--- title: "Cybersecurity Updates For The Week 10 of 2023 | Phish Protection" description: "From the Maritime to Gun and video-making industry, nobody is safe in today" image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-10-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-10-of-2023/" --- Quick Answer From the Maritime to Gun and video-making industry, nobody is safe in today's growing threat landscape where attackers constantly look for the new gold, "personal data." As more and more sensitive information is stored online, the consequences of a cyber attack can be catastrophic for individuals and businesses alike so the introduction of phishing protection is of vital importance. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2010%20of%202023&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2023%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2010%20of%202023 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2010%20of%202023&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/03/what-is-spear-phishing-5443.jpg) From the Maritime to Gun and video-making industry, nobody is safe in today’s growing threat landscape where attackers **constantly look for the new gold**, “personal data.” As more and more sensitive information is stored online, the consequences of a cyber attack can be catastrophic for individuals and businesses alike so the introduction of [phishing protection](/) is of vital importance. Here are this week’s [phishing](/resources/what-is-phishing) and data breach-related news stories. ### Multi-Year Spear Phishing Campaign Targeting The Maritime Industry A sophisticated [spear phishing](/content/phishing-prevention/difference-between-phishing-and-spear-phishing) campaign managed to sneak past the maritime industry’s security solutions and deliver Formbook and Agent Tesla. The attackers **maintained persistence** in the network for over a year , the crew unaware. Security experts observed the campaign in October 2020 when the attackers were distributing Agent Tesla and, in mid-2022, **switched to Formbook**. _W_ \_h\_at Researchers found: ElecticIQ Intelligence assessed the campaign and attributed it to a[single threat cluster](https://cyware.com/news/multi-year-spearphihing-campaign-against-maritime-industry-3dba95d5). The emails pretended to inform the recipients that the ship was docking at a port and asked the victim to click on the **malicious attachment** for further details. The spear phishing emails contain a [CAB file](https://www.lifewire.com/cab-file-4144227) with a maritime vessel’s name, enclosing the **Agent Tesla malware**. Researchers found over 20 such emails appearing to come from a Norway headquartered shipping company. The security experts said that using **commodity RATs** means the group wants to obtain sensitive information like session tokens, credentials, and **email lists**. They can use this information in future [BEC attacks](https://www.computerweekly.com/news/365532757/BEC-attacks-doubled-in-2022-outstripping-ransomware) or sell them on the dark web to provide initial access . ### New Malware Targets Business Routers For Data Theft And Surveillance An ongoing hacking campaign named ‘Hiatus’ targets[DrayTek Vigor router](https://www.bleepingcomputer.com/news/security/new-malware-infects-business-routers-for-data-theft-surveillance/)models 2960 and 3900 to build a covert **proxy network** by stealing the victims’ data. Small and medium-sized businesses leverage business-class VPN routers (DrayTek Vigor) to offer **remote connectivity** to corporate networks. The new hacking campaign, ongoing since July 2022 , relies on a malicious bash script, the [malware](/content/protection-against-malware/what-is-malware) “HiatusRAT,” and the legitimate ‘tcpdump,’ used by DrayTek Vigor to capture **network traffic** flowing through the router. Attackers use the HiatusRAT component to download additional payloads, run commands on the compromised device, and convert them into a **SOCKS5 proxy** to pass C2 (command and control) server traffic. Lumen’s Black Lotus Labs discovered the campaign and believes that the HiatusRAT has infected over a **hundred businesses** in Europe and North and South America. While the Hiatus is a small-scale campaign, it can severely impact the victims, stealing email and [FTP credentials](https://help.vaultpress.com/ftp/#:~:text=FTP%20stands%20for%20File%20Transfer,Username) and offering further network access. _Lumen’s researchers say the [threat actors](/phishing-awareness/threat-actors-use-namecheaps-email-to-execute-metamask-and-dhl-phishing-attacks) purposefully have a **small attack volume** to evade detection._ ### Cybercriminals Expose Personal Data After Targeting Police Department Of The City Of Modesto, California [Modesto](https://www.govtech.com/security/personal-data-exposed-in-cyber-attack-on-modesto-calif-pd?&web%5Fview=true)confirmed that [hackers](/phishing/hackers-show-once-again-they-care-about-more-than-just-money) executed a **ransomware attack** on its Police Department’s digital network on Feb. 3 and may have accessed people’s **personal information**, including driver’s licenses and Social Security numbers. > “Beginning next week, the City will begin **notifying** the impacted individuals through US mail and offer them complimentary **credit monitoring services**,” said a city news release. The release mentions that the city’s investigation “concluded that attackers could access only a **limited amount of information** in this incident.” City spokesman Andrew Gonzales said the city would not say how many people may be **impacted**, if they are public members or work for the city, how the [ransomware](/content/protection-against-ransomware/what-is-ransomware) accessed the city’s Police Department network, and other details. ### PayPal Faces A Class Action Lawsuit Over Data Breach That Impacted 35,000 Users Online payment giant PayPal is in trouble again, this time because of a data breach that exposed the personal and **financial details** of almost 35,000 individuals . Plaintiffs Ashley Pillard and Destiny Rucker have filed an application in the US District Court for the Northern District of California, blaming the company for the December 2022 incident. On Jan. 19, 2023, PayPal sent a[data breach notification](https://www.hackread.com/paypal-sued-over-data-breach/?web%5Fview=true)to nearly 35,000 users, explaining that their\*\* accounts were hacked\*\* between December 6th and 8th, 2022. While PayPal quickly identified and contained the breach, the investigation took nearly two weeks. During this time, PayPal confirmed that the attackers had **gained access to the user accounts** through valid credentials , although they denied that it resulted from a **system breach**. ![What is spear phishing](https://media.mailhop.org/phishprotection/images/2023/03/what-is-spear-phishing-5443.jpg) According to PayPal, the evidence did not suggest that the attackers obtained the user credentials directly from them. Still, the company is taking necessary steps to **ensure the security** and safety of its users’ accounts. The affected users received an advisory to reset their passwords and enable [2FA (two-factor authentication)](https://www.investopedia.com/terms/t/twofactor-authentication-2fa.asp) as a **precautionary measure**. According to the lawsuit, PayPal failed to comply with the Federal Trade Commission guidelines, comply with **industry data protection standards** and implement basic security measures . As a result, sensitive information, including names, tax identification numbers, addresses, [Social Security numbers](https://gizmodo.com/social-security-numbers-congress-leaked-dc-health-link-1850207441), and dates of birth, were exposed. _If the case proceeds as a class action, it can represent thousands of impacted individuals seeking damages from PayPal._ ### Malicious Actors Steal Gun Owners’ Personal Data From a Firearm Auction Website [Cybercriminals](/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/) recently breached a website that enables people to **buy and sell guns**, exposing its users’ identities,[TechCrunch](https://techcrunch.com/2023/03/02/hackers-steal-gun-owners-data-from-firearm-auction-website/?&web%5Fview=true&guccounter=1&guce%5Freferrer=aHR0cHM6Ly9jeXdhcmUuY29tL2N5YmVyLXNlY3VyaXR5LW5ld3MtYXJ0aWNsZXM&guce%5Freferrer%5Fsig=AQAAAC%5FaoLwutzp%5FBaKzzCrjd7k3q5puo5gPBrq2EnKtyn1Jn3uwx-XGelYi3scIaYzyAM2ZhPxzMD6bo0IGtzFdiHOk1s0sdMFCnCrc5JyJlu0SiDaaPrD99ISgH-KO-zLMdf3kLyaVGLAFfrv1CQaEt6Lm6JMjs1Nk18cVROQNQa3r)mentioned in a blog. The breach exposed the sensitive personal data of over 550,000 users , including customers’ full names, email addresses, home addresses, plaintext passwords, and telephone numbers. Also, the stolen data allegedly enables attackers to link a specific person with the sale or purchase of a **particular weapon**. > Troy Hunt, a cyber expert running the [data breach](/phishing/data-breaches-how-they-impact-small-businesses) alerting service and repository Have I BeenPwned, said, “With the data, the attackers can take a public listing, resolve it back to the \[stolen database\] and **extract the name**, physical and email address and phone number of the seller and the location of the gun.” At last year’s end, a [security researcher](https://www.bleepingcomputer.com/news/security/security-researchers-targeted-with-new-malware-via-job-offers-on-linkedin/) (wanting to remain anonymous) discovered a server containing the data. A hacker (or group of hackers) uses it to **store stolen data**. The attackers did not put any limit or control over the server, so the researcher downloaded the data and scrutinized it. He discovered the data on the server was taken from **GunAuction.com**, a website that has allowed people to auction guns since 1998 . ### Canadian Book Giant Says That Hackers Stole Employee Data During a Ransomware Attack Canadian bookseller[Indigo](https://therecord.media/indigo-book-seller-employee-data-ransomware-attack?web%5Fview=true)denied that attackers stole customer data last month during a ransomware attack that **crashed its website**. However, it was not the case with the data of the multibillion-dollar company’s workers. In a follow-up FAQ, Indigo mentioned that **employee data** was involved in the [ransomware attack](/resources/ransomware-attack-why-organizations-pay-ransom). The Toronto-based company has over **8,000 current employees** at about 160 stores across Canada. Indigo did not respond to requests for comment regarding how many people were affected. ![Phishing prevention](https://media.mailhop.org/phishprotection/images/2023/03/phishing-prevention-5443.jpg) It said Cyberscout, an [identity theft](https://www.onfocus.news/two-identity-theft-cases-reported-in-marshfield/) management company, would email the former and current employees about the incident. Those without email addresses on file will receive letters in the mail. “Our investigation concluded that there is no reason to believe customer data was improperly accessed, but hackers got hold of some employee data. We have notified **law enforcement**, and our team is cooperating with them.” the company said. The notice does not specify what [employee data](https://www.scmagazine.com/news/breach/atlassian-confirms-breach-of-third-party-app-resulted-in-leak-of-employee-data) type did the attackers access. The LockBit threat group **claimed responsibility** for the attack on Tuesday evening. ### Blackfly: Espionage Group Targets The Materials Technology Industry The Blackfly espionage group (or APT41, Bronze Atlas, Winnti Group) continues to mount attacks **against** **Asian targets** and recently targeted an[Asian conglomerate](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackfly-espionage-materials?web%5Fview=true)‘s two subsidiaries dealing in the materials and composites sector, suggesting the threat group may be attempting to **steal intellectual property**. Despite becoming the subject of a US indictment, Blackfly is **continuing to launch attacks**, undeterred by the publicity gathered by the group. It initially made a name for itself by targeting the **gaming sector**, and at present, it appears focused on targeting [intellectual property](https://www.ft.com/content/b686c84a-8d5f-46dc-af67-90cbf635170a) in various sectors . ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 10 of 2023","description":"From the Maritime to Gun and video-making industry, nobody is safe in today's landscape where attackers constantly look for the new gold, \"personal data.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-10-of-2023/","datePublished":"2023-03-06T06:20:24.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-03-06T06:20:24.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-10-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1366,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/03/what-is-spear-phishing-5443.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 10 of 2023","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-10-of-2023/"}]} ```