--- title: "Cybersecurity Updates For The Week 4 of 2023 | Phish Protection" description: "From hackers targeting government services to crippling popular restaurant chains, this week was no different in cyberspace, which sees new threats every day." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-4-of-2023-2.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-4-of-2023-2/" --- Quick Answer From hackers targeting \*\*government services\*\* to crippling popular restaurant chains, this week was no different in cyberspace, which sees new threats every day. Following is the weekly \[phishing\](/resources/what-is-phishing) and breach-related news roundup from this past week. This highlights the need for greater \[phishing protection\](/). Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-4-of-2023-2%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%204%20of%202023&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-4-of-2023-2%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-4-of-2023-2%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-4-of-2023-2%2F&title=Cybersecurity%20Updates%20For%20The%20Week%204%20of%202023 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%204%20of%202023&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-4-of-2023-2%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/01/phishing-prevention-4125.jpg) From hackers targeting **government services** to crippling popular restaurant chains, this week was no different in cyberspace, which sees new threats every day. Following is the weekly [phishing](/resources/what-is-phishing) and breach-related news roundup from this past week. This highlights the need for greater [phishing protection](/). ### \*\*\*\*Roaming Mantis Campaign: Cybercriminals Target DNS Settings In Wi-Fi Routers, Infecting Victims With Mobile Malware Researchers recently observed that the[Roaming Mantis Campaign](https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html?&web%5Fview=true)’s threat actors are back with an updated version of Wroba. They are deploying their patent mobile **malware’s newest version** to infiltrate Wi-Fi routers and execute Domain Name System (DNS) hijacking. Kaspersky analyzed the ongoing malware strain and said cybercriminals tweaked the older version to target specific **Wi-Fi routers** in South Korea. Roaming Mantis, also called Shaoye, is an ongoing financially motivated operation targeting Android smartphone users with malware. It steals bank account credentials and harvests other sensitive information. Initially, it was targeting **Asian countries** from 2018, but from early 2022, the hacking crew camouflaged the [malware](/content/protection-against-malware/what-is-malware) as a **Google Chrome application** and expanded its victim range to France and Germany. ![Phishing prevention](https://media.mailhop.org/phishprotection/images/2023/01/phishing-prevention-4125.jpg) The recent attacks install malicious APK or redirect victims to **phishing websites** depending on which OS they are running on their mobile devices. Hackers are using [smishing](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing) as the **initial vector** to send booby-trapped URLs to victims. ### \*\*\*\*Cybersecurity Experts Shut Down A Massive Ad Fraud Scheme That Targeted 11 Million Phones The experts at [cybersecurity](/content/cybersecurity-in-a-nutshell) firm HUMAN Security Inc. recently announced that they took down an organized, sophisticated and **large-scale ad fraud** campaign that they called VASTFLUX. HUMAN Security is the world’s leading firm which offers its clients **advanced defenses** against digital attacks. Earlier, its cybersecurity experts reported large-scale scams like Scylla, PARETO, Methbot, and 3ve which involved Android and iOS devices. How did the experts discover the Ad Fraud? [VASTFLUX](https://www.hackread.com/phone-ad-fraud-shut-down/?web%5Fview=true)combines two terms reflecting its functionality. VAST refers to the Digital Video Ad Serving Template that the cybercriminals **exploited** in this operation. Furthermore, **Flux** means the Fast Flux concept, an evasion tactic that the threat actors use. HUMAN’s Team Satori was investigating an iOS application that was heavily impacted by the app **spoofing attack** and stumbled upon the VASTFLUX. The researchers discovered it was a highly sophisticated scheme where the threat actors were exploiting the **limited signal availability** needed by the verification partners in their targeted environment (including the iOS in-app advertising). The threat actor’s ad fraud later evolved and they started appearing on other platforms, and made [cross-platform attacks](https://www.securityweek.com/cross-platform-attacks-discovered-google-play/) challenging to detect. The HUMAN team engaged with their partners and obtained further information regarding the campaign’s **traffic volumes** and the **verification tags** that the cybercriminals used in the ads. ### \*\*\*\*Costa Rica’s MOPT (Ministry Of Public Works And Transport) Crippled By A Ransomware Attack The Costa Rican government has been facing a range of Conti **ransomware attacks** that have crippled several of its ministries. Latest in the line of such wide-ranging attacks, on Tuesday, Costa Rica’s MOPT ([Ministry of Public Works and Transport](https://cyware.com/cyber-security-news-articles)) issued a statement saying 12 of its servers got encrypted. As a result, all of MOPT’s systems were **knocked offline**, and the government has informed the Ministry of Science, Innovation, Technology, and Telecommunications and the National Security Directorate. While the government did not comment on the issue, it says that it requested international organizations for support. Currently, the government is conducting the driving tests in person, and the license issuance services are slowly **getting resumed**. ### Ransomware Gang Steals Data From Pizza Hut, Taco Bell, And KFC Brand Owner Yum! Brands, the brand operator of Pizza Hut, Taco Bell, The Habit Burger Grill, and KFC **fast-food restaurant chains**, recently became a ransomware attack victim that **forced** the closure of its 300 restaurant locations in the United Kingdom. \_[Yum! Brands](https://www.bleepingcomputer.com/news/security/ransomware-gang-steals-data-from-kfc-taco-bell-and-pizza-hut-brand-owner/?&web%5Fview=true)operates over 53,000 restaurants across 155 countries, with a $1.3 billion yearly net profit and over $5 billion in total assets. > Yum! Brands issued a press statement after the attack, “Promptly after detecting the incident, we **initiated response protocols**. They include enforcing containment measures like implementing **enhanced monitoring technology** and taking certain systems offline.” Additionally, Yum! Brands initiated an investigation into the incident and notified Federal law enforcement. It engaged the services of **industry-leading forensics** and [cybersecurity professionals](https://news.yahoo.com/fledging-cybersecurity-professionals-fake-bad-023400944.html). The company claims that the impacted restaurants in the UK returned to **normal operations** and will not face any further problems relevant to the cyberattack. Such [ransomware attacks](/resources/ransomware-attack-why-organizations-pay-ransom) take place to **steal data** from breached networks and extort their victims. While Yum! Brands confirmed that the **threat actors** stole data in the attack; there is **no evidence** that the attack exposed any customer information. ### T-Mobile Says In An SEC Filing That Threat Actors Accessed Personal Information Of 37 Million Customers T-Mobile revealed in a financial filing recently that a hacker accessed a **database** containing information of 37 million customers . The telecom giant said in the filing that the data includes “name, email, phone number, billing address, date of birth, T-Mobile account number and information like **plan features** and the number of lines on the account.” The [threat actors](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems) had access to the above information since November 25. ![Phishing prevention tips](https://media.mailhop.org/phishprotection/images/2023/01/phishing-prevention-tips-5133.jpg) [T-Mobile](https://techcrunch.com/2023/01/19/t-mobile-data-breach/?&web%5Fview=true&guccounter=1&guce%5Freferrer=aHR0cHM6Ly9jeXdhcmUuY29tL2N5YmVyLXNlY3VyaXR5LW5ld3MtYXJ0aWNsZXM&guce%5Freferrer%5Fsig=AQAAAC%5FaoLwutzp%5FBaKzzCrjd7k3q5puo5gPBrq2EnKtyn1Jn3uwx-XGelYi3scIaYzyAM2ZhPxzMD6bo0IGtzFdiHOk1s0sdMFCnCrc5JyJlu0SiDaaPrD99ISgH-KO-zLMdf3kLyaVGLAFfrv1CQaEt6Lm6JMjs1Nk18cVROQNQa3r)further said in the **SEC filing** that it detected the breach over a month later, on January 5, and quickly responded by fixing the vulnerability that the hacker was exploiting **within a day**. The cybercriminals, according to T-Mobile, did not breach any organizational system but abused an API (application programming interface). > “The investigation is ongoing, but we fully contained the **malicious activity**, and there is\*\* no evidence\*\* that the threat actor breached or compromised our systems or network,” T-Mobile said. ### PayPal Informs Its Customers That It Suffered A Large-Scale Credential Stuffing Attack PayPal recently sent out data breach notifications to its users that hackers launched [credential stuffing attacks](/phishing-awareness/paypal-credential-stuffing-attack-data-of-nearly-35000-accounts-at-risk) on their accounts and might have **accessed their personal data**. In credential stuffing attacks, the hackers attempt to access the victim’s account by trying username and password pairs available on **dark websites**. These attacks follow an **automated** approach with bots trying lists of credentials to “stuff” into the login portals for numerous services. _Users who “password recycling” or keep the same password for multiple accounts are **more vulnerable**._ Close to 35,000 PayPal users were impacted. [PayPal](https://newsroom.paypal-corp.com/2023-04-04-PayPal-Adds-New-Features-to-Its-Complete-Payments-Solution-for-Online-Small-Businesses) explained in the notification that the attack occurred from December 6 to December 8, 2022\. While the company **detected** and mitigated the attack, it also launched an internal investigation to discover how the attackers accessed the accounts. PayPal’s security experts concluded the investigation by December 20, 2022\. They confirmed that **unauthorized third parties** used valid credentials to log into the accounts. According to the data breach reporting by PayPal, the incident impacted[34,942 of its users](https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/?&web%5Fview=true). The cybercriminals **maintained access** to the following data during the two days: Account holders’ full names, Social security numbers, Dates of birth, Postal addresses, and Individual tax identification numbers. ### Mailchimp Says It Got Hacked - A Second Notification Within Six Months Email marketing and newsletter services provider[Mailchimp](https://techcrunch.com/2023/01/18/mailchimp-hacked/?&web%5Fview=true)says it got hacked, exposing dozens of **customers’ data**. It is the second time Mailchimp got hacked in the past six months, and the latest breach appears identical to the previous incident. The Intuit-owned company described the incident in a blog post that its security team discovered an intruder on January 11 . The adversary had **unauthorized access** to one of its **internal tools** that Mailchimp uses for customer support and account administration. While the company did not mention for how long the attacker accessed its systems, it said the hacker targeted its employees and contractors with a [social engineering attack](/phishing-awareness/social-engineering-attack-twilio-compromises-employee-accounts-customer-data). The cybercriminal then used the compromised employee passwords and gained access to data on 133 Mailchimp accounts, whom the company notified about the intrusion. One of the targeted accounts is of **e-commerce giant** WooCommerce. In a notice to its customers, WooCommerce said that Mailchimp notified it regarding the breach, in which its customers’ names, email addresses, and store web addresses might have been **compromised**. ### \*\*\*\*Iranian Government Entities Targeted In A New Wave of BackdoorDiplomacy Attacks Cybersecurity experts are linking the[BackdoorDiplomacy](https://thehackernews.com/2023/01/iranian-government-entities-under.html?&web%5Fview=true)threat actor to a **new wave of attacks** on Iranian government entities from July to late December 2022. Palo Alto Networks Unit 42, **tracked** the group’s activity and said they were observing **government domains** that were connecting to the malware infrastructure they previously associated with the threat actor. The **Chinese APT Group** is also known as APT15, KeChang, Vixen Panda, and NICKEL. Cybersecurity experts say that it has been launching [cyber espionage](https://www.malwarebytes.com/cybersecurity/business/what-is-cyber-espionage) campaigns against government and diplomatic entities in North America, South America, the Middle East, and Africa since 2010. In June 2021, a Slovak cybersecurity firm ESET discovered that the hacking crew **modified its tactics** and started using a custom implant called **Turian**. They used it to execute intrusions against [telecommunication](https://cybernews.com/news/hackers-target-us-telecommunications-firms/) companies and diplomatic entities in Africa and the Middle East. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 4 of 2023","description":"From hackers targeting government services to crippling popular restaurant chains, this week was no different in cyberspace, which sees new threats every day.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-4-of-2023-2/","datePublished":"2023-01-22T14:37:12.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-01-22T14:37:12.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-4-of-2023-2/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1519,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/01/phishing-prevention-4125.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 4 of 2023","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-4-of-2023-2/"}]} ```