Month & Victim
The Incident, Threat Actor & Impact
Source Link
January, 2023
Royal Mail cyber attack linked to LockBit Ransomware – Royal Mail stopped its international shipping services due to the severe service disruption caused by the attack. It left many small to medium businesses in a limbo. The cyber criminals demanded a ransom which was in millions but Royal Mail refused to pay. It had to resort to manual processes which increased the wait times for its customers tremendously
January 2023
Yum! Brands, the owner of KFC, Taco Bell, and Pizza Hut fast food chains.
Ransomware gang apparently stole data from Yum!Brands – The business initially said there is no indication that customer information was exposed. Only corporate data was compromised, the organisation claimed in January. The attack forced Yum! Brands to temporarily close 300 locations in the United Kingdom. In April, Yum! Brands said some employee data had been leaked. It faced a class action litigation in relation to the compromise of PII, the company said in a filing with the SEC.
January & March 2023
T-Mobile hacked & data of 37 million accounts stolen through one of its APIs – T-Mobile was hacked twice in 2023. After the attack in January, in March the company disclosed a cyber attack in which attackers may have accessed T-Mobile account PINs, SSNs, full names, and other data.
February, 2023
Fruit giant Dole disclosed a ransomware attack impacting operations – Dole halted its shipments to grocery stores as the ransomware attack forced it to shut down operations of its production plants in North America. On May 17, 2023, Dole said the February ransomware attack cost $10.5 million in direct costs.
February, 2023
Clop ransomware claims it breached 130 organisations using GoAnywhere zero-day – The Clop ransomware gang claimed to be behind attacks that exploited a zero-day vulnerability CVE-2023-0669 in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organisations. According to a report published on March 26, 2023, SecurityWeek said the ransomware group posted on their Tor-based leak site the names of organisations allegedly impacted by the incident, including luxury brand retailer Saks Fifth Avenue, consumer goods giant Procter & Gamble, mining company Rio Tinto, and the U.K.’s Pension Protection Fund (PPF).
March, 2023
Acer confirms breach after threat actors (allegedly known as IntelBroker) attacked a server hosting private documents used by repair technicians – The threat actor hacked servers and claimed 160 GB of stolen data containing technical manuals, software tools, backend infrastructure details, product model documentation for phones, tablets, and laptops, BIOS images, ROM files, ISO files, and replacement digital product keys (RDPK).
March, 2023
AT&T alerts 9 million customers of data breach after vendor hack – A vendor that AT&T uses for marketing experienced a security incident in which hackers exposed information of 9 million customers as they accessed Customer Proprietary Network Information from some wireless accounts, such as the number of lines on an account or wireless rate plan, etc.
May, 2023
Money Message extortion gang stole Intel Boot Guard private keys after MSI breach – In March, the Money Message extortion gang attacked computer hardware maker MSI, claiming to have stolen 1.5TB of data during the attack, including firmware, source code, and databases. The gang demanded a $4,000,000 ransom and, after not being paid, began leaking the data for MSI on their data leak site. In May, they began leaking MSI’s stolen data, including the source code for firmware used by the company’s motherboards.
May, 2023
Money Message Ransomware Gang steals data of 5.8 million PharMerica patients – PharMerica said the threat actors have exposed data of over 5.8 million patients but the ransomware gang claimed to have stolen 4.7 TB of data during their attack on PharMerica, stating that it consisted of at least 1.6 million unique records of personal information which they have leaked on their extortion site
June, 2023
Clop Ransomware claims responsibility for MOVEit extortion attacks – The Clop Ransomware gang took responsibility for the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies’ servers and steal data.
July, 2023
Microsoft allegedly impacted by data breach, theft of 30 million customer accounts -Hacktivists, Anonymous Sudan, alleged that they had “successfully hacked Microsoft” and “accessed a large database containing more than 30 million Microsoft accounts, emails, and passwords”. Anonymous Sudan offered to sell this database to interested parties for $50,000 and urged interested buyers to engage in contact with their Telegram bot to arrange the purchase of the data.
July, 2023
Nickelodeon breached after leak of ‘decades old’ data – Hackers stole files of 500 GB from Nickelodeon systems and leaked them on the dark web.
September, 2023
MGM Resorts & Caesars Entertainment
Casino & Entertainment Giants MGM Resorts & Caesars Entertainment impacted by massive attacks by Scattered Spider – MGM disclosed that it was dealing with a cybersecurity issue that impacted some of its systems, including its main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines. On october 05, 2023, in its SEC Commission 8K filing report, MGM Resorts said: “Based on the ongoing investigation, the Company believes that the unauthorised third-party activity is contained at this time”.
For Caesars, the cyber attack led to sensitive information of many loyalty programme members being compromised. Some reports suggest that Caesars paid off half of the huge ransom that hackers demanded to prevent leak of the information stolen.
September, 2023
Sony impacted by cyber attack as hackers fight over who’s responsible – Sony said that it is investigating allegations of a cyber attack. Different hackers stepped up to claim responsibility for the purported hack. Claims of attacking Sony’s systems were initially made by an extortion group called RansomedVC. This group claimed that it had breached Sony’s networks and stolen 260 GB of data during the attack that they are attempting to sell for $2.5 million. But on the other hand, MajorNelson (another group) leaked for free a 2.4 GB compressed archive, which contains 3.14 GB of uncompressed data that it claims belongs to Sony.
September, 2023
Airbus impacted by data leak allegedly involving thousands of suppliers – Airbus said that it investigated a cybersecurity incident following reports that a hacker posted information on 3,200 of the company’s vendors to the dark web. The threat actor using the moniker “USDoD” posted on BreachForums that they obtained access to an Airbus web portal after compromising the account of a Turkish airline employee.
October, 2022
Okta says its support system was breached using stolen credentials – Okta spokesperson Vitor De Souza said that around 1% of 18, 400 customers are affected by this breach, but declined to provide a specific number. Due to this breach, the software company’s shares ended down by 11.6% at $75.57 on October 20, 2023. CNBC reported that Okta has allegedly shed more than $2 billion from its market valuation since the company disclosed a hack of its support systems. It also said that this incident was made all the more high-profile due to the several incidents that have been tied to Okta or its products in the recent past.
October, 2023
LockBit threatens to leak sensitive Boeing data – The LockBit cybercrime gang claimed that it had “a tremendous amount” of sensitive data stolen from the aerospace giant that it would dump online if Boeing didn’t pay the ransom by November 2. On November 10, 2023, according to news reports, LockBit published data stolen from Boeing. Apparently, it has leaked more than 43 GB of files from Boeing after the company refused to pay the ransom.
November, 2023
Rhysida Ransomware targets the National British Library – Multiple systems of the venerated institution were pulled offline. Hackers put the stolen data, allegedly containing PII of employees, on sale for 20 BTC. Shortly after that, Rhysida published 573 GB of data – about 90% of the total amount stolen, to its dark web leak site. This data allegedly included sensitive information of visitors and readers.
December, 2023
Toyota warns customers of Medusa data breach exposing personal, financial information – Toyota Financial Services (TFS) confirmed that sensitive personal and financial data was exposed in the attack. The threat actors demanded a payment of $8,000,000 to delete the stolen data and gave Toyota 10 days to respond to their demand, but Toyota did not negotiate a ransom payment with the cybercriminals. Currently, all data has apparently been leaked on Medusa’s extortion portal on the dark web.
December, 2023
36 million people affected by data breach at Xfinity – Cable TV and internet service provider Xfinity said a breach linked to a widespread vulnerability (CVE-2023-4966) in Citrix technology exposed data of about nearly 36 million people in mid-October.