The biggest cybersecurity and cyberattack stories of 2023
2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.
GTA 5 source code reportedly leaked online a year after RockStar hack
The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data.
Russian Water Utility Cyberattack Impacts 6000 Systems
At least 6000 computer systems have been impacted by the Ukrainian Blackjack-led Russian water utility cyberattack.
Terrapin attacks can downgrade security of OpenSSH connections
Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used.
Authorities claim seizure of notorious ALPHV ransomware gang's dark web leak site | TechCrunch
The FBI says it has released a decryption tool allowing hundreds of ALPHV/BlackCat victims to restore their scrambled files.
Vans, Supreme owner VF Corp. says personal data stolen and orders impacted in suspected ransomware attack | TechCrunch
The U.S.-based owner of apparel brands including Vans, Supreme and The North Face says it cannot fulfill customer orders after a cyberattack.
MongoDB says customer data was exposed in a cyberattack
MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week.
Paternity and fertility tests among data stolen in Asper Biogene cyberattack | News | ERR
Among the health data illegally downloaded from genetic testing company Asper Biogene's database were details related to paternity and fertility tests. Some of the data is easily understandable and can be directly connected to specific individuals, Pille Lehis, director general of the Data Protection Inspectorate, said on ETV morning show "Terevisioon.".
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2F7WB4KO3VURIJFCMNGZMZOWFTHU.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Ukraine's top mobile operator hit by biggest cyberattack of war so far | Reuters
Ukraine's biggest mobile network operator was hit on Tuesday by what appeared to be the largest cyberattack of the war with Russia so far, knocking out mobile and internet services for millions and the air raid alert system in parts of Kyiv region.
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FINHIMMZQFBJP5HCXGXXGTFC7EE.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Japan space agency hit with cyberattack, rocket and satellite info not accessed | Reuters
Japan's space agency was hit with a cyberattack but the information the hackers accessed did not include anything important for rocket and satellite operations, a spokesperson said on Wednesday.
STA: Power utility HSE suffers serious cyberattack
HSE, Slovenia's largest power utility, has been targetted by a cyberattack that started on Wednesday night and escalated on Friday night. In-house and external experts are working to resolve the situation. The supply of electricity is not jeopardised.
Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack
Huntress has uncovered a series of unauthorized access, revealing a threat actor using ScreenConnect to infiltrate multiple healthcare organizations.
SEC accuses SolarWinds CISO of misleading investors before Russian cyberattack | TechCrunch
The U.S. Securities and Exchange Commission has charged SolarWinds and its top cybersecurity executive Timothy Brown with fraud and internal control
Decade of newborn child registry data stolen in MOVEit mass-hack
The breach affecting more than 3.4 million people — including newborns and children — is one of the biggest MOVEit-related hacks of the year.
International Criminal Court hit with a cyber attack
A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack this week, its systems were compromised last week.
MOVEit, the biggest hack of the year, by the numbers
The mass-exploitation of MOVEit file transfer servers — the largest hack of the year so far — now affects at least 60 million people.
Resecurity | Cl0p Ups the Ante with Massive MOVEit Transfer Supply-Chain Exploit
The supply-chain cyberattack that targeted Progress Software’s MOVEit Transfer application has compromised over 963 private and public-sector organizations worldwide. The ransomware group, Cl0p, launched this attack campaign over Memorial Day weekend. Some higher-profile victims of the hack include Maximus, Deloitte, TIAA, Ernst & Young, Shell, Deutsche Bank, PricewaterhouseCoopers, Sony, Siemens, BBC, British Airways, the U.S. Department of Energy, the U.S. Department of Agriculture, the Louisiana Office of Motor Vehicles, the Colorado Department of Health Care Policy and Financing, and other U.S. government agencies. Thus far, the personal data of over 58 million people is believed to have been exposed in this exploit campaign.
SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation
The Securities and Exchange Commission has notified the chief financial officer and CISO of SolarWinds about potential enforcement actions related to the 2020 cyberattack against the company’s Orion software platform, the company disclosed in a regulatory filing with the agency.
How an Indiana hospital fought to recover from a cyberattack
It was October 2021 and the staff at Johnson Memorial Health were hoping they could finally catch their breaths. They were just coming out of a weeks-long surge of COVID hospitalizations and deaths, fueled by the Delta variant.
Tennessee, Georgia colleges respond to cyberattacks as school year wraps up
Hackers infiltrated networks of at least two colleges over the last week, disrupting the schools during the season of final exams and commencement ceremonies. Tennessee’s Chattanooga State Community College has been responding to a cyberattack since Saturday, forcing the school to cancel classes on Monday and modify schedules for staff members. The school serves more than 11,000 students.
UZH -University of Zurich - Cyberattack on the University of Zurich
The University of Zurich is currently the target of a serious cyberattack. The perpetrators appear to be acting in a very professional manner and are part of a current accumulation of attacks on educational and health institutions. Several attacks have been carried out on universities in German-speaking countries in recent weeks, resulting in suspension of their IT services for extended periods of time. The attacks are usually carried out by compromising several individual accounts and systems.
Vice Society ransomware leaks University of Duisburg-Essen’s data
The Vice Society ransomware gang has claimed responsibility for the November 2022 cyberattack that forced the University of Duisburg-Essen (UDE) to reconstruct its IT infrastructure, a process that's still ongoing.
UZH -University of Zurich - Cyberattack on the University of Zurich
The University of Zurich is currently the target of a serious cyberattack. The perpetrators appear to be acting in a very professional manner and are part of a current accumulation of attacks on educational and health institutions. Several attacks have been carried out on universities in German-speaking countries in recent weeks, resulting in suspension of their IT services for extended periods of time. The attacks are usually carried out by compromising several individual accounts and systems.
Vice Society ransomware leaks University of Duisburg-Essen’s data
The Vice Society ransomware gang has claimed responsibility for the November 2022 cyberattack that forced the University of Duisburg-Essen (UDE) to reconstruct its IT infrastructure, a process that's still ongoing.