Cyber Threat Report | May 2023

The month of May has been a busy one for cybersecurity professionals – with the cyber threat imposed by the latest technologies and AI becoming more imminent.

The AMATAS team would like to take this instant to remind you about the newest strategic focus of the FBI and the Justice Department. Cyber victim recovery is becoming policy-makers’ number one priority.

In a recent Click Here podcast interview, Deputy Attorney General, Lisa Monaco, revealed, 

“We need to take those steps that can help prevent the next victim. And [we’re putting] victims at the center of our strategy.”

In other news, the biggest cyber espionage attack (via malware) was perpetrated against the US. 

Also, it was revealed that due to a data breach, over two million Toyota customers’ car locations were exposed in the past decade.

Discover more about Europol’s takedown of the “Monopoly Market” and the White House’s National AI R&D Strategic Plan in our May 2023 newsletter.

Cybercrime Breaking News

Microsoft released information that Chinese hackers have been attacking critical US military infrastructures in Guam via malware. Experts believe this is one of the biggest espionage attacks to have been carried out against the US.

Data breach on Toyota Motor Corporation’s cloud environment is revealed to have exposed the sensitive information of over two million customers in the past decade (between November 6, 2013, and April 17, 2023).

Microsoft Threat Intelligence warns that the cybercriminal group Sangria Tempest (ELBRUS, FIN7) is once more active. Back in April 2023, Sangria Tempest carried out “opportunistic attacks” by deploying Clop ransomware. The group was previously involved in 2021 and used to deploy REvil and Maze, while managing the former DarkSide and BlackMatter ransomware operations.

Cybersecurity researchers infiltrated Qilin ransomware-as-a-service group (RaaS) to discover key information about its functionalities. The report states that Qilin has been active since July 2022 to this date and its main targets are critical sector companies. Qilin members mainly use spear phishing and have currently posted 12 victims on their DLS.

Five new victims – from the government, military, non-profit, and education sectors in Asia-Pacific (Thailand, Brunei, Vietnam, and Indonesia) and Europe (Belgium) – are added to APT Dark Pink’s list. Active since mid-2021, Dark Pink has compromised at least 13 organizations.

Cybersecurity researchers warn about hackers exploiting VMware ESXi with at least ten different ransomware families, following the Babuk source code leak of 2021.

Microsoft Threat Intelligence reports that Iranian-state-sponsored Mint Sandstorm and Mango Sandstorm groups have started to exploit the unpatched vulnerability in Papercut.

Update on the Western Digital cyberattack – it’s been confirmed that an unauthorized third party gained access to Western Digital’s online store databases. An official company press release notes, “We are progressing through our restoration process and the majority of our impacted systems and services are now operational.” 

Cisco warns of a new phishing-as-a-service tool (“Greatness”) that is currently focused on Microsoft 365 phishing pages. The most commonly targeted sectors include manufacturing, health care, and technology.

Microsoft releases patch for “critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows“.

Cyberwar between Russia and Ukraine: Updates

An April cyberattack – that affected the civilian business of Rheinmetall (the German automotive and arms company) – is confirmed to have been perpetrated by BlackBasta.  The ransomware group went to post Rheinmetall data samples on their extortion website. Rheinmetall was recently in talks with Ukraine about launching a new strategic cooperation agreement.

Cybersecurity and AI

​​The White House Office of Science and Technology Policy (OSTP) released the National AI R&D Strategic Plan to focus on national security concerns. The White House stated its commitment to partaking in an independent (as to AI developers and companies) assessment to showcase the potential impact of AI.

Cybersecurity Justice

Try2Check – a platform used by cybercriminals to trade stolen credit card credentials -is dismantled. Also, its founder is charged “with access device fraud, computer intrusion, and money laundering in connection with his operation of Try2Check”.

The Justice Department unsealed two indictments charging a supposed perpetrator, who is believed to be behind ransomware attacks on Law Enforcement Agencies (in Washington D.C. and New Jersey), as well as victims in healthcare and other sectors. His earliest attacks go back to 2020, and he is believed to have deployed three ransomware variants – LockBit, Babuk, and Hive. “Let today’s charges be a reminder to cybercriminals everywhere,” U.S. Attorney Philip R. Sellinger for the District of New Jersey said in an official statement. “My office is devoted to combatting cybercrime and will spare no resources in bringing to justice those who use ransomware attacks to target victims.”

13 ‘booter’ website domains (associated with DDoS-for-hire services) have been seized by US law enforcement.

Europol-coordinated operation (code-name SpecTor) took down “Monopoly Market” – a dark web marketplace; 288 suspected vendors were arrested and EUR 50.8 million were seized.

In collaboration with Ukrainian law enforcement, the FBI shuts down nine virtual currency exchange platforms used to assist cyber criminals.

The Investigatory Powers Tribunal rules in favor of the UK’s National Crime Agency (NCA) in the EncroChat case. EncroChat  – an encrypted communications platform used by cyber criminal organizations – was taken down in 2020 and the information was used to make thousands of arrests across the globe. The tribunal determined that the NCA had obtained all the proper warrants to access the messages. 

An ex-Uber chief security officer (who covered up cyber-attacks from authorities)’s sentence includes up to three years of probation, a $50,000 fine, and 200 hours of community service.

FinTech Updates

A hacker group is targeting organizations’ Amazon Web Services (AWS) accounts to set up illegal crypto mining operations.

A new malware, Bandit Stealer, targets browsers and cryptocurrency wallets to gain unauthorized access to personal or confidential information. The malware’s activity is currently limited to Windows, but it has the potential to expand to other platforms.

Cybersecurity News Across The Globe

AMATAS Offer| Assessment for SWIFT members

Since 2020, all SWIFT members must provide evidence their audits have been performed by external auditors or internally independent persons with appropriate expertise (e.g., internal audit).

AMATAS auditors combine years of auditing experience in the payment industry with extensive know-how in regulatory projects in the financial sector. We aim to provide the most detailed evidence report possible, followed by an efficient process for implementing all the required security criteria.

The early start of the security assessment by SWIFT controls allows you to work on the findings and implement all the required action steps provided by the security company before the year-end deadlines. 

Get your early-bird quote by the end of July, 2023

Contact us at +359 899 911 911 or at

Discover more from the AMATAS team:

AMATAS will continue to monitor this space and deliver salient information regularly. 

Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website or by e-mailing

As always – be vigilant, stay alert, and think twice.

Related Articles

Scroll to Top