accessed:
Nov. 09, 2023]
[28] A. Malhotra, “Kazakhstan-associated YoroTrooper disguises origin of attacks
as Azerbaijan,” Cisco Talos Blog, Oct. 25, 2023. Available:
https://blog.talosintelligence.com/attributing-yorotrooper/. [Accessed: Nov. 09,
2023]
[29] S. Gatlan, “New BiBi-Linux wiper malware targets Israeli orgs in
destructive attacks,” BleepingComputer, Oct. 30, 2023. Available:
https://www.bleepingcomputer.com/news/security/new-bibi-linux-wiper-malware-targets-israeli-orgs-in-destructive-attacks/.
[Accessed: Nov. 07, 2023]
[30] “AlienVault - Open Threat Exchange,” AlienVault Open Threat Exchange.
Available: https://otx.alienvault.com/pulse/652e97f29e476b423d10aeae. [Accessed:
Nov. 09, 2023]
[31] “Picus CTI.” Available:
http://136.243.15.17:9090/dashboard/analysis/reports/09551476-774e-4d3e-ab58-88254a7ce8f1.
[Accessed: Nov. 09, 2023]
[32] I. Ilascu, “New Hunters International ransomware possible rebrand of Hive,”
BleepingComputer, Oct. 29, 2023. Available:
https://www.bleepingcomputer.com/news/security/new-hunters-international-ransomware-possible-rebrand-of-hive/.
[Accessed: Nov. 07, 2023]
[33] C. Page, “Lyca Mobile says customer data was stolen during cyberattack,”
TechCrunch, Oct. 06, 2023. Available:
https://techcrunch.com/2023/10/06/lyca-mobile-says-customer-data-was-stolen-during-cyberattack/.
[Accessed: Nov. 08, 2023]
[34] C. Jones, “Pro-Russia group exploits Roundcube zero-day in attacks on
European government emails,” The Register, Oct. 25, 2023. Available:
https://www.theregister.com/2023/10/25/prorussia_group_exploits_roundcube_zeroday/.
[Accessed: Nov. 08, 2023]
[35] 2023newsroom Oct 17, “CERT-UA Reports: 11 Ukrainian Telecom Providers Hit
by Cyberattacks,” The Hacker News, Oct. 17, 2023. Available:
https://thehackernews.com/2023/10/cert-ua-reports-11-ukrainian-telecom.html.
[Accessed: Nov. 08, 2023]
[36] S. Gatlan, “European govt email servers hacked using Roundcube zero-day,”
BleepingComputer, Oct. 25, 2023. Available:
https://www.bleepingcomputer.com/news/security/european-govt-email-servers-hacked-using-roundcube-zero-day/.
[Accessed: Nov. 07, 2023]
[37] B. Toulas, “Russian Sandworm hackers breached 11 Ukrainian telcos since
May,” BleepingComputer, Oct. 16, 2023. Available:
https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-breached-11-ukrainian-telcos-since-may/.
[Accessed: Nov. 08, 2023]
[38] B. Toulas, “Women Political Leaders Summit targeted in RomCom malware
phishing,” BleepingComputer, Oct. 15, 2023. Available:
https://www.bleepingcomputer.com/news/security/women-political-leaders-summit-targeted-in-romcom-malware-phishing/.
[Accessed: Nov. 08, 2023]
[39] A. Mascellino, “Ransomed.vc Group Hits NTT Docomo After Sony Breach
Claims,” Infosecurity Magazine, Sep. 27, 2023. Available:
https://www.infosecurity-magazine.com/news/ransomedvc-group-hits-ntt-docomo/.
[Accessed: Nov. 08, 2023]
[40] L. Franceschi-Bicchierai, “Hackers steal $200M from crypto company Mixin,”
TechCrunch, Sep. 25, 2023. Available:
https://techcrunch.com/2023/09/25/hackers-steal-200-million-from-crypto-company-mixin/.
[Accessed: Nov. 08, 2023]
[41] J. L. Hardcastle, “Casio keyed up after data loss hits customers in 149
countries,” The Register, Oct. 19, 2023. Available:
https://www.theregister.com/2023/10/19/casio_data_theft/. [Accessed: Nov. 08,
2023]
[42] S. Gatlan, “D.C. Board of Elections confirms voter data stolen in site
hack,” BleepingComputer, Oct. 06, 2023. Available:
https://www.bleepingcomputer.com/news/security/dc-board-of-elections-confirms-voter-data-stolen-in-site-hack/.
[Accessed: Nov. 08, 2023]
[43] B. Toulas, “New TetrisPhantom hackers steal data from secure USB drives on
govt systems,” BleepingComputer, Oct. 22, 2023. Available:
https://www.bleepingcomputer.com/news/security/new-tetrisphantom-hackers-steal-data-from-secure-usb-drives-on-govt-systems/.
[Accessed: Nov. 08, 2023]
[44] 2023 newsroom Oct 05, “Guyana Governmental Entity Hit by DinodasRAT in
Cyber Espionage Attack,” The Hacker News, Oct. 05, 2023. Available:
https://thehackernews.com/2023/10/guyana-governmental-entity-hit-by.html.
[Accessed: Nov. 08, 2023]
[45] M. I. Response and M. T. Intelligence, “Octo Tempest crosses boundaries to
facilitate extortion, encryption, and destruction,” Microsoft Security Blog,
Oct. 25, 2023. Available:
https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/.
[Accessed: Nov. 07, 2023]
[46] R. Goswami, “Okta cybersecurity breach wipes out more than $2 billion in
market cap,” CNBC, Oct. 23, 2023. Available:
https://www.cnbc.com/2023/10/23/okta-hack-wipes-out-more-than-2-billion-in-market-cap.html.
[Accessed: Nov. 08, 2023]
[47] M. T. Intelligence, “Multiple North Korean threat actors exploiting the
TeamCity CVE-2023-42793 vulnerability,” Microsoft Security Blog, Oct. 18, 2023.
Available:
https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/.
[Accessed: Nov. 09, 2023]
[48] T. S. Dutta, “New APT Group Using Custom Malware to Attack Manufacturing &
IT Industries,” Cyber Security News, Oct. 10, 2023. Available:
https://cybersecuritynews.com/apt-group-custom-malware/. [Accessed: Nov. 09,
2023]
[49] L. Abrams, “LastPass breach linked to theft of $4.4 million in crypto,”
BleepingComputer, Oct. 30, 2023. Available:
https://www.bleepingcomputer.com/news/security/lastpass-breach-linked-to-theft-of-44-million-in-crypto/.
[Accessed: Nov. 07, 2023]
[50] B. Toulas, “Malicious Solana, Kucoin packages infect NuGet devs with
SeroXen RAT,” BleepingComputer, Oct. 12, 2023. Available:
https://www.bleepingcomputer.com/news/security/malicious-solana-kucoin-packages-infect-nuget-devs-with-seroxen-rat/.
[Accessed: Nov. 08, 2023]
[51] D. Antoniuk, “Ukraine security services involved in hack of Russia’s
largest private bank.” Available:
https://therecord.media/sbu-involved-in-alfa-bank-hack. [Accessed: Nov. 09,
2023]
[52] B. Toulas, “Toronto Public Library services down following weekend
cyberattack,” BleepingComputer, Oct. 30, 2023. Available:
https://www.bleepingcomputer.com/news/security/toronto-public-library-services-down-following-weekend-cyberattack/.
[Accessed: Nov. 07, 2023]
[53] J. Greig, “Stanford University investigating cyberattack after ransomware
claims.” Available:
https://therecord.media/stanford-investigating-cyberattack-after-ransomware.
[Accessed: Nov. 08, 2023]
[54] I. Ilascu, “University of Michigan employee, student data stolen in
cyberattack,” BleepingComputer, Oct. 23, 2023. Available:
https://www.bleepingcomputer.com/news/security/university-of-michigan-employee-student-data-stolen-in-cyberattack/.
[Accessed: Nov. 09, 2023]
[55] The Yomiuri Shimbun, “University of Tokyo PC Infected with Malware in July
2022; Possible Leak of Students’ Addresses, Grades,” Oct. 24, 2023. Available:
https://japannews.yomiuri.co.jp/society/crime-courts/20231024-145447/.
[Accessed: Nov. 08, 2023]
[56] N. Shivtarkar and R. Dodia, “A Retrospective on AvosLocker,” Oct. 27, 2023.
Available:
https://www.zscaler.com/blogs/security-research/retrospective-avoslocker.
[Accessed: Nov. 09, 2023]
[57] B. Toulas, “ToddyCat hackers use ‘disposable’ malware to target Asian
telecoms,” BleepingComputer, Oct. 12, 2023. Available:
https://www.bleepingcomputer.com/news/security/toddycat-hackers-use-disposable-malware-to-target-asian-telecoms/.
[Accessed: Nov. 08, 2023]
[58] “Stayin’ Alive - Targeted Attacks Against Telecoms and Government
Ministries in Asia,” Check Point Research, Oct. 11, 2023. Available:
https://research.checkpoint.com/2023/stayin-alive-targeted-attacks-against-telecoms-and-government-ministries-in-asia/.
[Accessed: Nov. 09, 2023]
SHARE THIS:
SUBSCRIBE
GET THE LATEST INSIGHTS
DELIVERED STRAIGHT TO YOUR INBOX
Notification Frequency
* I would like to receive emails including latest blog posts about emerging
threats, events, product news, and more from Picus.
*
By clicking the button below, you agree our Privacy Policy.
United States
1401 Pennsylvania Avenue Unit 105 Suite 104, Wilmington, DE 19806
+1 (415) 890 5105
3001 North Rocky Point Drive East
Suite 200
Tampa, FL 33607 USA
+1 (336) 510 2907
United Kingdom
Work.Life Soho,
9 Noel Street, London, W1F 8GQ, UK
+44 20 38077425
Singapore
331 North Bridge Road, Odeon Towers, #22-05 188720 Singapore
+65 3 1595424
Türkiye
Hacettepe Teknokent, Üniversiteler Mah.
1596. Cad. 1. Ar-Ge 97/12 Beytepe,
Çankaya/ Ankara, TR
+90 (312) 235 3579
Email
info@picussecurity.com
Platform
* The Complete Security Validation Platform
* Security Control Validation
* Security Control Validation for
Prevention Controls
* Security Control Validation for
Detection Controls
* Attack Surface Validation
* Cloud Security Validation
* Attack Path Validation
* Detection Rule Validation
Integrations
* Network Security Technologies
* Security Incident and Event Management (SIEM)
* Endpoint Detection and Response (EDR)
* Security Orchestration, Automation and Response (SOAR)
Use Cases
* Security Posture Management
* Security Control Validation
* Security Control Rationalization
* Enhancing Detection Efficacy
* Compliance Enablement
Resources
* Reports & Guides
* Webinars
* Newsletter
* MITRE ATT&CK
* Purple Academy
Partners
* Technology Alliances
* About the Partner Program
* Become a Picus Partner
Company
* About Us
* Careers
* Contact
* Customer Support Portal
* Trust Center
Follow us on LinkedIn Follow us on Twitter Follow us on Facebook
© 2023 Copyright. All rights reserved.
Terms | Security&Privacy