Notable Cyber Security Events 2023

  • January
    • A database containing over 14 million usernames and passwords was found on a dark web forum, and within this database were more than 100,000 logins for portals belonging to Australian government agencies.
    • The Vice Society ransomware group has been conducting a series of widespread attacks targeting schools in both the United Kingdom and the United States. In response to these developments, the Federal Bureau of Investigation (FBI) has issued an official alert regarding the group’s activities.

      • Check Point Threat Emulation provides protection against this threat (Trojan.Wins.ViceSociety.*)

    • Check Point Research reports that threat actors in hacking forums have started making use of AI tools like ChatGPT, in order to create malware and attack tools such as info-stealers and encryptors.
    • Britain’s international mail service, Royal Mail, has had its operations disrupted by a cyberattack. The service has instructed its users not to post mail, as it is unable to dispatch packages to their destinations. The LockBit ransomware gang has been confirmed as the perpetrator of the attack, and is threatening to leak stolen data if its ransom demand is not met.

      • Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win.Lockbit)

    • Check Point Research is seeing attempts by Russian cybercriminals to bypass OpenAI’s restrictions, to use ChatGPT for malicious purposes. In underground hacking forums, hackers are discussing how to circumvent IP addresses, payment cards and phone numbers controls – all of which are needed to gain access to ChatGPT from Russia.
  • February
    • Check Point Research has flagged the Dingo crypto Token, with a market cap of $10,941,525 as a scam. The threat actors behind the token added a backdoor function in its smart contract, to manipulate the fee. Specifically, they used the “setTaxFeePercent” function within the token’s smart contract code to manipulate the buying and selling fees to an alarming 99%. The function has already been used 47 times, and investors of Dingo Token can potentially risk losing all their funds.
    • KillNet, a pro-Russian hacktivists group, has launched a wide scale operation against the US healthcare sector with multiple DDoS attacks.
    • JD Sports, UK sportswear retailer, has announced a data breach that affected approximately 10M clients. The alleged leaked data consists of clients’ online orders placed between November 2018 and October 2020, including full names, emails, phone numbers, billing details, delivery addresses, and more.
    • Check Point Research exposed two malicious code packages, Python-drgn and Bloxflip, distributed by threat actors, leveraging package repositories as a reliable and scalable malware distribution channel.
    • The group behind the massive ‘ESXiArgs’ ransomware campaign, which affected thousands of VMware ESXi hosts, has updated their malware’s encryption process. The updated version of the malware prevents the potential recovery method that was recommended by researchers, as it now also encrypts the files that could have been used to trigger the recovery process.

      • Check Point IPS provides protection against this threat (VMWare OpenSLP Heap Buffer Overflow (CVE-2019-5544; CVE-2021-21974))

    • Social media platform Reddit suffered a security breach, after an employee fell victim to a phishing attack. According to the company’s statement, while internal documents and source code were stolen, user information and credentials have not been impacted.
    • One of Israel’s leading universities, ‘The Israel Institute of Technology’ (Technion), has been targeted by a ransomware attack, forcing it to shut down its network and postpone final exams to the upcoming semester. Suspicions were raised that the attack might be politically or personally motivated, as the perpetrators are a previously unknown group and the ransom note included nonstandard messaging.
    • Check Point’s researchers found that threat actors are working their way around ChatGPT’s restrictions to create malicious content and to improve the code of a basic Infostealer malware from 2019.
    • Researchers have analyzed multiple campaigns using malicious packages in attempted supply-chain attacks. One Pypi (Python) campaign created over 450 crypto-related packages that would replace cryptocurrency wallet addresses, while another registered 5 packages that deliver credential-stealing malware. Also observed was an npm (Java) campaign, which delivered a remote-access Trojan.
    • City of Oakland has announced a local state of emergency as they are dealing with a ransomware attack that forced the city to take its IT systems offline.
    • The massive ESXiArgs ransomware campaign continues to expand, and recently affected over 500 hosts with the majority located in France, Germany, the Netherlands, the U.K., and Ukraine.
    • As OpenAI introduced a paid ChatGPT tier called ChatGPT Plus, threat actors are now offering so called free access to the platform, luring users to download malicious apps or visit phishing websites.
  • March
    • Pierce Transit, a public transit operator that serves over 18K people daily in Washington State, has been a victim of a ransomware attack conducted by LockBit gang. The ransomware group claimed it stole correspondence, non-disclosure agreements, customer data, contracts and more.

      • Check Point Threat Emulation and Harmony Endpoint provide protection against this threat (Ransomware.Win.Lockbit)

    • Check Point researchers have uncovered a cyber-espionage campaign by Chinese APT group SharpPanda. The campaign has targeted government entities in South-East Asia, and has utilized the Soul framework to establish access to vicitms’ network and exfiltrate information.

      • Check Point Threat Emulation and Anti-bot provide protection against this threat (Trojan.WIN32.SharpPanda)

    • Check Point Research has revealed the FakeCalls Android Trojan, which can mimic over 20 financial apps and engage in voice phishing by simulating conversations with bank employees. This malware, designed for the South Korean market also extracts private data from victims’ devices.

      • Check Point Harmony Mobile and Threat Emulation provide protection against this threat.

    • Check Point Research has discovered security flaws in chess.com that could allow users to manipulate game results. Using the vulnerability, researchers were able to reduce opponent’s time and thus to win games.
    • Check Point Research has analyzed ChatGPT4 and identified five scenarios that allow threat actors to by bypass the restrictions and to utilize ChatGPT4 to create phishing emails and malware.
    • The Italian luxury sports car maker Ferrari has announced a data breach following an extortion attack on the company’s IT systems. The leaked data consists of the company’s clients’ personal information including full names, addresses, email addresses, and phone numbers.
    • Check Point Research has detected malicious packages on PyPI, Python package index, that use phishing techniques to hide its malicious intent. The malicious packages stealthy downloading and executing obfuscated code as part of their installation process, leading to supply chain risks.

      • Check Point CloudGuard Spectral provides protection against this threat.

  • April
    • Both Windows and macOS versions of 3CXDesktopApp, a VoIP application of 3CX Communications Company, were compromised and used to distribute Trojanized versions in a large-scale supply chain attack. In this widespread campaign, dubbed SmoothOperator, threat actors have misused 3CX’s application with a malicious file that is loaded using 3CXDesktopApp and beacons to the attacker’s infrastructure. More than 600,000 companies worldwide which use 3CX may be affected by this attack. The attack is linked to the North Korean Lazarus group, and is tracked as CVE-2023-29059.

      • Check Point Threat Emulation and Harmony Endpoint provide protection against this threat (Trojan-Downloader.Win.SmoothOperator; Trojan.Wins.SmoothOperator)

    • Australia’s largest gambling and entertainment firm, Crown Resorts, has disclosed that it is being extorted by CL0P ransomware group. This extortion attempt is also a result of CL0P’s group exploitation of Fortra GoAnywhere vulnerability.

      • Check Point Threat Emulation and Harmony Endpoint provide protection against this threat (Ransomware.Wins.Clop; Ransomware.Win.Clop; Ransomware_Linux_Clop)

    • Researchers have been tracking the hacktivist group Anonymous Sudan, which had been engaged in launching multiple DDoS attacks on organizations in Europe, Australia, Israel and more, often in response to what is perceived as anti-Muslim activity. The group is currently considered and identified as a sub-group of the Russia affiliated hacktivists group Killnet, and supports its agendas.
    • Check Point Research has discovered a new strain of ransomware dubbed Rorschach, which was deployed via DLL sideloading of a legitimate, signed security product. This ransomware is highly customizable with technically unique features previously unseen in ransomware, and is one of the fastest ransomware observed, by the speed of encryption.

      • Check Point Harmony Endpoint provides protection against this threat.

    • Check Point Research has discovered three vulnerabilities (CVE-2023-28302, CVE-2023-21769 and CVE-2023-21554) in the “Microsoft Message Queuing” service, commonly known as MSMQ. The most severe of these, dubbed QueueJumper by CPR (CVE-2023-21554), is a critical vulnerability that could allow unauthenticated attackers to remotely execute arbitrary code in the context of the Windows service process mqsvc.exe.

      • Check Point IPS provides protection against this threat (Microsoft Message Queuing Remote Code Execution (CVE-2023-21554))

    • Check Point Research flags a sharp increase in cyberattacks targeting IoT Devices, with 41% increase in the average number of weekly attacks per organization during the first two months of 2023, compared to 2022. On average, every week, 54% of organizations suffer from attempted cyber-attacks targeting IoT devices, mostly in Europe followed by APAC and Latin America.

      • Check Point Quantum IoT Protect provides protection against this threat

    • Check Point Research warns about an increase in discussions and in trade of stolen ChatGPT accounts, with a focus on Premium accounts. Cyber criminals leak credentials to ChatGPT accounts, trade premium ChatGPT account and use Bruteforcing tools for ChatGPT, which allow cyber criminals to get around OpenAI’s geofencing restrictions and get access to the previous queries of existing ChatGPT accounts.
    • The Check Point research team has uncovered new techniques used by the Raspberry Robin malware. These methods include several anti-evasion techniques, obfuscation, and anti-VM measures. The malware also exploits two vulnerabilities in Win32k (CVE-2020-1054 and CVE-2021-1732) in order to elevate its privileges.

      • Check Point Threat Emulation and IPS provide protection against this threat (Trojan.Wins.RaspberryRobin; Microsoft Win32k Elevation of Privilege (CVE-2021-1732), Microsoft Win32k Elevation of Privilege (CVE-2020-1054))

  • May
    • Check Point Research reveals new findings related to Educated Manticore, an activity cluster with strong overlap with Phosphorus, an Iranian-aligned threat actor operating in the Middle East and North America. Educated Manticore adopted recent trends and started using ISO images and possibly other archive files to initiate infection chains.

      • Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (APT.Wins.APT35.ta)

    • Check Point Research revealed new Android malware called FluHorse. The malware mimics legitimate applications, most of which have more than 1,000,000 installations. The malware steals victims’ credentials and Two-Factor Authentication (2FA) codes. FluHorse targets different sectors of Eastern Asian markets and is distributed via emails.

      • Check Point Harmony Mobile provides protection against this threat (FLU_HORSE_STR)

    • Check Point Research has noticed a surge in cyberattacks leveraging websites associated with the ChatGPT brand. These attacks involve the distribution of malware and phishing attempts through websites that appear to be related to ChatGPT, to lure users into downloading malicious files or disclose sensitive information.
    • The data storage giant Western Digital has confirmed a data breach that exposed the personal information of the company’s clients. The leaked data includes names, billing and shipping addresses, email address and phone numbers. The threat actors claimed they are not affiliated with the ALPHV (aka Black Cat) ransomware gang but would use that group’s leak site to threaten and extort the company.
    • Check Point Research had discovered a custom firmware implant tailored for TP-Link routers that has been linked to a Chinese state-sponsored APT group tracked as Camaro Dragon, which shares similarities with Mustang Panda. The implant was used in targeted attacks aimed at European foreign affairs entities, and it features several malicious components. This includes a custom backdoor named “Horse Shell”, which enables the attackers to maintain persistent access, build anonymous infrastructure and enable lateral movement into compromised networks.

      • Check Point Quantum IoT Protect and Threat Emulation provide protection against this threat (APT.Wins.HorseShell)

    • The FBI, CISA, and ACSC warn that the BianLian ransomware group has shifted its tactics to extortion-only attacks. Instead of encrypting files and demanding a ransom, the group now focuses on stealing sensitive data and threatening to release it unless a payment is made.

      • Check Point Threat Emulation provides protection against this threat (Ransomware.Win.GenRansom.glsf.A)

    • Check Point Research has published a report on GuLoader – a prominent shellcode-based downloader that has been used in a large number of attacks to deliver a wide range of the “most wanted” malware. GuLoader’s payload is fully encrypted, what allows threat actors to store payloads using well-known public cloud services, and bypass antivirus protections.

      • Check Point Threat Emulation provides protection against this threat (Dropper.Win.CloudEyE.*)

    • Check Point Research elaborates on the latest Chinese state sponsored attacks and their use of network devices. This follows a joint Cybersecurity Advisory that United States and international cybersecurity authorities issued on Chinese state-sponsored cyber actor, also known as Volt Typhoon. This actor have compromised “critical” cyber infrastructure in a variety of industries, including governmental and communications organizations.
  • June
    • Progress disclosed a vulnerability in MOVEit Transfer and MOVEit Cloud (CVE-2023-34362) that could lead to escalated privileges and potential unauthorized access to the environment. Upon discovery, Progress launched an investigation, provided mitigation steps and released a security patch, all within 48 hours. Unfortunately, during that time, cybercriminals associated with Russian-affiliated ransomware group Clop exploited the vulnerability and launched a supply chain attack against MOVEit users. Among them was payroll services provider Zellis, who was the first to disclose a security breach, although many others have been impacted.

      • Check Point IPS blade provides protection against this threat (MOVEit Transfer SQL Injection (CVE-2023-34362))

    • Check Point Research has published an analysis of a backdoor tool used by the Chinese APT group Camaro Dragon. The backdoor tool, dubbed TinyNote, is written in Go and includes a feature bypassing Indonesian antivirus software SmadAV, which is popular in Southeast Asian countries. The APT group’s victims likely include embassies in Southeast Asian countries.

      • Check Point Threat Emulation provides protection against this threat (APT.Wins.MustangPanda.ta.*)

    • An Illinois hospital faced closure as a result of a ransomware attack, making it the first healthcare facility to shut down due to such an incident. The attack on SMP Health in 2021 disrupted the hospital's capability to submit claims to insurers, including Medicare and Medicaid, for several months. This situation led to a severe financial downturn for the hospital.
    • The Louisiana Office of Motor Vehicles (OMV) and the Oregon DMV Services have released statements warning US citizens of a data breach exposing millions of driver’s licenses. This comes after the Clop ransomware gang had hacked the agencies’ MOVEit Transfer security file transfer systems and stole the stored data.

      • Check Point IPS blade, Harmony Endpoint and Threat Emulation provide protection against this threat ((Progress MOVEit Transfer Multiple Vulnerabilities); Webshell.Win.Moveit, Ransomware.Win.Clop, Ransomware_Linux_Clop; Exploit.Wins.MOVEit)

    • Check Point researchers have discovered a sophisticated malware affecting a European medical institution. The attack is attributed to Camaro Dragon (Mustang Panda), a Chinese state-sponsored APT group. The threat actors employ malicious USB drives as an initial access vector in order to target restricted networks, and their payload includes a module that further infects any additional USB drive that is plugged into an infected host. It is believed that the malware thus propagated beyond the attackers’ initial intent, likely inadvertently infecting dozens of organizations worldwide.

      • Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (APT.Wins.MustangPanda; APT.Wins.MustangPanda.ta)

  • July
    • Check Point Research identified a malicious modified version of the popular messaging application Telegram. The malicious application installs Triada Trojan which can sign up the victim for various paid subscriptions, perform in-app purchases and steal login credentials.
    • 500GB of data has leaked from American television channel Nickelodeon as a result of a suspected breach. The data includes scripts, animation files and full episodes of content, and has been confirmed by the TV channel as legitimate, yet decades old. The said breach occurred during January this year, due to an authentication vulnerability on a feedback portal.
    • Check Point Research has released an analysis of Google’s generative AI platform Bard, presenting several scenarios where the platform permits to generate malicious content. Threat actors could utilize Bard to generate phishing emails, malware keylogger and a basic ransomware code.
    • The Microsoft Exchange email account espionage campaign, which has been attributed to Chinese threat actor ‘Storm-0558’, has reportedly accessed the email account of United States ambassador to China and compromised hundreds of thousands of individual United States government emails. Researchers warn that the method used in the campaign could also have targeted user accounts other Microsoft services, such as OneDrive and Azure environments.
    • The Norwegian government has reported that a software platform, used by 12 key ministries, suffered a cyberattack. It happened after hackers exploited a zero-day authentication bypass vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM).
  • August
    • Prospect Medical Holdings, a major healthcare services provider that operates 16 hospitals and 166 outpatient clinics and centers in the US, suffered a significant ransomware attack. The attack has disrupted the company’s operations in at least three states, and forced hospitals to divert patients to other facilities. No ransomware gang has publicly claimed responsibility for the attack yet.
    • Check Point researchers share the latest findings of NPM-based vulnerabilities that were discovered in over 50 popular packages, putting countless projects and organizations at risk.

      • Check Point CloudGuard CNAPP provides protection against this threat

    • Discord.io has confirmed that the company is handling a data breach exposing the information of 760,000 members, which led to the temporarily suspension of services. This comes after a cybercriminal going by the moniker Akihirah has posted the database of Discord in an underground forum.
    • An ongoing espionage campaign targeting dozens of organizations in Taiwan has been discovered. Researchers have attributed the activity to a Chinese APT group dubbed Flax Typhoon, which overlaps with Ethereal Panda. The threat group minimizes the use of custom malware, and instead uses legitimate tools found in victims’ operating systems to conduct its espionage operations.
    • Pro-Russian hackers have disrupted train services in northwest Poland by gaining access to the railway’s designated frequencies. The hackers broadcasted the Russian national anthem, as well as a speech of the Russian president Putin during the attack.
  • September
    • The FBI announced operation ‘Duck Hunt’ dismantling the Qakbot (Qbot) malware operation that is active since at least 2008. Qakbot has been known to infect victims via spam emails with malicious attachments and links, while also serving as a platform for ransomware operators. It has impacted over 700,000 computers worldwide including financial institutions, government contractors and medical device manufacturers.
      Check Point Research shared its analysis of the Qakbot malware and its operations over the years.

      • Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Trojan.Wins.Qbot; Trojan.Win.Qbot; Trojan.Downloader.Win.Qbot; Trojan-PSW.Win32.Qakbot; Trojan.WIN32.Qakbot)

    • Check Point warns of a recent Email phishing campaign abusing the data visualization tool – Google Looker Studio. Attackers use the tool to send slideshow emails to victims from official Google accounts, instructing them to visit 3rd party websites to collect cryptocurrency. The websites will then prompt the victims to input their credentials and thus to steal them.

      • Check Point Harmony Email provides protection against this threat.

    • Check Point researchers have analyzed the potential impact of the emerging generative AI technology on election influencing operations. Generative AI is capable of constructing individually tailored audio-visual propaganda to target voters on a massive scale, causing a heightened risk to democratic election integrity. To combat the issue, Google will require disclosure on political advertisements involving AI.
    • The American resort, casino and hotel chain MGM has suffered a cyber-attack that resulted in widespread disruption across the company’s hotels and casinos, and has shut down its internal networks as a precaution. The cyber-attack paralyzed the company’s ATMs, slot machines, room digital key cards and electronic payment systems. ALPHV ransomware affiliate, has claimed responsibility for the attack. Check Point Research is sharing its analysis insights on the activity of the ALPHV group during the last 12 month.
    • Monti ransomware gang has claimed responsibility for a cyber-attack on New Zealand’s third-largest university, Auckland University of Technology. The threat actors claim to have stolen 60GB of data, giving the victim a deadline of October 9th to pay a ransom.

      • Check Point Threat Emulation provides protection against this threat (Ransomware.Wins.Monti)

    • Check Point Research has discovered new version of the BBTok banking malware, which targets clients of over 40 Mexican and Brazilian banks. The research highlights newly discovered infection chains that use a unique combination of Living off the Land Binaries (LOLBins), which results in low detection rates. The research also reveals some of the threat actor’s server-side resources used in the attacks, targeting hundreds of users in Brazil and Mexico.

      • Check Point Threat Emulation and Harmony Endpoint provide protection against this threat (Banker.Wins.BBTok; Banker.Win.BBTok; Technique.Wins.SuxXll; Trojan.Win.XllAddings)

  • October
    • Check Point researchers have detected a phishing campaign exploiting popular file-sharing program Dropbox. The threat actors use legitimate Dropbox pages to send official email messages to the victims, which will then redirect the recipients to credential stealing pages.
    • Check Point researchers have discovered multiple critical vulnerabilities affecting the WEB3 social media platform Friend.tech. The set of vulnerabilities can allow attackers to access and modify database values belonging to the company, as well as gain access to paid features.
    • The American Rock County Public Health Department, which serves more than 160K people across Wisconsin area, has been a victim of a ransomware attack that forced officials to take some systems offline. Cuba ransomware gang has claimed responsibility for the attack, claiming to have stolen financial documents, tax information and more.

      • Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win.Cuba, Ransomware.Wins.Cuba.ta.*)

    • LockBit ransomware gang has claimed responsibility for an alleged attack on the multibillion-dollar IT products and services reseller CDW. The gang has demanded $80M ransom and threatened to release stolen data, said to include employee badges, audits, commission payout data and more. The company has isolated the affected servers, which are claimed to be non-customer-facing.

      • Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win.Lockbit; Gen.Win.Crypter.Lockbit; Ransomware.Wins.LockBit.ta; Ransomware_Linux_Lockbit)

    • The FBI and CISA have released a joint Cybersecurity Advisory under their #StopRansomware campaign, warning of and diving into AvosLocker ransomware, which operates under a ransomware-as-a-service (RaaS) model. They focus on technical details and the group’s TTPs to assist mitigation and defense.

      • Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Wins.Avoslocker.ta.A, Gen.Win.Crypter.AvosLocker.B, Ransomware.Win.AvosLocker.B, Ransomware_Linux_AvosLocker)

    • Attackers have gained access to parts of the network of the cloud identity authentication giant Okta. The hackers managed to gain access to the firm’s support unit for at least two weeks and have attempted to use tokens copied from support tickets to access the firm’s customers’ networks. Reportedly, the firm only became aware of the incident when a customer reported that a support ticket token being abused.
    • Check Point Research has analyzed cyber activity related to the first ten days of the Israel-Hamas war. Multiple hacktivist groups, Middle Eastern, Islamic, and Russian-affiliated, have intensified their operations against Israel. Various attack vectors have been observed, including DDoS, defacement, and information leakage from some Israeli websites – most of those with very limited impact.
    • Stanford University has been a victim of cyber-attack that affected the systems of its Department of Public Safety (SUDPS). Akira ransomware gang claimed responsibility for the attack, which allegedly resulted in the exposure of 430GB of university’s data.

      • Check Point Harmony End Point and Threat Emulation provides protection against this threat (Ransomware_Linux_Akira; Ransomware.Wins.Akira)

  • November
    • Boeing has acknowledged that a cyber-attack had affected its parts and distribution business, and that the company is working with law enforcement to investigate. Earlier this week, ransomware group LockBit has added Boeing to its victim page and claimed to have stolen large amounts of data.

      • Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win.Lockbit, Ransomware_Linux_Lockbit )

    • Check Point Research has revealed an ongoing espionage campaign of Scarred Manticore – threat actor tied to the Iranian Ministry of Intelligence and Security (MOIS). The attacks rely on LIONTAIL, an advanced passive malware framework installed on Windows servers. The current campaign is targeting high-profile organizations in the Middle East, focusing on government, military, and telecommunications sectors.

      • Check Point IPS, Threat Emulation and Harmony Endpoint provide protection against this threat (Backdoor.WIN32.Liontail.A/B, APT.Wins.Liontail.C/D)

    • Check Point Research released a recent review of the evolving cyber events in light of the Israel-Hamas war. The recent weeks revealed that pro-Palestinian hacktivist groups have broadened their scope beyond Israel, mainly targeting countries perceived as Israeli allies. These cyber operations aim to have informational and retaliatory effect, however, have limited reported damage. Notably, the target choice is set by the groups’ previously established interests, in addition to evolving geopolitical events.
    • US unit of China’s largest bank, the Industrial and Commercial Bank of China (ICBC), has suffered a ransomware attack that disrupted some of its financial services systems, reportedly affecting liquidity in US Treasuries. LockBit ransomware gang is reportedly behind the attack.

      • Check Point Threat Emulation and Harmony Endpoint provide protection against this threat (Ransomware.Wins.LockBit.ta*; Ransomware.Win.Lockbit; Gen.Win.Crypter.Lockbit.AI; Ransomware_Linux_Lockbit)

    • Russia-affiliated military intelligence group SandWorm is reportedly responsible for an attack against 22 critical infrastructure companies in Denmark. The attacks, most severe in Danish history, have compromised industrial control systems and forced companies from the energy sector to work offline.
    • Check Point Research conducted an experimental deep dive to test ChatGPT’s malware analysis capabilities. The findings focus on the guidance the AI system requires in order to expand its capabilities and deliver a verdict.
    • Nevada-based medical transcription company, Perry Johnson & Associates (PJ&A), has disclosed a data breach that affected more than 9M patients at multiple healthcare providers in the US. The exposed data includes patients’ names, addresses, dates of birth, Social Security Numbers, and medical records. The attack is considered as one of the most severe medical data breaches in recent years.
    • Check Point Research, using Threat Intel Blockchain system, uncovered an ongoing sophisticated Rug Pull scheme that managed to pilfer nearly $1M. The actor behind this scheme was traced, unveiling the perpetrator lured unsuspecting victims into investing using the crowd’s hype around ill-gotten gains.
  • December
    • Check Point Research provided highlights about Cyber Av3ngers group activity, which has taken responsibility on defacing workstations at Pennsylvania’s Aliquippa municipal water authority. Following the attack, CISA has published an advisory about this hacktivists group which is affiliated to Iranian Revolutionary Guard Corps (IRGC) and reportedly hit multiple water utility companies in the United States by targeting Unitronics’ PLC devices.
    • The American Greater Richmond Transit Company (GRTC), which provides services for millions of people, has been a victim of cyber-attack that impacted certain applications and parts of the GRTC network. The Play ransomware gang claimed responsibility for the attack.

      • Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win.Play; Ransomware.Wins.PLAY)

    • Check Point Research exposes a troubling trend in the cryptocurrency landscape. Deceptive actors are manipulating pool liquidity, sending token prices soaring by 22,000%. The manipulation of pool liquidity resulted in a swift and calculated theft of $80,000 from unsuspecting token holders. This incident sheds light on the evolving strategies scammers employ to exploit decentralized finance platforms.
    • Ukraine’s largest mobile operator, Kyivstar, was hit by “largest cyber-attack on telecom infrastructure in the world”, rendering millions without mobile and internet services for at least 48 hours. Reportedly, the attack also affected air raid sirens, ATMs, and point-of-sale terminals. Russia-affiliated group Solntsepek, who was previously linked to Russian military group Sandworm, claimed responsibility for the attack. Another Russia-aligned group, Killnet, claimed responsibility, however its involvement hasn’t been proved. Kyivstar has 24.3 million mobile subscribers and over 1.1 million home internet subscribers.
CHAPTER 01
BACK TO TOP
CHAPTER 03