Cyber Threat Report | October 2023

Threat Report

In October, the Microsoft Digital Defense Report 2023 focused on key insights from July 2022 – June 2023 hinting at how the overall cyber resilience could be improved. 

Its key developments in the state of cybercrime revealed:

  • 80-90% of all ransomware compromises derive from unmanaged devices;
  • Human-operated ransomware attacks are up more than 200%;
  • Cybercriminals’ tactics have shifted to exploiting cloud computing resources.

Within AMATAS’s October 2023 cybersecurity report, discover more about the:

  • Current “most dangerous” financial crime groups;
  • Impact of a new hack on Okta;
  • Continued rise of the hacktivists and nation-state espionage.

On the cybersecurity justice front, discover more about the lawsuit Progress Software is facing; how the Ragnar Locker ransomware group was taken down; and how 17 North Korean-owned website domains, used for fraud, were seized.

Cybercrime Breaking News

In a filing with the Securities and Exchange Commission (SEC), it was revealed that the cyberattack on MGM Resorts that took place in September 2023, cost $100 million in collective damages. According to Microsoft researchers, the threat actors believed to have carried out the attack, Octo Tempest, are said to be “one of the most dangerous financial criminal groups”.

1Password detected suspicious activity on a company account powered by Okta. The password manager later shared that no user data was accessed. Cybersecurity and networking giant, Cloudflare also disclosed attacks on their systems, which could be traced back to Okta: “no Cloudflare customer information or systems” being impacted. The news comes after Okta identified how a threat actor accessed Okta’s support case management system.

A report discloses possible cooperation between the Palestinian militant organization Hamas and the longest-running Arabic-speaking hacking group, alqassam[.]ps. The collaboration is said to be carried out to ensure that Al-Qassam Brigades, Hamas’s military news site, stays online during the war.

Pro-Hamas hacktivists target Israel with BiBi-Linux Wiper, a Linux-based wiper malware.

The International Criminal Court (ICC) was targeted by a “serious cybersecurity” attack that is indicated to have been carried out for espionage.

Cisco Talos reveals more information about Kazakhstan-based, espionage-focused threat group: YoroTrooper, targeting Commonwealth of Independent States (CIS) countries.

Google’s Threat Analysis Group’s (TAG) observes a new vulnerability in WinRAR, CVE-2023-38831, exploited by Russia- and China-backed hacker groups. The hackers began exploiting the vulnerability at the beginning of 2023, but it has since been patched.

Cybersecurity firm Kaspersky reports how Lazarus, the North Korean hacker group, has been targeting Eastern European energy and defense companies via an updated version of the MATA malware. The campaign commenced in September 2022 and was active until May 2023.

Cisco’s Talos identifies a new zero-day vulnerability in the Web User Interface feature of Cisco IOS XE software. The vulnerability, tracked as CVE-2023-20198, allows malicious actors to gain level 15 access to log in with normal user access.

Simpson Manufacturing Company, a US building materials manufacturing giant, dealt with a cyberattack that disturbed its operations. Earlier this month, one of the biggest global manufacturing technology providers, Volex, was affected by a cyberattack that took down some of its websites. In an official press release, Volex officials stated: “At this stage, any financial impact resulting from the incident is not expected to be material.”

​​A ransomware gang claims to have stolen data from Colonial Pipeline, the U.S.’s largest pipeline system for refined oil products. The company deferred the claims, stating that there’s been no disruption to its operations.

A new cybercrime tool for low-skilled cybercriminals infiltrates social media networks with fake accounts. The so-called Kopeechka (“penny” in Russian) by steps the two-step verification, so malicious actors could easily disseminate fake news, spam and malware promotion campaigns across social media. 

Cyberwar between Russia and Ukraine: Updates

The International Committee of the Red Cross (ICRC) released ethical guidelines – the 8 rules for “civilian hackers” during war, and 4 obligations for states to restrain them. The framework focuses on why the role of hacktivists has grown even more so (especially during the war between Russia and Ukraine), highlighting why States and societies need to be concerned about the activity of these actors, and how humanitarian legislation may be even further required. 

Ukraine’s National Cyber Security Coordination Center (NCSСС) published a report detailing how attacks perpetrated via Smokeloader malware against Ukrainian financial and government organisations are on the rise. The attacks are believed to be carried out by Russian domain registrars with potential connections to Russian cybercriminals.

Cybersecurity Justice

Progress Software, the company behind the file transfer tool MOVEit, faces dozens of lawsuits and investigations by US agencies after a vulnerability in the tool was exploited back in June 2023.

Europol, Eurojust, the FBI, and other international law enforcement and judicial authorities took down the Ragnar Locker ransomware group, bringing the main suspected perpetrator to the examining magistrates of the Paris Judicial Court.

Justice Department seizes 17 North Korean-owned website domains used in a scheme to “defraud U.S. and foreign businesses, evade sanctions and fund the development of the [North Korean] government’s weapons program”.

British regulators fined Equifax about  $13.6 million “for failing to manage and monitor the security of UK consumer data” during a cyberattack on its platform in 2017 – where hackers accessed the personal information of 13.8 million.

Spanish-police-led operation against an alleged cybercriminal group, results in the arrest of 34 said perpetrators who are believed to have conducted various online scams.

Ex-NSA employee pleads guilty to six counts of attempted espionage in trying to transfer “classified National Defense Information (NDI) to an agent of the Russian Federation (Russia)”.

Finish District Court charges the suspected perpetrator, said to have carried out around 30,000 counts of aggravated computer break-ins against Vastaamo, Finish psychotherapy center.

Department of Justice charged, arrested, and extradited a Moldovan national for his involvement in E-Root Marketplace – a website that sold access to compromised computers across the globe.  He currently faces a maximum penalty of 20 years in federal prison.

During the ONE cybersecurity conference, the CyberPeace Institute disclosed that they are partnering up with The Hague Humanity Hub, the Dutch Institute for Vulnerability Disclosure, and the global Computer Security Incident Response Team to set up a cybersecurity portal for NGOs in the Netherlands. The aim of the initiative is to provide free training, tools, and consultations for more cyber resilience. 

After a July 2020 ransomware attack that exposed the data of 13,000 customers, Blackbaud (one of the world’s largest financial and fundraising providers for non-profits) agrees to a $49.5 million settlement with the attorneys general of 49 states and Washington, D.C.

Cybersecurity News Across The Globe


RED ALERT: Cybersecurity and Data Protection Forum 2023

AMATAS is the strategic partner and co-organizer of the largest in Bulgaria Cybersecurity and Data Protection cybersecurity organized by Капитал. The forthcoming edition will give practical knowledge on identifying, analyzing, evaluating, prioritizing, and responding to potential digital security risks. It will take place onsite at Sofia Tech Park on November 16, 2023, and will be streamed online.

Learn more about the agenda and register here 👉 CyberSecurity Forum 2023 –

Cybersecurity Awareness Month

October’s Cybersecurity Awareness Month continued the cooperation between the public and private sector in sustaining a more cybersecure culture via providing the necessary tools for knowledge-share. As you might have seen on LinkedIn, AMATAS joined the initiative by focusing our efforts on educating our audience about social engineering.

So, without further ado, we’re sharing with you some of the most useful resources from our social media on:

AMATAS will continue to monitor this space and deliver salient information regularly. 

Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website or by e-mailing

As always – be vigilant, stay alert, and think twice.

Related Articles

Scroll to Top