Upcoming Webinar – Tools and Tactics to solve the top 3 Open-Source Intelligence Challenges Learn More +

Weekly Cyber Digest

18 August 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Zoom App
SpaceX Starlink
Zimbra Collaboration Suite
Deep & Dark Web
Name Heat 7
Kali Linux
Microsoft Visual Studio

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Company Information Affected
AT&T (US) A 3.6GB file on a popular dark web file sharing site contained the personal information of current and former customers. The file consists of 28,511,318 records, including names, phone numbers, physical and email addresses, dates of birth, and Social Security numbers. The data includes 22.8 million unique email addresses and 23 million unique Social Security numbers. Unknown
Ypsilanti Community Utilities Authority (US) The utilities authority suffered a ransomware attack in mid-April 2022 that encrypted files stored on the network. An unauthorised actor may have been able to access customer data, including names and bank account numbers. ∼ 2,000
iPay88 Malaysia The payment gateway platform discovered a cybersecurity incident on May 31st, 2022. Card data may have been compromised. Unknown
Advanced Computer Software Group Ltd (UK) The managed service provider to UK’s National Health Service (NHS) confirmed that a recent cyber incident was a ransomware attack. It did not disclose whether NHS data had been stolen. Unknown
Atsugishi Fishery Cooperative Association (Japan) Customer information on the company’s Aruko mail order site may have been leaked to outside parties due to an Emotet malware infection in June 2022. Potentially compromised data includes names, addresses, telephone numbers, and email addresses. Unknown
Sumiwa Koun (Japan) The company’s business server was targeted in a cyberattack on June 4th, 2022. The server was later found to be infected with ransomware. Unknown
Information and Communication Technologies Authority (Turkey) An investigation found that the government agency began collecting private user data from Internet Service Providers (ISP) on a monthly basis in December 2018. This includes names, last names, IDs, tax and central registry numbers, birth places and dates, addresses, and more. In December 2020, 313 local ISPs and mobile operators were reportedly asked to provide the internet traffic of all users in Turkey on an hourly basis. Unknown
Newton Falls Exempted Village School District (US) The school district was made aware of a potential security breach that impacts several students’ Social Security numbers. Unknown
Swan Bitcoin (US) The savings firm is affected by the recent breach against Klaviyo, in which the hacker managed to download Swan’s email list. Other leaked customer data includes first names, IP-based geolocation, and information on how users originally joined the email list. Unknown
Suishenma COVID-19 app (China) A hacker named ‘XJP’ claims to have obtained personal information of users of the app. On August 10th, 2022, they listed the data on Breach Forums. A sample of the data includes phone numbers, names, Chinese identification numbers, and health code statuses. 48,500,000
Warner Norcross & Judd (US) The firm learned of unauthorised access to some of its systems on October 22nd, 2021, in which personal and protected health information may have been compromised. This includes names, dates of birth, Social Security numbers, payment card numbers, financial account information, passport numbers, and more. The breach may also have affected 120,000 members of Priority Health. Unknown
Conifer Revenue Cycle Solutions LLC (US) An unauthorised party gained access to a business email account on January 20th, 2022. Personal information of individuals associated with certain healthcare providers was potentially compromised. Ths includes names, dates of birth, Social Security numbers, financial account information, medical information, and more. Unknown
Quintana Roo (Mexico) The state’s judicial branch suffered a ransomware attack that left the Superior Court of Justice without email. Unknown
Waterloo Region District School Board (Canada) Employee information dating back to 1970 was accessed during a cyberattack in July 2022. Exposed data includes names, dates of birth, banking information, social insurance numbers, and payroll history of employees dating back to 2012. Unknown
Cedar Rapids School District (US) The school district paid an unnamed third party to prevent critical information from being released following a cyber security incident in July 2022. They have not revealed whether the payment was for a decryption key. Unknown
ShitExpress (US) Threat actor pompompurin exploited a vulnerability in the website to download its entire customer database. They accessed customer messages, email addresses, and other private data associated with 29,000 customer orders. A sample of the database was later shared on a hacking forum. Unknown
Judiciary of Córdoba (Argentina) On August 13th, 2022, the judiciary suffered a ransomware attack that forced it to shut down its IT systems and online portal. Although not officially confirmed by the Judiciary, reports suggest that PLAY ransomware is responsible for the attack. Unknown
Kiplepay (Malaysia) On August 15th, 2022, Kiplepay disclosed that the Kiple Visa Prepaid Card of some users may have been compromised due to a potential third-party data breach. Unknown
Signal (US) Some users may have been affected by the recent phishing attack against Twilio. Affected users’ phone numbers were potentially revealed as being registered to a Signal account, or the SMS verification code used to register with Signal was revealed. No other personal data was reportedly hacked or accessed. ∼1,900
Valent USA LLC (US) The company reported a data breach stemming from what appears to have been a ransomware attack. Compromised information of certain individuals includes names, Social Security numbers, driver’s license numbers, passport numbers, and more. Unknown
Government of Peru Many Congress workers and Parliament members were targeted with suspicious messages on their cell phones. It is believed this was enabled by the spread of documents online that contain the personal data of Parliament workers. This includes full names, national identity document numbers, positions, personal and corporate emails, and phone numbers. Unknown
Smith, Gambrell & Russell (US) Some documents may have been taken from part of the company’s IT systems by an unauthorised person. This may have included names, addresses, Social Security numbers, driver’s licence numbers, government IDs, and medical information. Data belonging to Lee County Emergency Medical Services has also been impacted. Unknown
Lamoille Health Partners (US) The company suffered a data breach after experiencing a ransomware attack. Compromised patient data includes names, addresses, dates of birth, Social Security numbers, health insurance information, and medical treatment information. Unknown
Grupo Financiero Banorte (Mexico) On August 3rd, 2022, an actor named ‘Holistic-K1ller’ advertised data allegedly stolen from the company for sale on a cybercrime forum. They claimed the database includes names, addresses, phone numbers, tax IDs, email addresses, and account balances of citizens. Banorte maintains there has been no violation of their platforms and technical infrastructure, and that the information is inaccurate and outdated. >10,000,000
Atlantic Dialysis Management Services (US) On June 9th, 2022, the company discovered unauthorised activity within its computer systems during which patient information may have been accessed. This includes names, addresses, Social Security numbers, dates of birth, health insurance information, and more. Snatch Team claimed responsibility for the data theft and leaked some of the allegedly stolen files. Unknown
Novant Health (US) Protected health information may have been exposed via a tracking tool linked to Facebook. Potentially exposed data includes email addresses, phone numbers, computer IP addresses, and certain contact information. Financial information or Social Security numbers have only been impacted if typed into a free text box by the user. Unknown
Practice Resources LLC (US) The company was targeted in a ransomware attack on April 12th, 2022. The company issued the breach notice on behalf of 28 entities. 942,138
Shipyaari (India) The company suffered a months-long exposure of its internal shipment information. The personal data of thousands of customers was exposed, including names, addresses, phone numbers, order invoice amounts, and delivery status. Unknown
DigitalOcean (US) DigitalOcean disclosed that its Mailchimp account was compromised in a cyberattack against Mailchimp. Certain customer email addresses may have been exposed. Unknown
United Health Centers of San Joaquin Valley (US) Patient data was exfiltrated from the organisation’s systems between August 24th and 28th, 2021. Compromised data includes names, Social Security numbers, and medical record numbers. In August 2021, Vice Society ransomware actors published allegedly stolen data on their leak site. Unknown
Methodist McKinny Hospital (US) The hospital, along with Methodist Allen Surgery Center and Methodist Craig Ranch Surgical Center, disclosed that an unauthorised individual copied certain files between May 20th, 2022, and July 7th, 2022. Potentially compromised data includes names, addresses, Social Security numbers, dates of birth, medical history information, and more. Karakurt actors since claimed to have stolen 367GB of data from the hospital, including accounting reports, executive and financial documents, and more. ∼632
Apex Capital Corp (US) The company and its subsidiary TCS Fuel confirmed that both companies’ systems were targeted in a malware attack. The attack shut down TCS Fuel’s network, resulting in some customers being unable to log onto systems, fuel trucks, and access funds. Ransomware group BlackByte claimed responsibility for the attack. Unknown
Whitworth University (US) On July 29th, 2022, the website of the university and its campus network went offline as a result of a ‘security issue.’ On August 10th, 2022, the LockBit ransomware group claimed to be in possession of 715GB of data belonging to the university, including information related to accounting, marketing, infrastructure, documents, and more. Whitworth has not confirmed what type of data may have been compromised in the attack. Unknown
South Staffordshire PLC (UK) The water supplier recently experienced a cyberattack involving unauthorised third-party access to its systems. South Staffordshire’s subsidiary companies, Cambridge Water and South Staffs Water, are also affected. Clop ransomware actors are believed to have conducted the attack. Unknown

Attack type mentions in Banking and Finance

This chart shows the trending attack types related to Banking and Finance within a curated list of cyber sources over the past week.

Weekly Industry View

Industry Information
Banking & Finance In July 2022, Cleafy researchers discovered two new versions of the SOVA Android banking trojan that each have new capabilities. The malware masquerades as fake Android applications that impersonate well-known brands such as Google Chrome, Amazon, NFT Platform, and more. SOVA appears to be targeting over 200 mobile applications, including banking apps and cryptocurrency exchanges and wallets. 
Government Microsoft researchers disrupted campaigns from Russian actor SEABORGIUM that have been targeting NATO countries as well as countries in the Baltics, Nordics, and Eastern Europe. The campaigns include persistent phishing and credential theft activity leading to intrusions and data theft. Targets primarily include defence and intelligence, government, think tanks, and higher education organisations. 
Technology ThreatFabric researchers discovered a new malware dropper, dubbed BugDrop, that attempts to circumvent the latest security features that will be introduced by Google in Android 13. The malware is believed to be the latest product from the actors behind the Xenomorph trojan, Hadoken Security. The application poses as a QR code reader and uses a slightly modified version of the original Brox malware code. Once opened, the malware requests Accessibility Services access and initiates connection with its onion C2, which relies on the TOR protocol, receiving its configuration and the URL of the payload. The downloaded file belongs to the Xenomorph malware family.
Cryptocurrency Trend Micro discovered a malicious Chromium-based browser extension that is believed to be the latest deployment of the group behind CopperStealer malware. The extension is capable of creating and stealing API keys from infected machines when the victim is logged into a major cryptocurrency website. These API keys enable the extension to perform transactions and send cryptocurrencies from victims’ wallets to the attackers’ wallets.
Healthcare The US Health Sector Cybersecurity Coordination Center warned of an ongoing phishing campaign targeting healthcare providers to steal multiple credentials, including from Outlook, IONOS, and AOL. The campaign may have leveraged business email compromises of entities related to the healthcare and public health (HPH) sector, as well as non-HPH entities. The email uses a ‘secure message’ lure and invites the recipient to click a malicious link. This leads to an Evernote site that uses the theme of the targeted victim organisation. The site contains an HTML file that, once downloaded, works as a phishing trojan.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.