Cyber Threat Report | March 2023

In light of recent cyber threats targeting some of the most vital institutions across the world, we begin this March by once more highlighting the vitality of the cybersecurity “job”.

In the words of AMATAS Chief Strategy Officer, Boris Goncharov, “As roles of industry professionals keep on evolving, dialogues in cybersecurity communities have transformed from, ‘What can I do to make the company/ organization I work for safer?’ to ‘What can I do, in the global scheme, to safeguard and build a resilient digital environment?’”

And with cybersecurity beginning to gain an even more political character, we look at the recently unveiled US National Cybersecurity Strategy – as case study for best practices in legislation.

The White House strategy aims to create: 

“A defensible, resilient digital ecosystem, where it is costlier to attack systems than defend them, where sensitive or private information is secure and protected, and where neither incidents nor errors cascade into catastrophic, systemic consequences.”

The five pillars, on which the strategy is built are:

  • Critical infrastructure defense
  • Hindering and dismantling threat actors
  • Driving security and resilience with market forecasts 
  • Investing in a resilient future
  • International partnerships to pursue shared goals

AMATAS’s CEO, Marko Simeonov, remarked, “We truly believe that global partnerships have now become crucial in the cybersecurity space in 2023 and beyond.”

Within our March newsletter, discover more about the latest threats in the cybersecurity environment, justice news, as well as updates on the Cyberwar between Russia and Ukraine.

Cybercrime Breaking News

Hackers access an IT testing environment in Rubrik, a cloud data management giant, exploiting a GoAnywhere (popular file transfer service) zero-day vulnerability. Procter & Gamble, the City of Toronto, Virgin, and the U.K. Pension Protection Fund have also all been affected by the hack of Go Anywhere.

Mass supply-chain attack targets 3CX’s VoIP telephony system’s (voice and video conferencing software) users, consisting of more than 600,00 companies (including American Express, BMW, Air France, etc.). Hackers have infected multiple versions of 3CX’s desktop app for Windows and macOS with CVE-2023-29059. Nick Galea, 3CX’s CEO, apologized for the issue and recommended users to either uninstall and re-install the app or “use our PWA client instead. It really does 99% of the client app and is fully web based and this type of thing can never happen.”

Financially-motivated threat actors used a bypass in Microsoft’s SmartScreen security feature to spread ransomware (Magniber), without triggering any security warnings. Google’s Threat Analysis Group (TAG) report confirms that the bug –  CVE-2023-24880 – was patched with the latest security update.

Hackers breached an Acer server, that hosts private documents used by repair technicians. The news comes after a malicious actor proclaimed that they have for sale 160 GB of Acer data. The results of the official Acer investigation, so far, point out that no customer data was stolen.

U.S. House of Representatives letter confirms data breach impacting DC Health Link and potentially exposing the personal information of Congress members and staff.

BidenCash (a Russian dark website) aims to gain attention by publishing +2 million card numbers, available for free. In these types of data dumps, names, emails, phone numbers, and home addresses are also leaked.

A ransomware attack hit Black & McDonald, the Canadian engineering giant, whose portfolio of work involves military, power, and transportation infrastructures.

Ferrari works with law enforcement as hacker claims to have attained access to client contact details. An official statement notes, “As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks.”

NCB Management Services, a financial services company that purchases debts, files a data breach notification. This follows malicious activity by hackers at the beginning of February, who may have accessed the confidential information of nearly 500,000 of the company’s clients.

Data breach between December 2022 and February 2023, may have stolen the financial information of +71K Chick-fil-A customers.

Cyberwar between Russia and Ukraine: Updates

New research points out how Ukraine’s government, agriculture, and transportation organizations in Donetsk, Lugansk, and Crimea regions were infected by a PowerMagic backdoor and CommonMagic framework, back in October 2022. The scope of the compromise is to be confirmed.

Zimbra’s flaws are actively exploited by Winter Vivern, a Russian hacking group, to gain unauthorized access to the emails of NATO and government officials, military personnel, and diplomats.

Cybersecurity Justice

The FBI and the Department of Health and Human Services Office of Inspector General disrupt BreachForum’s, one of the world’s largest hacker forums with +340K members, operations and makes it go offline. Meanwhile, the Justice Department announced that the founder of BreachForum has been arrested. The new forum admins have since decided to shut down the platform.

The US government plans to commit $25 million to help Costa Rica recover from 2022’s devastating cyberattacks caused by the Conti ransomware group. The funding aims to create a centralized Security Operations Center to strengthen the country’s cybersecurity against malicious actors and cyber threats. “This extensive cooperation in cybersecurity reflects our shared commitment to a secure Costa Rica,” noted Cynthia Telles, U.S. Ambassador to Costa Rica.

UK’s National Crime Agency (NCA) infiltrates criminal marketplaces by setting up fake websites, that are offering DDoS-for-hire services. “Traditional site takedowns and arrests are key components of law enforcement’s response to this threat,” remarked NCA’s National Cyber Crime Unit’s Alan Merrett. “However, we have extended our operational capability with this activity, at the same time as undermining trust in the criminal market.”

Europol, Germany, and the US take down ChipMixer, one of the largest dark web cryptocurrency laundromats. Authorities have seized four servers, about 1909.4 Bitcoins in 55 transactions (an estimate of EUR 44.2 million), and 7 TB of data. 

US federal court unseals an indictment against two men, charged for allegedly “breaching a federal law enforcement database and posing as police officers to defraud social media companies”.

Kaspersky releases new decryptor to help Conti ransomware victims.

FinTech Updates

A woman, believed to have assisted the multi-billion dollar cryptocurrency pyramid scheme “OneCoin”, is extradited from Bulgaria and is to face charges in a New York federal court.

In the middle of March, DeFi platform, Euler Finance, confirmed that hackers stole $197 million (in cryptocurrency) in a flash loan attack.

Cybersecurity News Across The Globe

  • Government organizations in ASEAN (Association of Southeast Asian Nations) countries are targeted by KamiKakaBot malware. The attack is said to be perpetrated by the advanced persistent threat (APT) group, Dark Pink, which is aiming to steal web browser data (e.g. saved credentials, browsing history, and cookies) and execute remote code.
  • New spearphishing campaign (said to be perpetrated by ‘Kimsuky’, North Korean APT group) targets experts on the Korean Peninsula and North Korea issues.
  • Independent Living Systems, a healthcare software organization, alerts about a breach that may affect over four million of its users.
  • Barcelona’s main hospital (Hospital Clinic de Barcelona) cancels thousands of appointments after a ransomware attack.
  • Hackers release some of the information attained during the Oakland city hack. As the investigation continues, current findings point out that employees of the City, between July 2010 and January 2022, may be affected by the breach.
  • A ransomware attack takes down Indigo’s (Canadian book giant) website. Current and former WH Smith employees’ company data is accessed as a result of a data breach.

Wondering what are the best practices for data privacy? Learn more from the AMATAS team:

AMATAS will continue to monitor this space and deliver salient information regularly. 

Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website, or by e-mailing

As always – be vigilant, stay alert, and think twice.

Related Articles

Scroll to Top