Skip to content

The New Silobreaker Ransomware Report – An analysis of disclosure and messaging from open sources Learn More +

  • How it works
  • Solutions
        • Cyber Threat Intelligence
          • APT Monitoring
          • Asset Monitoring
          • Cyber Threat Landscape Intelligence
          • Data Breach Intelligence
          • Fraud Intelligence
          • Phishing Intelligence
          • Ransomware Intelligence
          • Supply Chain Threat Intelligence
          • Vulnerability Intelligence
        • Strategic and Political Intelligence
          • Competitor Benchmarking Intelligence
          • Conflict and Geopolitical Intelligence
          • Corporate Risk Intelligence
        • Physical Risk Intelligence
          • Areas of Operation Intelligence
          • Events and Activism Intelligence
        • Brand Threat Protection
        • Industries
          • Critical Infrastructure
          • Financial Services
          • Government and Defence
          • Healthcare and Pharma
          • Service Providers
          • Retail
          • Technology and Telecoms
  • Alerts
        • Silobreaker Demo

          See a demo of Silobreaker in action

          Request a demo +

        • Free Intelligence Email Alerts
          • COVID-19 Threat Alert​
          • Daily Cyber Alert
          • Weekly Cyber Digest
          • Financial Services Threat Alert
          • Ransomware Rewind
          • Russia-Ukraine Insights Alert​
          • US Politics Media Watch​
  • Resources
        • Silobreaker ROI

          Answer more intelligence use cases with a single tool

          Read our ROI Report +

        • Data SheetsDownload our product information
        • EventsMeet our team of experts
        • Customer StoriesLearn how customers reduce risk
        • ReportsIn-depth analysis and insights
        • WebinarsOnline events you don’t want to miss
  • Partners
  • Company
        • Customer Support

          Get product support from our experts

          Contact support +
        • AboutLearn about our people and awards
        • CareersIt’s a great time to join Silobreaker
        • PressAll the latest buzz on the company
        • Contact usGet in touch with sales and support
  • Free Trial
  • Login
  • Request demo
Menu
  • Request demo

Weekly Cyber Digest

Home – Alerts – Weekly Cyber Digest: 21 – 27 April 2023

27 April 2023

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.

Trending Vulnerable Products

Open Source
Name Heat 7
VMware Fusion
Trust Wallet
VMware Aria Operations for Logs
Odoo Community
OpenJDK
Deep & Dark Web
Name Heat 7
Ubuntu
Google Cloud
Scapy
TP Link Archer AX21
Docker App

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Company Information Affected
Shields Health Care Group (US) The medical service provider experienced unauthorised activity between March 7th and March 21st, 2022. The attacker was able to acquire the names and driver’s licence numbers or non-driver ID card numbers. >2,300,000
Cementos Bío Bío SA (Chile) On April 9th, 2023, BlackByte ransomware added the cement manufacturer to their leak site. The attackers claimed to have exfiltrated around 200GB of files, confirming that they also conducted file encryption. The company’s customer portal noted ‘intermittencies’ in service. Unknown
Conagua (Mexico) The national water commission reported a ransomware attack on April 13th, 2023, that impacted the systems of various delegations and subdirectories at the national level. All files from the last 15 years were reportedly encrypted. Screencaps seen in news coverages suggests the incident was a BlackByte attack. Unknown
Yucatan Government (Mexico) BlackCat ransomware claimed responsibility for a recent cyberattack on the government. The attackers have posted some data as proof, including samples of INE documents and a letter of commitment from the Yucatan state government. Unknown
Euromotors (Peru) LockBit ransomware added the company to its leak site on April 10th, 2023, before dumping 144MB of files and a file tree list on April 17th, 2023. Samples of the data include email names, internal corporate documents, and personal information of employees. Unknown
Fincantieri Marinette Marine (US) On April 12th, 2023, the shipbuilding company suffered a ransomware attack, with large chunks of data on its network rendered unusable. The attack targeted servers containing data used to feed instructions to the shipyard’s computer numerical control (CNC) manufacturing machines, delaying production across the shipyard. Unknown
District Court of Illinois (US) The Everest ransomware group added the court to its leak site and claimed to have gained full access to its network. The group alleged that it gained unrestricted access via an employee, including access to confidential documents and sensitive data. It also provided screenshots as proof of access. Unknown
American Bar Association (US) An unauthorised third party gained access to the ABA network on or about March 6th, 2023. The attacker acquired the usernames and hashed and salted passwords that users may have used to access online accounts on the old ABA website prior to 2018 or the ABA Career Center since 2018. 1,466,000
Consumer Financial Protection Bureau (US) An employee emailed the personally identifiable information of consumers to a personal email account. This includes names, account numbers, and may impact as many as 50 financial institutions. Agency officials reportedly first learned of the breach on February 14th, 2023. 256,000
Angel One (India) The stock broking firm suffered a data breach that compromised the personal data of its users, including names, emails, and mobile numbers. Unknown
Royal Vopak (Netherlands) The tank storage company disclosed that its Pengerang Independent Terminals in Malaysia were impacted by an IT incident that resulted in unauthorised access to some data. The incident reportedly involved BlackCat ransomware and affected key business information. Unknown
Naivas (Kenya) The retail giant was targeted in a ransomware attack, though its systems are reportedly secure and operational again. The company noted that it has not observed any malicious use of the stolen data, but urged customers to remain vigilant to any phishing attempts. Unknown
Gateway Casinos & Entertainment Ltd (Canada) A ransomware attack forced the company to temporarily shut down 14 of its properties in Ontario on April 16th, 2023. An investigation remains ongoing to determine whether any personal information of customers or employees was impacted. Unknown
San Bernadino County Sheriff’s Office (US) A network disruption on April 7th, 2023, was later confirmed to involve malware. Sources told local media that the attack also encrypted many of the department’s systems, however, they were able to recover the data. Unknown
Alaska Railroad Corporation (US) Hackers accessed data on its internal network systems on December 25th, 2022. Potentially compromised data on vendors and current and former employees includes names, dates of birth, Social Security numbers, banking information, and more. 7,413
Yellow Pages Canada Black Basta ransomware leaked sensitive data following an attack on or after March 15th, 2023. The leaked data includes identity documents, tax documents, sales and purchase agreements, and more. Unknown
Lake Dallas Independent School District (US) Royal ransomware added the district to its leak site, claiming to have obtained gigabytes of personal information on staff and students. Unknown
Clarke County Hospital (US) Royal ransomware claimed responsibility for an attack on the Iowa hospital, allegedly obtaining the details of 120 employees and hundreds of patients. Unknown
Engineering Compliance Construction Inc (US) APLHV ransomware added the company to its leak site. It remains unknown whether the attackers accessed any system data. Unknown
Fullerton India LockBit ransomware claims to have stolen 600GB of sensitive data, including loan agreements, account statuses, bank agreements, international transfers, financial documents, and personal customer information. Unknown
Stichting Kabeeltelevisie Pijnacker (Netherlands) A ransomware attack on April 22nd, 2023, caused a complete outage of all services. Internet and television services have since been partially restored. Unknown
Unknown Unknown threat actors posted a massive dataset for sale on a Russia-linked cybercrime forum which allegedly contains the personal information of users from China. Data samples suggest that the information includes names, national ID numbers, home addresses, mobile phone numbers, gender, and bank card numbers. 630,000,000
Pembina County Hospital (US) On April 21st, 2023, AvosLocker ransomware added the hospital to its leak site. The allegedly stolen data is said to include non-disclosure agreements and information on patients and employees. Unknown
StaffScapes (US) An unauthorised party gained access to the company’s environment following an email compromise in February 2023. Personal or sensitive information may have been exposed to the actors, including names and Social Security numbers. >4,500
Astral Brands (US) The beauty company discovered unauthorised access to its network systems on March 23rd, 2023, that dates back to September 2022. The breach may have exposed the personal information of individuals, including names, credit card and financial account numbers, dates of birth, Social Security numbers, passports, and more. 1,884
Atlantic International University (US) On April 24th, 2023, a threat actor leaked data allegedly stolen from the university on Telegram. The exposed data is said to include the personal information of students. Medusa ransomware initially added the university to its leak site on April 7th, 2023. Unknown
IMA Financial Group (US) The company detected unusual activity within its computer network in October 2022. The attacker accessed folders containing sensitive files, including Social Security numbers, driver’s license details, passport numbers, credit card data, and medical records and insurance. 941
Agensi Kaunseling dan Pengurusan Kredit (Malaysia) The company suffered a data breach and received a ransom demand after it initially suffered an IT outage on March 20th, 2023. ALPHV ransomware actors added the company to its leak site on April 25th, 2023, and claimed to have downloaded over 1.5 million files. Unknown
IRCCS MultiMedica (Italy) On April 27th, 2023, the LockBit gang added the hospital to its leak site. On the day prior, all outpatient activities, emergency room operations, and the collection of reports in the MultiMedica hospitals in Milan and Sesto San Giovanni were suspended after the cyberattack. Unknown
Multiple LockBit recently added Magnolia Care Center to its leak site. Keystone Smiles Community Learning Center and Olympia Community Unit School District 16 were also targeted, though LockBit has since claimed to have deleted stolen data and provided a decryptor. Unknown
All India Council for Technical Education On April 26th, 2023, Mysterious Team Bangladesh claimed on its Telegram channel to have attacked the government body. The attackers also posted links to download data allegedly stolen from the entity, including names of the departments, email addresses, login credentials, and other user information. Unknown
Bernina International (Switzerland) On April 25th, 2023, ALPHV ransomware actors added the sewing company to its leak site, claiming to have stolen 200GB of data. This allegedly includes customer, client, and employee data, as well as non-disclosure agreements, drawings and developments, bank data, and more. Unknown

Ransomware mentions in Banking & Finance

This chart shows the trending ransomware related to Banking & Finance within a curated list of cyber sources over the past week.

Weekly Industry View

Industry Information
Government
On April 24th, 2023, Israeli media reported that the Anonymous Sudan hacker group carried out a massive cyberattack against multiple Israeli government websites. This may include the websites of Mossad, the National Insurance Institute, and other sites. The group proclaimed on its Telegram channel to have taken down two central Israeli government sites via distributed denial-of-service (DDoS) attacks, adding that these are a preparation for a major cyberattack.
Technology
Aqua Security researchers identified threat actors exploiting Kubernetes Role-Based Access Control (RBAC) in the wild to create persistent backdoors on Kubernetes clusters and hijack their resources for Monero cryptomining. Dubbed RBAC Buster, the campaign is believed to be actively targeting at least 60 clusters in the wild.
Cryptocurrency
Elastic Security researchers discovered a new malware, dubbed LOBSHOT, that is delivered through malvertising campaigns, such as fake downloads for software like AnyDesk. The malware appears to be leveraged for financial purposes, employing banking trojan and information stealing capabilities to target cryptocurrency wallets. LOBSHOT contains a Hidden Virtual Network Computing component that allows for direct and unobserved access to the infected machine.
Banking & Finance
Netskope researchers discovered a phishing campaign mimicking a FedEx package delivery in order to steal credit card data. The campaign abuses the cloud services TrustedForm and PAAY 3DS to track victims and collect information about them, and validate stolen credit card details respectively. Phishing emails or text messages contain links that redirect to a website imitating FedEx, which prompts users to enter their personal information and credit card data, and asks questions about rearranging delivery to increase credibility.
Technology
Jamf researchers discovered a new macOS malware, dubbed RustBucket, that is used to download and execute various payloads. The malware has been attributed to the North Korean state-sponsored group, BlueNoroff, believed to be acting as a sub-group to Lazarus Group. The malware is delivered as a malicious AppleScript file disguised as a PDF viewer app, with multiple stages involved in its execution to hinder analysis. Communication with the C2 server only begins once a specific PDF is loaded, which in the observed case impersonated a venture capital firm. The final payload is an ad-hoc signed trojan written in Rust that performs several system recon commands upon initial execution.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.

Get started today

Ready to try it for yourself? Request a demo of Silobreaker today.

Request demo
Silobreaker
Linkedin-in Twitter Facebook-f

Product

  • How it Works
  • Industries
  • How it Works
  • Industries

Log in

Resources

  • Alerts
  • Data Sheets
  • Webinars
  • Reports
  • Glossary
  • Alerts
  • Data Sheets
  • Webinars
  • Reports
  • Glossary

Partners

  • Integration Partners
  • Channel Partners
  • Integration Partners
  • Channel Partners

Company

  • About Silobreaker
  • News
  • Careers
  • Services
  • Legal
  • Privacy Policy
  • About Silobreaker
  • News
  • Careers
  • Services
  • Legal
  • Privacy Policy

Contact

  • Sales
  • Support
  • Offices
  • Sales
  • Support
  • Offices
Copyright © 2023 by Silobreaker Limited. All rights reserved.
Manage consent
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
__hssrcsessionThis cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent1 yearRecords the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementorneverThis cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
__cf_bm30 minutesThis cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc30 minutesHubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie1 yearLinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie1 yearLinkedIn sets this cookie to store performed actions on the website.
langsessionLinkedIn sets this cookie to remember a user's language setting.
lidc1 dayLinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory1 monthLinkedIn sets this cookie for LinkedIn Ads ID syncing.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
CookieDurationDescription
_uetsid1 dayBing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid1 year 24 daysBing Ads sets this cookie to engage with a user that has previously visited the website.
SRM_B1 year 24 daysUsed by Microsoft Advertising as a unique ID for visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
__hstc5 months 27 daysThis is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga2 yearsThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_1737047_91 minuteSet by Google to distinguish users.
_gcl_au3 monthsProvided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid1 dayInstalled by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
hubspotutk5 months 27 daysHubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
CookieDurationDescription
ANONCHK10 minutesThe ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID1 year 24 daysBing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie15 minutesThe test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
_clck1 yearNo description
_clsk1 dayNo description
AnalyticsSyncHistory1 monthNo description
CLID1 yearNo description
li_gc5 months 27 daysNo description
SMsessionNo description available.
SAVE & ACCEPT
Powered by CookieYes Logo