.svg)
.svg)
Welcome to Picus Security's monthly cyber threat intelligence roundup!
Each month, we aim to provide a comprehensive yet digestible analysis of the evolving threat landscape, including insights into the most targeted and at-risk sectors, industries, and regions by cybercriminals in the wild.
Our research is conducted throughout the entire month, utilizing a diverse range of resources that span across threat intelligence and malware dump platforms, blogs, exploit databases, sandboxes, and network data query results. We draw upon this wealth of information to provide you with a holistic understanding of the cyber threat environment, with a particular focus on dissecting malware campaigns, attack campaigns conducted by threat actors and advanced persistent threat (APT) groups, and new malware samples observed in the wild.
By following our monthly threat report, you'll be able to ascertain which threat actors or malware could potentially impact your sector, gauge if your country is being specifically targeted, and understand if there is a surge in threat activity correlated with geopolitical events or state-backed actions.
Top Four Most Targeted Regions in August
August 2023 has marked a significant surge in cyberattacks across the globe, underscoring the critical need for robust cybersecurity measures.
-
Northern America (U.S.) faced a surge in cyberattacks, with various actors targeting different sectors. Lazarus APT ([1], [2]), a well-known group, was active alongside the Chinese propaganda campaign, Spamouflage [3], and the UNC4841 [4] group. The latter targeted the Barracuda Email Security Gateway using SeaSpy and Saltwater malware [5] to extract sensitive information from high-ranking government officials. Additionally, the Earth Estries APT [6] group, possibly linked to China, conducted a cyber espionage campaign targeting government and technology organizations worldwide using HemiGate, Zingdoor, and TrillClient malware [6].
-
In Europe, the landscape was equally diverse. NoEscape Ransomware Group ([7], [8]), Rhysida Ransomware Group ([9], [10]), and LockBit Ransomware Gang [11] were particularly active, disrupting various sectors. Hacktivist groups such as NoName057(16) [12] and KittenSec [13] were also operational, leading to multiple politically motivated attacks. The RomCom threat group and Earth Estries [6] were also active in the region, with the latter using HemiGate, Zingdoor, and TrillClient malware [6].
-
East Asia witnessed activity from the BlackCat Ransomware Group ([14], [15]) and the Flax Typhoon APT [16], also known as Ethereal Panda. The latter relied on various legit tools built into the operating system and some benign software for persistence on targeted networks. Vulzsec [17], a hacktivist group, declared cyberattacks on Japanese organizations in response to the government's decision to release melted fuel debris from a nuclear power plant into the Pacific Ocean.
-
Southeast Asia was targeted by the Bronze Starlight APT [18], Earth Estries APT [6], and Flax Typhoon APT [16], the latter using a variety of tools, including China Chopper webshell, Bad Potato, Juicy Potato, Metasploit, and Mimikatz [16]. Another notable threat in the region was the MMRat Android Banking Trojan [19], which posed a significant threat to banking users by disguising itself as a dating or official government app.
|
Most Targeted Region |
Threat Actor |
Malware and Tools |
|
|
1 |
Northern America (U.S) |
Lazarus APT ([1], [2]), Chinese propaganda campaign, dubbed 'Spamouflage' [3], GOLD LAGOON Threat Group [20], Chinese-nexus threat group UNC4841 [4], Earth Estries Threat Group [6], Chinese APT Group GREF [21], UNC Behind PurFoods Ransomware Attack [22], Chinese-nexus threat group UNC4841 [4], Play Ransomware Group [23], Rhysida Ransomware Group [10], Kimsuky APT and WolfLocker Campaign on US Space Companies [24], Akira Ransomware Group [25] |
QuiteRAT ([1], [2]), CollectionRAT (Connected to Jupiter/EarlyRAT [26]) ([1], [2]), MagicRAT ([1], [2]), BadBazaar Android Spyware [27], Qakbot Botnet [20], HemiGate, Zingdoor, TrillClient malware [6], SUBMARINE, SKIPJACK, DEPTHCHARGE, FOXTROT, FOXGLOVE malware [28], SeaSpy, Saltwater, SeaSide malware [5], Play Ransomware ([23], [10]), HiatusRAT, Korplug malware [29], Akira Ransomware [25], Luna Token Grabber [30]
|
|
2 |
Europe |
Lazarus APT [2], NoEscape Ransomware ([7], [8]), Rhysida Ransomware ([9], [10]), LockBit Ransomware Gang [11], Attack on UK’s Electoral Commission, Zimbra Credential Attack Campaign [31], NoName057(16) Hacktivist Group [12], KittenSec Hacktivist Group [13], KillNet Hacker’s Group [32], The RomCom Threat Group [33], Chinese propaganda campaign, dubbed 'Spamouflage' [3], Earth Estries Threat Group [6], Chinese APT Group GREF [21], LockBit Locker Ransomware [34] |
QuiteRAT [1], CollectionRAT (Connected to Jupiter/EarlyRAT [26]) [1], MagicRAT [1], Yashma Ransomware [35], BadBazaar Android Spyware [27], Telekopye Malware [36], HemiGate, Zingdoor, TrillClient malware [6], LockBit Locker [34], NoEscape Ransomware ([7], [8]), Rhysida Ransomware ([9], [10]), LockBit Ransomware Gang [11] |
|
3 |
East Asia |
BlackCat Ransomware ([14], [15]), Chinese propaganda campaign, dubbed 'Spamouflage' [3], Flax Typhoon APT (a.k.a Ethereal Panda) [16], Vulzsec Hacktivist Group [17], Lazarus and Kimsuky APT [37] |
Black Cat Ransomware [14], QuiteRAT ([1], [2]), CollectionRAT (Connected to Jupiter/EarlyRAT [26]) ([1], [2]), MagicRAT ([1], [2]) |
|
4 |
Southeast Asia |
Bronze Starlight APT [18], Earth Estries Threat Group [6], Flax Typhoon APT (a.k.a Ethereal Panda) [16] |
BadBazaar Android Spyware [27], HemiGate, Zingdoor, TrillClient malware [6], MMRat Android Banking Trojan [19], China Chopper web shell, Bad Potato and Juicy Potato privilege escalation tools, Metasploit, Mimikatz [16], SoftEther VPN executables, GodZilla web shell [38], HiatusRAT, Korplug malware [29] |
Table 1. Most Targeted Regions in August 2023.
Top 5 Most Targeted Sectors in August
In August 2023, the Government, Technology, Healthcare, Education and Financial Services sectors emerged as the top five most targeted domains for cyber-attacks.
More comprehensive and detailed information is provided for each sector at the end of the blog.
|
Targeted Sector |
Threat Actors |
Malware |
|
|
1 |
Governments and Administrations |
Lazarus APT ([1], [2]), Scarab Ransomware, Cl0p Ransomware ([39], [40], [41]), MoustachedBouncer [42], KittenSec [13], Earth Estries Threat Group [43], Vulzsec Hacktivist Group [17], Flax Typhoon (a.k.a SLIME 13) ([44], [45]), Kimsuky APT and Lazarus APT Campaign [37], Kimsuky APT and WolfLocker Campaign [24], Chinese propaganda campaign, dubbed 'Spamouflage' [3], Chinese-nexus threat group UNC4841 ([46], [28], [5]), Rhysida Ransomware Group [10], Vulzsec Hacktivist Group [17], Cl0p Ransomware Group [47], CosmicBeetle [48], Black Basta Ransomware [49] |
HiatusRAT, Monti Ransomware, DroxiDat/SystemBC, QuiteRAT [1], CollectionRAT (Connected to Jupiter/EarlyRAT [26]) [1], MagicRAT [1], China Chopper web shell, Bad Potato and Juicy Potato privilege escalation tools, Metasploit, Mimikatz [16] Cobalt Strike, Zingdoor, TrillClient, HemiGate [43], SeaSpy, Saltwater, SeaSide malware [46], SUBMARINE, SKIPJACK, DEPTHCHARGE, FOXTROT, FOXGLOVE [28], Spacecolon, ScHackTool, ScService, Scarab, Clipper, ScRansom [48], HiatusRAT, Korplug malware [29], BlackCat Ransomware [49] |
|
Technology |
Lazarus APT [1], Kimsuky [37], Flax Typhoon (a.k.a SLIME 13) [44], Earth Estries Threat Group [43], Chinese-nexus threat group UNC4841 [50], FIN8 APT [51], LockBit Locker Ransomware Group [34], Play Ransomware Group [23], Lapsus$ Group [52] |
HiatusRAT, Monti Ransomware, DroxiDat/SystemBC, QuiteRAT [1], CollectionRAT (Connected to Jupiter/EarlyRAT [26]) [1], MagicRAT [1], HemiGate, Zingdoor, TrillClient malware [6], China Chopper web shell, Bad Potato and Juicy Potato privilege escalation tools, Metasploit, Mimikatz [16], Cobalt Strike, Zingdoor, TrillClient, HemiGate [43], DepthCharge and Submarine Backdoor [50], FIN8 Ransomware [51], LockBit Locker Ransomware [34], Play Ransomware [23], Rhysida Ransomware [10] |
|
|
3 |
Healthcare |
Rhysida Ransomware Gang ([9], [10]), Chinese-nexus threat group UNC4841 [4], The RomCom Threat Group [33], UNC Behind PurFoods Ransomware Attack [22], Rhysida Ransomware Group [10], CosmicBeetle [48] |
Spacecolon, ScHackTool, ScService, Scarab, Clipper, ScRansom [48], Rhysida Ransomware [10], Spacecolon, ScHackTool, ScService, Scarab, Clipper, ScRansom [48] |
|
Education |
Flax Typhoon (a.k.a SLIME 13) [44], UNC Behind University of Michigan Attack [53], Rhysida Ransomware Group [10], Akira Ransomware Group [25], Royal Ransomware Gang [54], UNC Behind Attack on University of Minnesota [55], LockBit Ransomware Gang [11] |
China Chopper web shell, Bad Potato and Juicy Potato privilege escalation tools, Metasploit, Mimikatz [16], Rhysida Ransomware [10], Akira Ransomware [25] |
|
|
Finance |
UNC Behind PurFoods Ransomware Attack [22], Cl0p Ransomware Group ([56], [47]), UNC Behind Data Breach Attack on TMX Finance Corporate Services [57], Lapsus$ Group [52] |
Cl0p Ransomware ([56], [47]) |
Table 1. Most Targeted Sectors in August 2023.
1. Governmental Institutions: The Hacked-emic Continues in August
In August 2023, governments and administrations worldwide faced a surge in cyberattacks from a variety of threat actors, each employing a range of sophisticated malware and tactics. The Japanese government, for instance, was targeted by the Vulzsec Hactivist Group [17] in response to an environmentally controversial decision, while the Rhysida Ransomware Group [10] attacked multiple governmental and educational organizations across France, the US, and the UK, resulting in significant data breaches.
Similarly, the Cl0p Ransomware Group [47] exploited the MOVEit vulnerability, affecting several organizations including the Missouri Department of Social Services and Colorado’s Department of Health Care Policy and Financing.
In the UK, the Electoral Commission revealed a year-long breach that potentially exposed the personal data of millions of citizens, while in Belarus, foreign embassies were targeted by the MoustachedBouncer [42] threat group using adversary-in-the-middle attacks.
Meanwhile, the North Korean Kimsuky APT [37] group targeted a US-South Korea military exercise, and the Kenyan government fell victim to a massive DDOS attack by Anonymous Sudan.
Earth Estries [43], another APT group, targeted government and technology industries worldwide using a variety of backdoors and hacking tools. Additionally, the Chinese propaganda campaign 'Spamouflage' [3] and the Chinese state-sponsored criminal group UNC4841 ([46], [28], [5]), targeted multiple countries and high-ranking officials in North America, respectively. The UNC4841 used SeaSpy and Saltwater malware ([46], [28], [5]) to extract sensitive information.
Furthermore, the HiatusRAT [29] campaign shifted its focus to organizations in Taiwan and a US military server, while the DPRK's Kimsuky and WoofLocker [24] targeted joint military exercises and domain administrators using new tactics and malware. These attacks underscore the urgent need for enhanced security measures across the governmental sector worldwide.
2. Tech Sector in August: A Byte of the Hacking Apple!
In August 2023, the Technology sector was heavily targeted by various cyber-attacks, underlining a critical need for reinforced cybersecurity. Prominent attacks included a cyber espionage campaign by Chinese-nexus threat group UNC4841 [50], targeting US and foreign government agencies and high-tech companies using DepthCharge and Submarine backdoors.
Additionally, the Lapsus$ group [52] targeted major corporations in the technology, gaming, and finance sectors, causing significant financial and reputational damage. Citrix NetScaler devices were also compromised by the FIN8 APT [51] group exploiting the CVE-2023-3519 vulnerability, and Spanish architecture firms were targeted by the LockBit Locker Ransomware Group [34].
Furthermore, Rackspace's hosted Exchange environment was attacked by the Play Ransomware Group [23], affecting 30,000 customers and resulting in substantial response costs and legal challenges. These attacks involved various threat actors, including Lazarus APT [1], Kimsuky APT [37], and Earth Estries [43] threat group, using a range of malware such as HiatusRAT, Monti Ransomware, DroxiDat/SystemBC malware, and QuiteRAT [1].
This month's activities highlight the urgent need for organizations in the technology sector to bolster their defenses and remain vigilant against the evolving cyber threat landscape.
3. Healthcare in August: A Bitter Pill to Swallow in Cyber Attacks!
In August, the healthcare sector faced a series of cyberattacks that exposed the personal information of millions and disrupted services. The Rhysida Ransomware Group ([9], [10]) targeted several institutions, including Pôle emploi, Tucson Unified School District, Prince George's County Public Schools, Prospect Medical Holdings, and the London Metropolitan Police Force, leading to significant data breaches and ransom demands.
Additionally, the RomCom threat group targeted politicians in Ukraine and US-based healthcare organizations aiding Ukrainian refugees, aiming to acquire geopolitical information.
Meanwhile, PurFoods [22], a medical meal delivery service, suffered a ransomware attack by a Chinese-nexus threat group, UNC4841 [4], compromising the personal data of 1.2 million customers and employees, including payment cards, medical records, and Social Security Numbers. These incidents underscore the urgent need for robust data protection measures and heightened vigilance against potential attacks across the sector.
4. Classroom Chaos: Educational Institutions Under Siege in Cyber Attack
In August, the education sector was heavily targeted by various cyber threat actors, leading to widespread data breaches and service disruptions. The Taiwanese threat group Flax Typhoon APT [44], also known as SLIME13, targeted Taiwanese universities and electronic companies, indicating a motive of cyber espionage.
Similarly, the Akira Ransomware Group [10] targeted the Edmonds School District in the US, and the Royal Ransomware Gang [54] attacked the Tucson Unified School District, affecting 29,000 individuals. Additionally, the University of Minnesota and the Colorado Department of Higher Education disclosed data breaches that exposed sensitive personal information and education records.
In the UK, the LockBit Ransomware Gang [11] targeted West Oaks School, while the University of Michigan experienced a significant cyber attack, leading to a shutdown of all network systems and services.
Lastly, the Rhysida Ransomware Group [10], targeted multiple institutions, including Pôle emploi, Prince George's County Public Schools, and Prospect Medical Holdings, resulting in ransom demands and the sale of stolen data on the dark web. These incidents highlight a pressing need for enhanced cybersecurity measures and protection of sensitive data in educational institutions worldwide.
5. Finance Fallout: Cybersecurity Breaches Expose Millions to Risk of Fraud and Identity Theft
The finance sector has recently faced significant cyber threats, with the MOVEit data breaches and TMX Finance data breach as prime examples. Financial firms including Prudential, Charles Schwab, and TD Ameritrade were impacted by a mass attack conducted by the Cl0p Ransomware Group ([56], [47]), exposing personal information and opening up the potential for identity theft for a lifetime. Similarly, TMX Finance suffered a breach where personal and payment card details of nearly 5 million customers were stolen, increasing the risk of financial fraud. This widespread breach of sensitive information across financial and governmental sectors highlights a critical need for strengthened cybersecurity measures to mitigate the risk of financial fraud and safeguard personal information. Additionally, the attack on TMX Finance underscores the vulnerability of financial institutions and the urgent need for robust data protection measures to prevent potential losses for affected customers.
References
[1] A. Malhotra, “Lazarus Group’s infrastructure reuse leads to discovery of new malware,” Cisco Talos Blog, Aug. 24, 2023. Available: https://blog.talosintelligence.com/lazarus-collectionrat/. [Accessed: Aug. 28, 2023]
[2] A. Malhotra, “Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT,” Cisco Talos Blog, Aug. 24, 2023. Available: https://blog.talosintelligence.com/lazarus-quiterat/. [Accessed: Aug. 28, 2023]
[3] M. Bagwe and R. Ross, “Facebook Links Massive Disinformation Operation to China.” Available: https://www.govinfosecurity.com/facebook-links-massive-disinformation-operation-to-china-a-22972. [Accessed: Aug. 31, 2023]
[4] “Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868),” Mandiant, Oct. 03, 2021. Available: https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation. [Accessed: Aug. 31, 2023]
[5] S. Gatlan, “US govt email servers hacked in Barracuda zero-day attacks,” BleepingComputer, Aug. 29, 2023. Available: https://www.bleepingcomputer.com/news/security/us-govt-email-servers-hacked-in-barracuda-zero-day-attacks/. [Accessed: Aug. 31, 2023]
[6] E. Kovacs, “‘Earth Estries’ Cyberespionage Group Targets Government, Tech Sectors,” SecurityWeek, Aug. 30, 2023. Available: https://www.securityweek.com/earth-estries-cyberespionage-group-targets-government-tech-sectors/. [Accessed: Aug. 31, 2023]
[7] “Germany’s national bar association investigating ransomware attack.” Available: https://therecord.media/german-national-bar-association-investigating-cyberattack. [Accessed: Aug. 28, 2023]
[8] “Ransomware hackers paid in HCC case,” West Hawaii Today, Aug. 10, 2023. Available: https://www.westhawaiitoday.com/2023/08/10/hawaii-news/ransomware-hackers-paid-in-hcc-case/. [Accessed: Aug. 28, 2023]
[9] L. Abrams, “Rhysida claims ransomware attack on Prospect Medical, threatens to sell data,” BleepingComputer, Aug. 27, 2023. Available: https://www.bleepingcomputer.com/news/security/rhysida-claims-ransomware-attack-on-prospect-medical-threatens-to-sell-data/. [Accessed: Aug. 31, 2023]
[10] “Website.” Available: https://thecyberwire.com/newsletters/privacy-briefing/5/164
[11] A. Martin, “Russia-linked cybercriminals target school for children with learning difficulties.” Available: https://therecord.media/russian-cybercriminals-target-uk-school. [Accessed: Aug. 31, 2023]
[12] “Website.” Available: https://thecyberwire.com/stories/0a7390a687f949d0a3cdf2926449018b/ukraine-at-d551
[13] Chak13r, “KittenSec Hacktivist Group: Unveiling the enigma behind citizen data access,” Internetintelligence.eu, Aug. 22, 2023. Available: https://internetintelligence.eu/kittensec-hacktivist-group-unveiling-the-enigma-behind-citizen-data-access/. [Accessed: Aug. 31, 2023]
[14] G. Cluley, “BlackCat ransomware gang claims credit for Seiko data breach,” Graham Cluley, Aug. 23, 2023. Available: https://grahamcluley.com/blackcat-ransomware-gang-claims-credit-for-seiko-data-breach/. [Accessed: Aug. 31, 2023]
[15] J. Chakravarti and R. Ross, “BlackCat Ransomware Group Targets Japanese Watchmaker Seiko.” Available: https://www.govinfosecurity.com/blackcat-ransomware-group-targets-japanese-watchmaker-seiko-a-22902. [Accessed: Aug. 31, 2023]
[16] D. Ahmed, “Microsoft: Chinese APT Flax Typhoon uses legit tools for cyber espionage,” Hackread - Latest Cybersecurity News, Press Releases & Technology Today, Aug. 29, 2023. Available: https://www.hackread.com/microsoft-china-apt-flax-typhoon-cyber-espionage/. [Accessed: Aug. 31, 2023]
[17] V. Pandagle, “Hacktivists Declare ‘OpJapan’ Against Government Decision on Nuclear Plant Debris,” The Cyber Express, Aug. 28, 2023. Available: https://thecyberexpress.com/nuclear-waste-opjapan-by-vulzsec/. [Accessed: Aug. 31, 2023]
[18] “Website.” Available: https://thecyberwire.com/newsletters/research-briefing/5/34
[19] P. Nair and R. Ross, “New Android Banking Trojan Targets Southeast Asia Region.” Available: https://www.govinfosecurity.com/new-android-banking-trojan-targets-southeast-asia-region-a-22968. [Accessed: Aug. 31, 2023]
[20] “Website.” Available: https://thecyberwire.com/newsletters/daily-briefing/12/166
[21] B. Toulas, “Trojanized Signal and Telegram apps on Google Play delivered spyware,” BleepingComputer, Aug. 30, 2023. Available: https://www.bleepingcomputer.com/news/security/trojanized-signal-and-telegram-apps-on-google-play-delivered-spyware/. [Accessed: Aug. 31, 2023]
[22] I. Arghire, “Personal, Health Information of 1.2 Million Stolen in PurFoods Ransomware Attack,” SecurityWeek, Aug. 29, 2023. Available: https://www.securityweek.com/personal-health-information-of-1-2-million-stolen-in-purfoods-ransomware-attack/. [Accessed: Aug. 31, 2023]
[23] M. J. Schwartz, “Ransomware Attack Cleanup Costs: $11M So Far for Rackspace.” Available: https://www.govinfosecurity.com/blogs/ransomware-attack-cleanup-costs-11m-so-far-for-rackspace-p-3498. [Accessed: Aug. 31, 2023]
[24] “Website.” Available: https://thecyberwire.com/podcasts/daily-podcast/1889/notes
[25] “Edmonds School District Faces New Data Breach: Akira Ransomware Group Implicated,” The Cyber Express, Aug. 26, 2023. Available: https://thecyberexpress.com/edmonds-school-district-data-breach/. [Accessed: Aug. 31, 2023]
[26] GReAT, “Andariel’s silly mistakes and a new malware family,” Kaspersky, Jun. 28, 2023. Available: https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/. [Accessed: Aug. 28, 2023]
[27] 2023thn Aug 30, “China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users,” The Hacker News, Aug. 30, 2023. Available: https://thehackernews.com/2023/08/china-linked-badbazaar-android-spyware.html. [Accessed: Aug. 31, 2023]
[28] 2023thn Aug 29, “Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom,” The Hacker News, Aug. 29, 2023. Available: https://thehackernews.com/2023/08/chinese-hacking-group-exploits.html. [Accessed: Aug. 31, 2023]
[29] “Website.” Available: https://thecyberwire.com/newsletters/daily-briefing/12/160
[30] 2023thn Aug 23, “Over a Dozen Malicious npm Packages Target Roblox Game Developers,” The Hacker News, Aug. 23, 2023. Available: https://thehackernews.com/2023/08/over-dozen-malicious-npm-packages.html. [Accessed: Aug. 31, 2023]
[31] V. Šperka, “Mass-spreading campaign targeting Zimbra users.” Available: https://www.welivesecurity.com/en/eset-research/mass-spreading-campaign-targeting-zimbra-users/. [Accessed: Aug. 31, 2023]
[32] “KillNet Hackers Group Claims Over 200 Gas Station Cyber Attacks In Ukraine,” The Cyber Express, Aug. 25, 2023. Available: https://thecyberexpress.com/gas-station-cyber-attacks/. [Accessed: Aug. 31, 2023]
[33] “Website.” Available: https://thecyberwire.com/podcasts/research-saturday/295/notes
[34] “Website.” Available: https://thecyberwire.com/newsletters/daily-briefing/12/165
[35] C. Raghuprasad, “New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware,” Cisco Talos Blog, Aug. 07, 2023. Available: https://blog.talosintelligence.com/new-threat-actor-using-yashma-ransomware/. [Accessed: Aug. 28, 2023]
[36] “Website.” Available: https://thecyberwire.com/newsletters/daily-briefing/12/163
[37] “Website.” Available: https://thecyberwire.com/newsletters/week-that-was/7/33
[38] 2023thn Aug 25, “China-Linked Flax Typhoon Cyber Espionage Targets Taiwan’s Key Sectors,” The Hacker News, Aug. 25, 2023. Available: https://thehackernews.com/2023/08/china-linked-flax-typhoon-cyber.html. [Accessed: Aug. 31, 2023]
[39] S. Alder, “Missouri Department of Social Services Confirms Medicaid Recipients’ Data Compromised in MOVEit Hacks,” HIPAA Journal, Aug. 10, 2023. Available: https://www.hipaajournal.com/missouri-dss-medicaid-recipients-moveit-hack/. [Accessed: Aug. 31, 2023]
[40] E. Montalbano, “Health Data of 4M Stolen in Cl0p MOVEit Breach of Colorado Department,” Dark Reading, Aug. 14, 2023. Available: https://www.darkreading.com/attacks-breaches/clop-gang-steals-personal-health-data-of-4-million-in-colorado-breach. [Accessed: Aug. 31, 2023]
[41] C. Gasté, “Vol massif de données personnelles chez un prestataire de Pôle emploi, 10 millions de chômeurs pourraient être concernés,” Le Parisien, Le Parisien, Aug. 23, 2023. Available: https://www.leparisien.fr/economie/six-millions-de-personnes-pourraient-etre-concernees-par-un-vol-de-donnees-a-pole-emploi-23-08-2023-VWPYOMBSWZDPVDW7LWHJA2KIGU.php. [Accessed: Aug. 31, 2023]
[42] A. Goretsky, “MoustachedBouncer: Espionage against foreign diplomats in Belarus.” Available: https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/. [Accessed: Aug. 31, 2023]
[43] 2023thn Aug 31, “Earth Estries’ Espionage Campaign Targets Governments and Tech Titans Across Continents,” The Hacker News, Aug. 31, 2023. Available: https://thehackernews.com/2023/08/earth-estries-espionage-campaign.html. [Accessed: Aug. 31, 2023]
[44] L. Dobberstein, “Taiwanese infosec researchers challenge Microsoft’s China espionage finding,” The Register, Aug. 28, 2023. Available: https://www.theregister.com/2023/08/28/asia_tech_news_roundup/. [Accessed: Aug. 31, 2023]
[45] M. T. Intelligence, “Flax Typhoon using legitimate software to quietly access Taiwanese organizations,” Microsoft Security Blog, Aug. 24, 2023. Available: https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/. [Accessed: Aug. 31, 2023]
[46] N. Goud, “Barracuda Email Hack leaks government emails in America,” Cybersecurity Insiders, Aug. 30, 2023. Available: https://www.cybersecurity-insiders.com/barracuda-email-hack-leaks-government-emails-in-america/. [Accessed: Aug. 31, 2023]
[47] E. Kovacs, “Nearly 1,000 Organizations, 60 Million Individuals Impacted by MOVEit Hack,” SecurityWeek, Aug. 25, 2023. Available: https://www.securityweek.com/nearly-1000-organizations-60-million-individuals-impacted-by-moveit-hack/. [Accessed: Aug. 31, 2023]
[48] 2023thn Aug 23, “Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks,” The Hacker News, Aug. 23, 2023. Available: https://thehackernews.com/2023/08/spacecolon-toolset-fuels-global-surge.html. [Accessed: Aug. 31, 2023]
[49] “Website.” Available: https://thecyberwire.com/newsletters/privacy-briefing/5/159
[50] D. Perera and R. Ross, “Chinese Hackers Anticipated Barracuda ESG Patch.” Available: https://www.govinfosecurity.com/chinese-hackers-anticipated-barracuda-esg-patch-a-22964. [Accessed: Aug. 31, 2023]
[51] M. J. Schwartz and R. Ross, “Ransomware Attack Specialist Tied to Citrix NetScaler Hacks.” Available: https://www.govinfosecurity.com/ransomware-attack-specialist-tied-to-citrix-netscaler-hacks-a-22960. [Accessed: Aug. 31, 2023]
[52] J. L. Hardcastle, “Two teens were among those behind the Lapsus$ cyber-crime spree, jury finds,” The Register, Aug. 24, 2023. Available: https://www.theregister.com/2023/08/24/two_teens_lapsus_jury/. [Accessed: Aug. 31, 2023]
[53] V. Pandagle, “Disruption from Cyber Attack: University of Michigan Cuts Internet Access,” The Cyber Express, Aug. 30, 2023. Available: https://thecyberexpress.com/university-of-michigan-cyber-attack/. [Accessed: Aug. 31, 2023]
[54] “Tucson Unified School District Breach Leaked Data of 29,000 individuals,” The Cyber Express, Aug. 24, 2023. Available: https://thecyberexpress.com/tusd-data-breach/. [Accessed: Aug. 31, 2023]
[55] “Website.” Available: https://thecyberwire.com/newsletters/privacy-briefing/5/161
[56] M. J. Schwartz and R. Ross, “Victims Sue Financial Firms Over MOVEit Data Breaches.” Available: https://www.govinfosecurity.com/victims-sue-financial-firms-over-moveit-data-breaches-a-22933. [Accessed: Aug. 31, 2023]
[57] M. J. Schwartz and R. Ross, “Title Lender TMX Now Says Payment Card Data Stolen in Breach.” Available: https://www.govinfosecurity.com/title-lender-tmx-now-says-payment-card-data-stolen-in-breach-a-22921. [Accessed: Aug. 31, 2023]
