web security

Significant Cyber Incidents Month January, February, March 2023

Below is a summary of incidents from over the last year. For the full list, click the download link at end of the article.

 

March 2023. Russian hackers brought down the French National Assembly’s website for several hours using a DDoS attack. In a Telegram post, hackers cited the French government’s support for Ukraine as the reason for the attack.

March 2023. Suspected Russian hackers launched an unsuccessful DDoS attack against a German defense firm, Rheinmetall.

March 2023. CISA and FBI reported that a U.S. federal agency was targeted by multiple attackers, including a Vietnamese espionage group, in a cyberespionage campaign between November 2022 and January 2023. Hackers used a vulnerability in the agency’s Microsoft Internet Information Services (IIS) server to install malware.

March 2023. A Chinese cyberespionage group targeted an East Asian data protection company who serves military and government entities that lasted approximately a year.

March 2023. Estonian officials claim that hackers unsuccessfully targeted the country’s internet voting system during its recent parliamentary elections. Officials did not release details about the attacks or provide attribution.

March 2023. North Korean hackers targeted U.S.-based cybersecurity research firms in a phishing campaign. The campaign was meant to deliver malware for cyberespionage.

March 2023. Chinese hackers targeted people in Mongolia, Papua New Guinea, Ghana, Zimbabwe, and Nigeria using malware developed by Chinese government hackers in 2008. The malware was delivered using USB drives.

March 2023. A Chinese cyber espionage group targeted government entities in Vietnam, Thailand, and Indonesia, using newly developed malware optimized to evade detection.

March 2023. Russian hackers launched social engineering campaigns targeting U.S. and European politicians, businesspeople, and celebrities who have publicly denounced Vladimir Putin’s invasion of Ukraine. Hackers persuaded victims to participate in phone or video calls, giving misleading prompts to obtain pro-Putin or pro-Russian soundbites. They published these to discredit victims’ previous anti-Putin statements.

March 2023. Slovakian cybersecurity researchers discovered a new exploit from a Chinese espionage group targeting political organizations in Taiwan and Ukraine.

March 2023. Poland blamed Russia hackers for a DDoS attack on its official tax service website. Hackers blocked users’ access to the site for approximately an hour, but no data was leaked in the attack. A pro-Russian hacking group had earlier published a statement on Telegram about its intention to attack the Polish tax service.

March 2023. The European Union Agency for Cybersecurity (ENISA) released a report citing significant threats to the EU transportation sector, with 98 incidents between January 2021 and October 2022.

February 2023. The Dutch Police hacked into and dismantled Exclu, an encrypted communications platform, to disrupt activity from criminal organizations. Dutch officials also exfiltrated communications data from Exclu servers for use in investigations. Eurojust, Europol, and police from Italy, Sweden, France, and Germany assisted in the operation.

February 2023. Russian hackers deployed malware to steal information from Ukrainian organizations in a phishing campaign. The malware is capable of extracting account information and files, as well as taking screenshots. Researchers at Symantec believe the group is a key player in Russia’s cyber campaigns against Ukraine.

February 2023. Pro-Russian hacking group Killnet claimed responsibility for DDoS attacks against NATO networks used to transmit sensitive data. The attack disrupted communications between NATO and airplanes providing earthquake aid to a Turkish airbase. The attack also took NATO’s sites offline temporarily.

February 2023. Polish officials reported a disinformation campaign targeting the Polish public. Targets received anti-Ukrainian refugee disinformation via email. Officials claimed these activities may be related to Russia-linked hackers.

February 2023. North Korea hacking group Lazarus conducted an espionage campaign between August and November 2022. Hackers targeted medical research, healthcare, defense, energy, chemical engineering and a research university, exfiltrating over 100MB of data from each victim while remaining undetected. The group is linked to the North Korean government.

February 2023. Latvian officials claimed that Russian hackers launched a phishing campaign against its Ministry of Defense. The Latvian Ministry of Defense stated this operation was unsuccessful.

February 2023. Italian officials claim Russia-linked hackers conducted a ransomware attack against Acea, an energy utility for the city of Rome.

February 2023. Iranian hacktivists disrupted the state-run television broadcast of a speech by Iranian president Ebrahim Raisi during Revolution Day ceremonies. Hackers aired the slogan “Death to Khamenei” and encouraged citizens to join antigovernment protests.

February 2023. An Iranian hacking group launched an espionage campaign against organizations in the Middle East. Hackers used a backdoor malware to compromise target email accounts. Researchers claim the hacking group is linked to Iranian intelligence services.

February 2023. Iranian hacktivists claimed responsibility for taking down websites for the Bahrain international airport and state news agency.

February 2023. Hackers launched a ransomware attack against Technion University, Israel’s top technology education program. Hackers demanded 80 bitcoin ($1.7 million USD) to decrypt the university’s files. Israeli cybersecurity officials blamed Iranian state-sponsored hackers for the attack.

February 2023. Hackers disabled Italy’s Revenue Agency (Agenzia delle Entrane) website. While the website was disabled, users received phishing emails directing them to a false login page that mirrored the official agency site. Italian officials restored the agency’s site within 2 hours.

February 2023. Chinese cyberespionage hackers performed a spear-phishing campaign against government and public sector organizations in Asia and Europe. The emails used a draft EU Commission letter as its initial attack vector. These campaigns have occurred since at least 2019 according to EclecticIQ Threat Research Team.

February 2023. Authorities from the Dutch National Cyber Security Centre claimed pro-Russian hackers launched DDoS attacks targeting hospital websites in the Netherlands and other countries in Europe.

January 2023. Latvian officials claimed that Russia-linked hackers launched a cyber espionage phishing campaign against its Ministry of Defense. The Latvian Ministry of Defense stated this operation was unsuccessful.

January 2023. CISA, the NSA, and the Multi-State Information Sharing and Analysis Center released a joint advisory warning of an increase in hacks on the federal civilian executive branch utilizing remote access software. This follows an October 2022 report on a financially motivated phishing campaign against multiple U.S. federal civilian executive branch agencies.

January 2023. Hackers targeted the Serbian government to disable its Ministry of Internal Affairs network infrastructure. Serbian officials worked with industry professionals to block the attacks.

January 2023. Russia-linked hackers deployed a ransomware attack against the UK postal service, the Royal Mail. The attack disrupted the systems used to track international mail. It took 20 days for the Royal Mail to fully restore international mail services.

January 2023. Hackers disrupted access to over 1,500 Nepalese government websites by flooding its main government server with traffic.

January 2023. Iran-linked hackers executed ransomware attacks and exfiltrated data from U.S. public infrastructure and private Australian organizations. Australian authorities claim that the data exfiltrated was for use in extortion campaigns.

January 2023. The FBI named North Korea-linked hackers responsible for the June 2022 $100 million heist from American crypto firm, Harmony’s Horizon Bridge. In January 2023, the hackers used a system called Railgun to launder over $60 million worth of cryptocurrency stolen in the June attack. Railgun is a privacy system built on the Ethereum blockchain to ensure the identity of the user is kept secret.

January 2023. Hackers used ransomware to encrypt 12 servers at Costa Rica’s Ministry of Public Works, knocking all its servers offline.

January 2023. Albanian officials reported that its government servers were still near-daily targets of cyber-attacks following a major attack by Iran-linked hackers in 2022.

January 2023. Hackers launched a series of cyber-attacks against Malaysian national defense networks. Malaysian officials stated that the hacking activities were detected early enough to prevent any network compromise.

January 2023. Hackers targeted government, military, and civilian networks across the Asia Pacific leveraging malware to obtain confidential information. The malware targeted both the data on victim machines as well as audio captured by infected machines’ microphones.

January 2023. Hackers sent over a thousand emails containing malicious links to Moldovan government accounts.

== Full List ==

Spring Sale 2020

Leave a Reply

Your email address will not be published. Required fields are marked *