Cyber Threat Report | July 2022


</Reports </ Cybersecurity </ Cybercrime </ News


Cybercrime continues to be on the rise in July 2022, but important steps were taken throughout the month to ensure more secure cyberspace worldwide.

Within the Breaking News Section of our report, discover more about the threat North-Korean government-sponsored actors pose by deploying Maui ransomware. 

We’ll also look at the: 

  • currently, offline advert, which sold the largest stolen data set to date
  • latest social media hacker attacks, targeting some of the biggest institutions and organizations
  • official FBI warning issued with regard to fraudulent cryptocurrency applications.

Our Newsletter will provide you with more information about how hackers spread fake news about the Ukrainian President, Volodymyr Zelensky. 

Finally, on the upside, discover what are the DOJ targets (and measures) to increase the number of reported ransomware cases.

Always remember that cyber security is everyone’s responsibility!

Cybercrime Breaking News

CISA, the (FBI), and the U.S. Department of the Treasury released a joint Cybersecurity Advisory regarding Maui ransomware, believed to be used by North Korean state-sponsored cyber actors. As early as May 2021, Maui was deployed to encrypt Healthcare and Public Health servers and disrupt organizations' operations. The issued Advisory includes technical details and indicators of compromise

Within our Cybersecurity Justice News section, discover more about the recent measures the DOJ took to battle North Korean government groups deploying Maui.

The Microsoft Threat Intelligence Center tracked North Korean actors using H0lyGh0st ransomware to target small and mid-sized organizations across the world. The attacks on small businesses began as early as September 2021.

23 terabytes of data, stolen from Shanghai National Police, were advertised on sale for $200,000 on a criminal website; with the advert later being taken down. President Xi Jinping asked public bodies in China to "defend information security… to protect personal information, privacy and confidential corporate information".

Microsoft blocks Visual Basic for Applications (VBA) Macros in files from the internet to enhance Office security. Microsoft's representatives note that VBA Marcos "are a common way for malicious actors to gain access to deploy malware and ransomware". Find out the official guide on how to allow VBA Macros to run in files you trust.

Disneyland's Facebook and Instagram accounts were taken over by malicious actors, who used them to post 'reprehensible content'. Company representatives immediately took down the messages and investigations are ongoing. The British Army’s Twitter and YouTube channels were also hacked - infiltrated with different cryptocurrency adverts. The Army resolved the issues and are looking into the cause of the breach.

Microsoft's security team believes that there is a link between the Raspberry Robin USB-based worm and EvilCorp, an infamous Russian ransomware group. At the end of July, Microsoft saw FakeUpdates malware being delivered via existing Raspberry Robin infections. The malware campaign was first spotted in September 2021.

International video game publisher, Bandai Namco, is added to the list AlphV ransomware victims

Cyberwar between Russia and Ukraine: Updates

United States and Ukraine sign Memorandum of Cooperation (MOC) “to strengthen collaboration on shared cybersecurity priorities”.

Fake news about the health of Ukrainian President Volodymyr Zelensky was disseminated during Ukrainian radio broadcasts. Cyber hackers targeted all nine stations of Ukraine's largest broadcast, TAVR Media, but were able to infiltrate only two. That same day, President Zelensky issued a message on social media that he’s “in his office and healthier than ever”.

Cybersecurity Justice

A Department of Justice Strategic Plan (2022 - 2026) aims to expand the number of reported ransomware cases to 65% by September 2023. The goal is to increase “the percentage of reported ransomware incidents from which cases are opened, added to existing cases, or resolved, or investigative actions are conducted within 72 hours.”

In other news, DOJ seize and return a $500,000 ransom, paid to ransomware groups, said to be connected to the North Korean government. In 2021, the threat actors deployed Maui to target two U.S. healthcare facilities in Kansas and Colorado.

National Credit Union Administration (NCUA) proposes to install a 72-hour deadline for credit unions to report cyberattacks. If the regulations are installed, regulated companies would have to report the case in the first 72 hours, without filing detailed incident reports.

CISA is set to open its first international Attaché Office in London.

FinTech Updates

Phishing scheme targets users of decentralized cryptocurrency exchange, Uniswap. The attackers stole about $8 million by luring users with supposed free UNI tokens (airdrops).

On the first weekend of July, DeFi platform, Crema Finance, had about $8.8 million stolen by hackers. During the attack, threat actors took out six flash loans - this is one of the most common tactics used to target DeFi platforms. Crema Finance was able to successfully negotiate with the actors and had about $7 million returned in exchange for a $1.68 million bounty. Find out more about the platform’s compensation plan to restore the original asset portfolio.

April 2022, saw the highest amount of cryptocurrency sent to mixing services - $51.8 million. Blockchain research company, Chainalysis, notes that illicit addresses have transferred 25% of all mixer funds.

FBI warns about cryptocurrency applications being used to defraud financial institutions and investors. The Bureau has accredited the loss of $42 million (by 244 U.S. investors) to fake cryptocurrency apps.

AMATAS will continue to monitor this space and deliver salient information regularly. 

Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website or by e-mailing

As always – be vigilant, stay alert, and think twice.

Ralitsa Kosturska in AMATAS