--- title: "US Infrastructure Hacked, Patch Urgently Needed, WordPress Sites Compromised – Cybersecurity News | Phish Protection" description: "With discoveries of Chinese malicious actors and new APT groups, our Weekly Cybersecurity Bulletin brings you the top cybersecurity news from around the globe." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-21-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-21-of-2023/" --- Quick Answer With discoveries of Chinese malicious actors and new \*\*APT groups\*\*, our Weekly Cybersecurity Bulletin brings you the top \[cybersecurity\](/content/cybersecurity-in-a-nutshell) news from around the globe. These underscore the importance of implementing cutting-edge \[phishing protection\](/) solutions. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-21-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=US%20Infrastructure%20Hacked%2C%20Patch%20Urgently%20Needed%2C%20WordPress%20Sites%20Compromised%20%26%238211%3B%20Cybersecurity%20News&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-21-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-21-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-21-of-2023%2F&title=US%20Infrastructure%20Hacked%2C%20Patch%20Urgently%20Needed%2C%20WordPress%20Sites%20Compromised%20%26%238211%3B%20Cybersecurity%20News "Share on Reddit") [ ](mailto:?subject=US%20Infrastructure%20Hacked%2C%20Patch%20Urgently%20Needed%2C%20WordPress%20Sites%20Compromised%20%26%238211%3B%20Cybersecurity%20News&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-21-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/05/stop-phishing-emails.jpg) With discoveries of Chinese malicious actors and new **APT groups**, our Weekly Cybersecurity Bulletin brings you the top [cybersecurity](/content/cybersecurity-in-a-nutshell) news from around the globe. These underscore the importance of implementing cutting-edge [phishing protection](/) solutions. ### US Critical Infrastructure Breached by Chinese Adversaries in Covert Attacks Volt Typhoon, an active cyber espionage group from China, has been **relentlessly targeting** organizations based in the United States since mid-2021. _Their operations target **critical sectors**, including communications, manufacturing, transportation, construction, utilities, and education._ The esteemed Threat Intelligence Team at Microsoft[discovered](https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/)these malicious activities. It determined that the threat actors behind Volt Typhoon leveraged [zero-day](/content/zero-day-protection/zero-day-attack-example) vulnerabilities to exploit Internet-exposed Fortinet FortiGuard devices, breaching their security defenses. The group adeptly utilizes widely available **open-source tools** like Impacket and Fast Reverse Proxy (FRP) to carry out their sophisticated attacks. They also exploit SOHO (Small Office and Home Office) network equipment vulnerabilities, effectively **stealing credentials** that enable them to deploy web shells for [data extraction](https://hevodata.com/learn/data-extraction/). Recognizing the severity of the situation, Microsoft has taken swift action by proactively reaching out to all affected customers, offering **comprehensive support** and vital information to fortify their network defenses against future attacks. ### Urgent Patching Required for Maximum Severity Flaw, GitLab Advises GitLab released a new emergency security update that users need to install promptly. Security release version 16.0.1 by GitLab addresses **CVE-2023-2825**, a [path traversal](https://www.synopsys.com/glossary/what-is-path-traversal.html#:~:text=A%20path%20traversal%20vulnerability%20allows,of%20the%20web%20root%20folder.) flaw with a CVSS score 10. Discovered and reported by “pwnie,” the vulnerability arises from a path traversal, exploiting which a threat actor can read **arbitrary files** on the server whenever a public project nested attachment exists in five or more groups. _It could expose confidential information such as software code, credentials, files, tokens, etc_. GitLab[released](https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/)a security advisory that strongly recommended all individuals upgrade to the **latest version** to protect against this menace. ![Stop phishing emails](https://media.mailhop.org/phishprotection/images/2023/05/stop-phishing-emails.jpg) ### WordPress Sites of 1.5 Million Users Targeted by Malicious Actors Exploiting Cookie Consent Plugin A significant attack vector has started making rounds targeting a specific vulnerability called [Unauthenticated XSS (Stored Cross-Site Scripting)](https://wpscan.com/vulnerability/06f1889d-8e2f-481a-b91b-3a8008e00ffc). It works through the Beautiful **Cookie Consent Banner**, a widely used WordPress cookie consent plugin. The vulnerability affects over 40,000 active installations , with malicious actors injecting JavaScript code into vulnerable websites, potentially leading to unauthorized access, session hijacking, malware infections, or complete system compromise. Security enterprise Defiant[discovered](https://www.wordfence.com/blog/2023/05/wordfence-firewall-blocks-bizarre-large-scale-xss-campaign/)the attacks, which exploit the vulnerability to create rogue admin accounts on WordPress websites running **outdated plugin versions**. The flaw was patched in January with the release of version 2.10.2\. While the current attacks may not deliver a payload, website owners should **update the plugin** to prevent the corruption of its configuration. [Threat actors](/phishing/threat-actors-target-western-digital-cripple-its-my-cloud-service) also attempt to exploit other WordPress plugins’ vulnerabilities, such as **Essential Addons** for WordPress Advanced Custom Fields. ### \*\*\*\*Israeli Organizations Targeted by Iranian Threat Actors Utilizing New Moneybird Ransomware Agrius, an Iranian **state-sponsored** threat actor group, is behind a novel “Moneybird” [ransomware](/content/protection-against-ransomware/what-is-ransomware) that targets Israeli enterprises. The group is responsible for attacks against organizations in the Middle East, especially Israel, and has employed multiple aliases, deploying **data wipers** since 2021\. The researchers at CheckPoint[discovered](https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli-organizations/)a new strain of ransomware that Agrius has developed to expand operations. The threat actors gain access to organizational networks by exploiting public server vulnerabilities and hiding **behind Proton VPN**. Agrius deploys [web shells](https://www.cpomagazine.com/cyber-security/fbi-removes-web-shells-from-compromised-third-party-microsoft-exchange-servers-without-notifying-the-owners/), exfiltrates victim data, and downloads Moneybird ransomware from file hosting platforms that execute and encrypt all target files. Moneybird is a simple but effective ransomware model that can **disrupt business operations** as of now, and it may become an even more significant threat once advanced versions are developed. ### Zero-Day Flaw Exposes Email Gateways to Breach, Barracuda Issues Warning Email and [network security](https://www.infosecurity-magazine.com/news/western-digital-hit-network-breach/) solutions giant Barracuda warned its customers that ESGs (Email Security Gateways) are getting breached due to a new **zero-day fault**. Barracuda discovered a vulnerability in the **email attachment** scanning module on May 19, which was patched . However, even after the patch was released, Barracuda issued a security alert highlighting that ESG appliances were compromised with the newly patched bug. The organization also sends notifications to customers using the **ESG user interface** on the actions and clarifies that other products are unaffected by this zero-day [vulnerability](https://thehackernews.com/2023/05/critical-oauth-vulnerability-in-expo.html). Barracuda[said](https://status.barracuda.com/incidents/34kx82j5n4q9)the investigation spanned only the ESG product, not corporate networks. Therefore, impacted organizations should review and confirm any presence or spread of a threat actor. ![Anti phishing](https://media.mailhop.org/phishprotection/images/2023/05/anti-phishing-7973.jpg) ### Silent Government Attacks Traced Back to GoldenJackal State Malicious Actors A **previously** **unknown** APT (Advanced Persistent Threat) actor group has been targeting Asian governments and diplomatic organizations in espionage attacks since 2019\. _Called the “Golden Jackal,” the threat actors maintain a low profile adopting a **stealthy approach** and choosing targets carefully to reduce exposure._ Kaspersky’s researchers[reported](https://securelist.com/goldenjackal-apt-group/109677/)that the APT group activity was noticed in Afghanistan, Iran, Iraq, Turkey, and Pakistan. The threat actor group employs custom **.NET malware tools** to steal data, load malware, perform lateral movement, and exfiltrate files. JackalControl [malware](/content/protection-against-malware/what-is-malware) is primarily used, which is run as a program to establish a presence and receive commands from a C2 (Command and Control) server for all kinds of malicious activities. Little is known about the Golden Jackal, but the diversity of its toolkits and the **infectious chain of attacks** highlight how severe the group is. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"US Infrastructure Hacked, Patch Urgently Needed, WordPress Sites Compromised – Cybersecurity News","description":"With discoveries of Chinese malicious actors and new APT groups, our Weekly Cybersecurity Bulletin brings you the top cybersecurity news from around the globe. ","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-21-of-2023/","datePublished":"2023-05-22T04:36:55.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-05-22T04:36:55.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-21-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":894,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/05/stop-phishing-emails.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"US Infrastructure Hacked, Patch Urgently Needed, WordPress Sites Compromised – Cybersecurity News","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-21-of-2023/"}]} ```