Major Cyberattacks in Review: June 2023

In today’s interconnected world, cybersecurity incidents, including the entrance of major cyberattacks in June 2023, have become an unfortunate reality, affecting organizations across various sectors. The importance of safeguarding sensitive data has never been more critical, as threat actors continue to exploit vulnerabilities and launch targeted attacks. 

This blog post presents a collection of recent noteworthy cybersecurity incidents, shedding light on their scope and impact. From large corporations to healthcare providers, these incidents serve as reminders of the urgent need for robust security measures and proactive defense strategies in our digital landscape. 

LockBit Ransomware Targets TSMC, Demands $70 Million Ransom

The National Hazard Agency, a subgroup of the LockBit ransomware gang, has exposed the world’s largest chip manufacturer, Taiwan Semiconductor Manufacturing Company (TSMC), on their leak site. 

Demanding a $70 million ransom, LockBit threatens to leak alleged data unless TSMC pays. LockBit warns of publishing entry points, passwords, and logins if payment is refused. 

The extent of the data breach and the type of data held by LockBit remain unknown. In a separate incident, TSMC supplier Kinmax Technology experienced a cyber-attack, potentially impacting server setup and configuration information.

Clop Ransomware Breaches Global Energy Giant Shell in MOVEit Transfer Attacks

Clop ransomware has intensified its attacks on MOVEit Transfer users, targeting numerous organizations across diverse industries in the mass-exploit campaign. Well-known names such as PwC (PricewaterhouseCoopers), Ernst & Young, Medibank, and Gen Digital (the parent company of Avast, Norton, AVG, and Avira) have all fallen victim to this notorious ransomware group.

Furthermore, Shell, the global energy and petrochemical company, has been listed by the group as one of its targets. Shell has confirmed the attack and acknowledged its impact on their operations.

Learn more about the MOVEit Transfer vulnerabilities and campaign on our blog. You can also check out the Clop Ransomware Dark Web Threat Profile here.

Fort Worth Government Website Breached, Hackers Claim Political Motive

Government officials in Fort Worth, Texas, confirmed a cyber incident where hackers breached a website containing government information. 

The hacking group, SiegedSec, claimed responsibility for stealing approximately 180GB of data, including work orders, employee lists, invoices, police reports, emails, internal documents, and camera footage, totaling around 500,000 files. 

SiegedSec stated their actions were in response to Texas state politics, specifically regarding the ban on gender-affirming care. 

City authorities confirmed the breach but downplayed its impact, stating that no sensitive data related to residents, businesses, or employees had been released. 

Massive Data Breach Hits California’s Largest Public Pension Fund

The California Public Employees Retirement System (CalPERS), the country’s largest public pension fund, reported a significant data breach affecting approximately 769,000 retired California employees and beneficiaries. 

Russian cybercriminals targeted a popular file-transfer application, MOVEit, compromising personal information, including Social Security numbers. The breach was attributed to a third-party vendor responsible for verifying deaths. 

The same vendor, PBI Research Services/Berwyn Group, also lost data from at least 2.5 million Genworth Financial policyholders to the same criminal gang. 

Massive Data Breach Exposes Personal Information of Thousands via RateForce Platform

A significant data breach has occurred involving RateForce, an online car insurance quote comparison platform, resulting in the exposure of over 250,000 documents containing personal and sensitive information of individuals from the United States. 

The breach involved an unsecured database containing scanned documents such as vehicle registrations, driver’s licenses, insurance cards, vehicle titles, and state Medicaid health coverage cards. 

The breach was discovered by a security researcher who promptly notified USA Underwriters, the primary insurer associated with the policies in the database. You can read more about the incident here.

The incident reveals potential risks associated with third-party vendors and emphasizes the importance of robust security measures when handling customer data.

University of Manchester Cyberattack: Ransomware Group Threatens with Data Leak

Following a cyberattack on the University of Manchester, the ransomware group responsible has started sending emails to students, warning them that their data will soon be leaked. 

The threat actors claim to have stolen 7 TB of data during the June 6th attack, including confidential personal information, research data, medical data, police reports, HR documents, finance documents, and more.

Students who received the emails reported them to the university’s IT department. The University of Manchester had previously disclosed the attack as a ransomware incident, but no ransomware gang has claimed responsibility. 

Onix Group Notifies 329K Patients and Employees of Ransomware Attack

Onix Group, a commercial real estate company operating addiction recovery centers and medical facilities in multiple states, informed 319,500 patients and employees about a ransomware incident that compromised their personal and health information. 

The ransomware attack, discovered on March 27, corrupted certain systems and involved the unauthorized access of a subset of files. 

The compromised information included patients’ names, Social Security numbers, birthdates, scheduling, billing, and clinical information, as well as employee data such as names, Social Security numbers, direct deposit information, and health plan enrollment details. 

You can read our Healthcare Threat Landscape Report for more information about the healthcare industry.

Development Bank of Southern Africa Targeted in Akira Ransomware Attack

The Development Bank of Southern Africa (DBSA) has confirmed that it fell victim to a ransomware attack carried out by the Akira gang. 

The state-owned bank stated that the attack occurred around May 21 and resulted in the encryption of servers, log files, and documents. The gang threatened to publish the stolen information unless an undisclosed ransom was paid. 

The bank’s investigation revealed that personal information, including business names, director and shareholder names, addresses, identification documents, and contact details, may have been unlawfully accessed.

Zacks Investment Research Data Breach Exposes 8.8 Million Customer Records 

Zacks Investment Research has experienced another data breach, impacting 8.8 million customers, with the stolen database now circulating on Exposed hacking forum.

As the leaked data poses a risk of account hijacking and credential stuffing, Zacks users are strongly advised to change their passwords, particularly if the same password is used on other platforms.

Zacks reported a data breach in January 2023 that occurred between November 2021 and August 2022. According to Troy Hunt, the newly leaked database appears to have been compromised on or around May 10, 2020, predating the Zacks breach disclosed in January. 

To learn more about the Zacks data breach, read our blog.

Intellihartx Notifies 490,000 Individuals of Data Compromise in GoAnywhere Zero-Day Attack

Intellihartx, a Tennessee-based healthcare revenue cycle management firm, has informed approximately 490,000 individuals that their personal information was compromised in a ransomware attack conducted by the Clop ransomware group. 

The attack exploited a zero-day vulnerability,CVE-2023-0669,in Fortra’s GoAnywhere software. The compromised data includes names, addresses, medical billing and insurance information, specific medical details, and demographic information such as dates of birth and Social Security numbers.

Intellihartx has not identified any misuse of the compromised data. This incident highlights the increasing threat posed by the Clop ransomware group.

Atomic Wallet Hacked: Stolen Crypto Value Exceeds $35 Million

Reports of a substantial cryptocurrency theft from users’ wallets have prompted the developers of Atomic Wallet to launch an investigation. With over $35 million in crypto allegedly stolen, users took to Twitter and the developer’s Telegram channel to report the incidents. 

Notably, some users claim their crypto was stolen without having performed any recent software updates, while others experienced the theft after updating their software.

On June 3, Atomic Wallet acknowledged the compromised wallets and initiated an inquiry into the matter. As a precautionary measure, the developers temporarily shut down their download server to prevent further compromises. Blockchain investigator ZachXBT has collected transaction data and stated that the total amount stolen from Atomic Wallet victims exceeds $35 million. According to crypto security researcher Tay, the earliest recorded theft was on June 2.

Health Data of 2.5M Individuals Compromised in Enzo Biochem Ransomware Attack

Enzo Biochem, a life sciences and molecular diagnostics company based in New York, has experienced a ransomware attack, leading to unauthorized access to its computer systems. 

On May 30, the company notified approximately 2.5 million individuals in the US that their protected health information (PHI) has been compromised. 600,000 individuals have also had their personally identifiable information (PII), and Social Security Numbers (SSN), exposed.

The attack was confirmed on April 6, and by April 11, the company had identified the specific data that had been compromised, which included names and clinical testing information.

By utilizing SOCRadar’s platform, organizations can comprehensively understand the threat landscape, proactively address potential risks, and improve their overall cybersecurity posture.