2023 - A Significant Year For Cyber Incidents

Uploaded on 2023-12-30 in NEWS-Cybersecurity News, Education & Research

2023 - A Significant Year For Cyber Incidents

Directors Report: This article is exclusive to premium subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

The year 2023 has been one of serious and damaging cyber threats and attacks. Criminals continue to be relentless in their attacks as they become faster and more electronically sophisticated. One of the main goals for cyber criminals is to acquire information, name, passwords and financial records that is then sold on the Dark Web.

According to the authoritative industry source, Cybersecurity Ventures, the global annual cost of cybercrime is predicted to hit $8 trillion by the end of 2023 and will grow to around $10.5 trillion by 2025.

The estimated cost is based on historical cybercrime figures which demonstrate a dramatic increase in hacking activities, both by hostile state sponsored and organised criminals. The attack surface available for these malicious actors is only going to grow.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data. It also includes embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

These are some Recent 2023 Major Cyber Attacks:

August 2023: Russian hacktivists group NoName057 launched DDoS attacks against Czech banks and the Czech stock exchange.

The hackers cut online banking access to the banks’ clients and demanded that the institutions stop supporting Ukraine. Bank representatives claim the hacks did not threaten their clients’ finances. "Russian hacking groups regularly attack the countries and organisations around the world that they suppose are somehow supporting Ukraine. This is a massive campaign to spread fear and disinformation.

“A few days ago, for example, the group organised attacks in Poland, where it managed to bring down the websites of the Warsaw Stock Exchange and several banks," Miloslav Lujka of Check Point said.

NoName057(16) communicates primarily through Telegram, where it has its main Russian-language channel with more than 20,000 members as well as an English-language channel, and in addition offers volunteers participation in DDosia Projects, in which they can join planned attacks.

August 2023: Unnamed hackers took X, formerly known as Twitter, offline in several countries and demanded that owner Elon Musk open Starlink in Sudan. Attackers flooded the server with traffic to disable access for over 20,000 individuals in the US, UK, and other countries.

It was a hacking group known as Anonymous Sudan that temporarily took down X, in more than a dozen countries and X experienced an outage lasting over two hours due to a Distributed Denial-of-Service (DDoS) attack, affecting thousands of users. A DDoS attack involves overwhelming a server with excessive requests, rendering it inaccessible.

X did not publicly acknowledged the disruption, and Elon Musk has not responded to requests to introduce his satellite Internet service in Sudan. Anonymous Sudan has been accused by many in the cyber-security world of being a Russian cyber-military unit in disguise and causing cyber-chaos for the Kremlin under the cover of a foreign hacktivist outfit.

The theory stems from its online support for Russian President Vladimir Putin and an apparent alignment of motives with other hacking gangs in the country. But the criminal group has repeatedly denied it is Russian, and for the first time shared evidence that it is located in Sudan.

August 2023: Cyber criminals are allegedly selling a stolen dataset from China’s Ministry of State Security.

The full data set purportedly includes personal identification information for roughly half a billion Chinese citizens and “classified document[s],” according to the criminals’ post about the sale.

August 2023: Russian hacktivists NoName057(16) launched several DDoS attacks that knocked the Polish government’s website offline, as well as the Warsaw Stock exchange and several Polish national banks.

The group also posted to its more than 50K Telegram followers that it had attacked the Polish government’s verification service using its signature DDoS or distributed denial-of-service attack.

August 2023: Chinese hackers targeted a US military procurement system for reconnaissance, along with several Taiwan-based organisations. Attackers targeted high-bandwidth routers to exfiltrate data and establish covert proxy networks within target systems.

Initially observed at the beginning of the year, HiatusRAT has been targeting high-bandwidth routers typically used by medium-sized businesses, allowing attackers to run commands, exfiltrate data, and establish a covert proxy network. Active since at least June 2022, the threat had been targeting organisations in Europe and Latin America, with at least 100 victims identified by March 2023.

August 2023: Suspected North Korean hackers attempted to compromise a joint US-South Korean military exercise on countering nuclear threats from North Korea. Hackers launched several spear phishing email attacks at the exercise’s war simulation centre.

The hackers were believed to be linked to a North Korean group that researchers call Kimsuky, and they carried out their hack via emails to South Korean contractors working at the South Korea-US combined exercise war simulation centre, the Gyeonggi Nambu Provincial Police Agency said in a statement.

August 2023: Bangladesh shut down access to their central bank and election commission websites amid warnings of a planned cyberattack by an Indian hacking group.

The shutdown was intended to prevent a cyber attack similar to a 2016 incident in Bangladesh where hackers stole nearly $1 billion, according to the central bank’s statement. And recently Bangladesh's central bank suspended several internal online services in a bid to prevent a possible cyberattack. Some web-based services of Bangladesh Bank (BB) were closed for a span of 36 hours as a cautionary measure to avoid incident similar to a 2016 cyber attack in which hackers stole nearly $1 billion, the central bank said in a circular.

Its Executive Director Md. Mezbaul Haque told Anadolu that the bank had strengthened its vigilance and surveillance to guard against any possible cyber attack. "We have only shut some internal online services systems and those won't disrupt any public services," he added. The move follows an alert by the country's electronic incident response team on Aug. 4 that a hacker group planned on attacking critical information infrastructure, banks, financial institutions, and government and private agencies.

Earlier in 2016, hackers stole nearly $1 billion from the account of the Federal Reserve Bank of New York that belonged to the Bangladeshi central bank. The hackers made away with less than one-tenth the amount in the biggest cyber heist in history.

Here are some of the other Cyber Incidents of 2023

August 2023: Belarusian hackers targeted foreign embassies in the country for nearly a decade, according to new reporting. Hackers disguised malware as Windows updates to get diplomats to download it onto their devices.

August 2023: Chinese hackers obtained personal and political emails of a US Congressman from Nebraska. The hackers exploited the same Microsoft vulnerability that gave them access to emails from the State Department and Department of Commerce.

August 2023: Iranian cyber spies are targeting dissidents in Germany, according to Germany’s domestic intelligence unit. The spies are using false digital personas tailored to victims to build a rapport with their targets before sending a malicious link to a credential harvesting page.

August 2023: Ukraine’s State Security Service (SBU) claims that Russia’s GRU is attempting to deploy custom malware against Starlink satellites to collect data on Ukrainian troop movements. SBU members discovered malware on Ukrainian tablets that were captured by the Russians before being recovered by Ukrainian forces.

August 2023: Russian hackers launched a ransomware attack against a Canadian government service provider, compromising the data of 1.4 million people in Alberta. The organisation paid the ransom and claimed that very little data was lost.

August 2023: A Canadian politician was targeted by a Chinese disinformation campaign on WeChat. The attack included false accusations about the politician’s race and political views. The Canadian government believes the attacks are retaliation against the politician's criticism of China's human rights policies.

August 2023: The Canadian government accused a “highly sophisticated Chinese state-sponsored actor” of hacking a prominent Canadian federal scientific research agency.

August 2023: Russia’s military intelligence service attempted to hack Ukrainian Armed Forces’ combat information systems. Hackers targeted Android tablets that Ukrainian forces use for planning and orchestrating combat missions.

August 2023: The United Kingdom’s Electoral Commission revealed that Russian hackers breached the commission’s network beginning in August 2021. They obtained information on tens of thousands of British citizens by accessing the commission’s email and file-sharing system.

August 2023: According to a new report, North Korean hackers breached computer systems at a Russian missile developer for five months in 2022. Analysts could not determine what information may have been taken or viewed.

July 2023: China claims that an earthquake monitoring system in Wuhan was hacked by “U.S. cybercriminals.” Chinese state media asserts that a backdoor program with the capacity to steal seismic data was inserted into the program.

July 2023: Kenya’s eCitizen service was disrupted by pro-Russian cybercriminals for several days. Kenya’s Ministry of Information, Communications, and the Digital Economy claimed that no data was accessed or lost.

July 2023: Russian-linked cyber hackers have targeted Ukrainian state services such as the app “Diia” using malware and phishing attacks. The primary targets are Ukrainian defence and security services.

July 2023: The Ministry of Justice in Trinidad and Tobago was hit with a DDoS attack that disrupted court operations across the country. The ministry reported outages beginning in late June, which are believed to be linked to this same attack.

July 2023: New Zealand’s parliament was hit by a cyberattack from a Russian hacking group. The group said their attack was retaliation against New Zealand’s support for Ukraine, such as its assistance with training Ukrainian troops and sanctions against Russia.

Hackers temporarily shut down the New Zealand Parliament, Parliamentary Counsel Office (PCO) and Legislation websites in a DDoS attack.

July 2023: Russian hackers targeted twelve government ministries in Norway to gain access to sensitive information. The hackers exploited a vulnerability in a software platform used by the ministries.

July 2023: A South Korean government-affiliated institution fell victim to a phishing scandal that resulted in a loss of 175 million wons, reportedly the first phishing incident against a South Korean government public organisation.

July 2023: Chinese-linked hackers infected a Pakistani government app with malware. A state bank and telecoms provider were also targeted in the attack.

July 2023: Chinese hackers breached the emails of several prominent U.S. government employees in the State Department and Department of Commerce through a vulnerability in Microsoft’s email systems.

July 2023: Russian hackers targeted numerous attendees of the latest NATO Summit in Vilnius. The assailants used a malicious replica of the Ukraine World Congress website to target attendees.

July 2023: A Polish diplomat’s advertisement to purchase a used BMW was corrupted by Russian hackers and used to target Ukrainian diplomats. The hackers copied the flyer, imbedded it with malicious software and distributed it to foreign diplomats in Kyiv.

June 2023: A group allegedly tied to the private military corporation Wagner hacked a Russian satellite telecommunications provider that services the Federal Security Service (FSB) and Russian military units. This attack came after Wagner’s attempted rebellion against President Vladimir Putin over the war in Ukraine.

June 2023: A Pakistani-based hacker group infiltrated the Indian army and education sector in the group’s latest wave of attacks against Indian government institutions.The hack is the latest in a series of targeted attacks from this group that have intensified over the past year.

June 2023: Pro-Russian hacktivists attacked several European banking institutions, including the European Investment Bank, in retaliation against Europe’s continued support of Ukraine. The hacktivists used a DDoS attack to disrupt EIB.

June 2023: Several US federal government agencies, including Department of Energy entities, were breached in a global cyberattack by Russian-linked hackers. Cyber criminals targeted a vulnerability in software that is widely used by the agencies, according to a US cyber security agent.

June 2023: An Illinois hospital became the first health care facility to publicly list a ransomware attack as a primary reason for closing. The attack, which occurred in 2021,permanently crippled the facility’s finances.

June 2023: Pro-Russian hackers targeted several Swiss government websites, including those for Parliament, the federal administration, and Geneva International airport. The DDoS attacks coincide in conjunction with preparations for Ukrainian President Volodimir Zelensky’s virtual address before the Swiss parliament.

June 2023: According to new reporting,North Korean hackers have been impersonating tech workers or employers to steal more than $3 billion since 2018. The money has reportedly been used to fund the country’s ballistic missiles program, according to US officials.

June 2023: Ukrainian hackers claimed responsibility for an attack on a Russian telecom firm that provides critical infrastructure to the Russian banking system. The attack occurred in conjunction with Ukraine’s counter offensive.

June 2023: Russia’s Federal Security Services (FSB) alleged that Apple worked closely with US intelligence agencies to hack thousands of iPhones belonging to Russian users and foreign diplomats. Apple denied the claims, and the NSA declined to comment.

May 2023: Belgium’s cyber security agency has linked China-sponsored hackers to a spear-fishing attack on a prominent politician. The attack comes as European governments are increasingly willing to challenge China over cyber offences.

May 2023: Chinese hackers breached communications networks at a US outpost in Guam. The hackers used legitimate credentials, making it harder to detect them.

May 2023: Chinese hackers targeted Kenyan government ministries and state institutions, including the presidential office. The hacks appeared to be aimed at gaining information on debt owed to Beijing.

May 2023: A likely Russia state group has targeted government organisations in Central Asia. The group is using previously unknown malware, and the attacks focused on document exfiltration.

May 2023: An unidentified group hacked targets in both Russia and Ukraine. The motive for the attacks was surveillance and data gathering,

May 2023: Russian-linked hackivist conducted an unsuccessful cyberattack against Ukraine’s system for managing border crossings by commercial trucks through a phishing campaign.

April 2023: Sudan-linked hackers conducted a DDoS attack on Israel’s Independence Day, taking the Israeli Supreme Court’s website offline for several hours. Israeli cyber authorities reported no lasting damage to network infrastructure.

Hackers claimed to have also attacked several other Israeli government and media sites, but those attacks could not be confirmed. The group has been active since at least January 2023, attacking critical infrastructure in Northern Europe and is considered religiously motivated.

April 2023: NSA cyber authorities reported evidence of Russian ransomware and supply chain attacks against Ukraine and other European countries who have provided Ukraine with humanitarian aid during the war in Ukraine. There were no indications of these attacks against US networks.

April 2023: Iranian state-linked hackers targeted critical infrastructure in the US and other countries in a series of attacks using a previously unseen customised dropper malware. The hacking group has been active since at least 2014, conducting social engineering and espionage operations that support the Iranian government’s interests.

April 2023: Recorded Future released a report revealing data exfiltration attacks against South Korean research and academic institutions in January 2023. The report identified Chinese-language hackers. Researchers believe that this is a hacktivist group motivated by patriotism for China.

April 2023: Researchers at Mandiant attributed a software supply chain attack on 3CX Desktop App software to North Korea-linked hackers. During its investigation, Mandiant found that this attack used a vulnerability previously injected into 3CX software.

This was Mandiant’s first discovery of a software supply chain attack leveraging vulnerabilities from a previous software supply chain attack.

April 2023: Chinese hackers targeted telecommunication services providers in Africa in an espionage campaign since at least November 2022. Researchers believe the group has targeted pro-domestic human rights and pro-democracy advocates, including nation-states, since at least 2014.

Using the access from the telecom providers, the group gathers information including keystrokes, browser data, records audio, and captures data from individual targets on the network.

April 2023: A Russia-linked threat group launched a DDoS attack against Canadian prime Minister Justin Trudeau, blocking access to his website for several hours. The operation’s timing coincided with the Canadian government’s meeting with Ukrainian Prime Minister Denys Shmyhal, suggesting that the operation was retaliation.

April 2023: North Korea-linked hackers are operating an ongoing espionage campaign targeting defence industry firms in Eastern Europe and Africa. Researchers at Kaspersky believe the hacking group shifted its focus in 2020 from financially motivated coin-mining attacks to espionage.

April 2023: Researchers discovered Israeli spyware on the iPhones of over 5 journalists, political opposition figures, and an NGO worker. Hackers initially compromised targets using malicious calendar invitations. The hackers’ origin and motivations are unclear.

April 2023: Ukraine-linked hacktivists targeted the email of Russian GRU Unit26165’s leader, Lieutenant Colonel Sergey Alexandrovich, leaking his correspondence to a volunteer intelligence analysis group. The exfiltrated data contained Alexandrovich’s personal information, unit personnel files, and information on Russian cyber attack tools.

April 2023: North Korean-linked hackers targeted people with expertise on North Korea policy issues in a phishing campaign. Hackers posed as journalists requesting interviews from targets, inviting them to use embedded links for scheduling and stealing their login credentials. The amount of information stolen and number of targets are unclear.

March 2023: Russian hackers brought down the French National Assembly’s website for several hours using a DDoS attack. In a Telegram post, hackers cited the French government’s support for Ukraine as the reason for the attack.

March 2023: CISA and FBI reported that a US federal agency was targeted by multiple attackers, including a Vietnamese espionage group, in a cyber espionage campaign between November 2022 and January 2023. Hackers used a vulnerability in the agency’s Microsoft Internet Information Services (IIS) server to install malware.

March 2023: A Chinese cyber espionage group targeted an East Asian data protection company who serves military and government entities that lasted approximately a year.

March 2023: A South Asian hacking group targeted firms in China’s nuclear energy industry in an espionage campaign. Researchers believe the group commonly targets the energy and government sectors of Pakistan, China, Bangladesh, and Saudi Arabia.

March 2023: Estonian officials claim that hackers unsuccessfully targeted the country’s Internet voting system during its recent parliamentary elections. Officials did not release details about the attacks or provide attribution.

March 2023: North Korean hackers targeted US-based cyber security research firms in a phishing campaign. The campaign was meant to deliver malware for cyber espionage.

March 2023: A Chinese cyber espionage group targeted government entities in Vietnam, Thailand, and Indonesia, using newly developed malware optimised to evade detection.

March 2023: Russian hackers launched social engineering campaigns targeting US and European politicians, businesspeople, and celebrities who have publicly denounced Vladimir Putin’s invasion of Ukraine. Hackers persuaded victims to participate in phone or video calls, giving misleading prompts to obtain pro-Putin or pro-Russian soundbites. They published these to discredit victims’ previous anti-Putin statements.

March 2023: Slovakian cyber security researchers discovered a new exploit from a Chinese espionage group targeting political organisations in Taiwan and Ukraine.

March 2023: Poland blamed Russia hackers for a DDoS attack on its official tax service website. Hackers blocked users’ access to the site for approximately an hour, but no data was leaked in the attack. A pro-Russian hacking group had earlier published a statement on Telegram about its intention to attack the Polish tax service.

February 2023: Russian hackers deployed malware to steal information from Ukrainian organisations in a phishing campaign. The malware is capable of extracting account information and files, as well as taking screenshots. Researchers believe the group is a key player in Russia’s cyber campaigns against Ukraine.

February 2023: A pro-Russian hacking group claimed responsibility for DDoS attacks against NATO networks used to transmit sensitive data. The attack disrupted communications between NATO and airplanes providing earthquake aid to a Turkish airbase. The attack also took NATO’s sites offline temporarily.

February 2023: Polish officials reported a disinformation campaign targeting the Polish public. Targets received anti-Ukrainian refugee disinformation via email. Officials claimed these activities may be related to Russia-linked hackers.

February 2023: A North Korean hacking group conducted an espionage campaign between August and November 2022. Hackers targeted medical research, healthcare, defence, energy, chemical engineering and a research university, exfiltrating over 100MB of data from each victim while remaining undetected. The group is linked to the North Korean government.

February 2023: Latvian officials claimed that Russian hackers launched a phishing campaign against its Ministry of Defense. The Latvian Ministry of Defence stated this operation was unsuccessful.

February 2023: Iranian hacktivists disrupted the state-run television broadcast of a speech by Iranian president Ebrahim Raisi during Revolution Day ceremonies. Hackers aired the slogan “Death to Khamenei” and encouraged citizens to join anti-government protests.

February 2023: An Iranian hacking group launched an espionage campaign against organisations in the Middle East. Hackers used a backdoor malware to compromise target email accounts. Researchers claim the hacking group is linked to Iranian intelligence services.

February 2023: Iranian hacktivists claimed responsibility for taking down websites for the Bahrain international airport and state news agency.

February 2023: Hackers launched a ransomware attack against Technion University, Israel’s top technology education program. Hackers demanded 80 bitcoin ($1.7 million USD) to decrypt the university’s files. Israeli cyber security officials blamed Iranian state-sponsored hackers for the attack.

February 2023: Hackers disabled Italy’s Revenue Agency (Agenzia delle Entrane) website. While the website was disabled, users received phishing emails directing them to a false login page that mirrored the official agency site.

February 2023: Chinese cyber espionage hackers performed a spear-phishing campaign against government and public sector organisations in Asia and Europe. The emails used a draft EU Commission letter as its initial attack vector. These campaigns have occurred since at least 2019.

January 2023: Latvian officials claimed that Russia-linked hackers launched a cyber espionage phishing campaign against its Ministry of Defense. The Latvian Ministry of Defence stated this operation was unsuccessful.

January 2023: CISA, the NSA, and the Multi-State Information Sharing and Analysis Center released a joint advisory warning of an increase in hacks on the federal civilian executive branch using remote access software. This follows an October 2022 report on a financially motivated phishing campaign against multiple US federal civilian executive branch agencies.

January 2023: Russia-linked hackers deployed a ransomware attack against the UK postal service, the Royal Mail. The attack disrupted the systems used to track international mail.

January 2023: Iran-linked hackers executed ransomware attacks and exfiltrated data from US public infrastructure and private Australian organisations. Australian authorities claim that the data exfiltrated was for use in extortion campaigns.

January 2023: Hackers used ransomware to encrypt 12 servers at Costa Rica’s Ministry of Public Works, knocking all its servers offline.

January 2023: Albanian officials reported that its government servers were still near-daily targets of cyber-attacks following a major attack by Iran-linked hackers in 2022.

January 2023: Hackers launched a series of cyber-attacks against Malaysian national defence networks. Malaysian officials stated that the hacking activities were detected early enough to prevent any network compromise.

January 2023: Hackers targeted government, military, and civilian networks across the Asia Pacific leveraging malware to obtain confidential information. The malware targeted both the data on victim machines as well as audio captured by infected machines’ microphones.

January 2023: Hackers sent over a thousand emails containing malicious links to Moldovan government accounts.

Conclusions

In cyber security, attackers have a structural advantage: they need to find only one exploitable weakness across an organisation. This means attackers have less ground to cover than a defender and the attacker can often adapt faster than organisations can defend or recover.

The threat landscape has become increasingly volatile. Professionalised cyber criminal groups have continued to grow and create a higher volume of new attack types.

Currently 82% of breaches involved data stored in the cloud and organisations must look for solutions that provide visibility across hybrid environments and protect data as it moves across clouds, databases, apps and services. Build security into every stage of software and hardware development.

The FBI has pointed out that a range of ransomware tools are being used in different combinations - with potentially devastating consequences for targeted companies. "This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments. Second ransomware attacks against an already compromised system could significantly harm victim entities."

In most cases, the second attack has come within 48 hours of the first, but the period between attacks has been as long as 10 days.

To mitigate the risks from dual ransomware attacks, the FBI recommends companies review their security posture, maintain offline back-ups of critical data and ensure those back-ups are encrypted.

Organisations can respond to a disruptive cyber event by implementing plans made after an incident and focusing on recovery of business operations after a failure or incident. These requires detailed preparation, which should be done alongside taking an anticipatory preventative approach, one that assumes incidents will occur, includes cybersecurity awareness training for people at all levels and embeds resilience capabilities to withstand disruption.

Image: Dilok Klaisataporn

References:

Crowdstrike: Expats CZ:

CSIS: TechTarget: Tech Webies:

Esentire: Cyber Security Ventures:

Hindustan Times: BBC

Cyber News: Security Week:

Reuters: AA: World Economic Forum:

IBM: World Economic Forum: PWC

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.