--- title: "Cybersecurity Updates For The Week 9 of 2023 | Phish Protection" description: "Cybersecurity Updates For The Week 9 of 2023: Cyber threats are on the rise, and no organization is immune to their impact, regardless of their industry or." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-9-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-9-of-2023/" --- Quick Answer \[Cyber threats\](/advanced-threat-protection/4-common-cyber-threats-business-face-2022) are on the rise, and no organization is immune to their impact, \*\*regardless\*\* of their industry or size. In light of the ever-growing volume of sensitive \*\*information stored online\*\*, the repercussions of a cyber attack can be grave for both individuals and businesses. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-9-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%209%20of%202023&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-9-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-9-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-9-of-2023%2F&title=Cybersecurity%20Updates%20For%20The%20Week%209%20of%202023 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%209%20of%202023&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-9-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/02/protection-from-phishing-5748.jpg) [Cyber threats](/advanced-threat-protection/4-common-cyber-threats-business-face-2022) are on the rise, and no organization is immune to their impact, **regardless** of their industry or size. In light of the ever-growing volume of sensitive **information stored online**, the repercussions of a cyber attack can be grave for both individuals and businesses. To counter the threat of phishing attacks, companies can implement robust [phishing protection](/) measures that leverage **advanced technologies**. Here are this week’s most important phishing and data breach-related headlines to ensure that you stay current on the latest security incidents and data breaches. --- ### ‘Digital Smoke’ Launches An Investment Scam Network Impersonating Fortune 100 Corporations Resecurity recently identified large [investment fraud](https://www.actionfraud.police.uk/a-z-of-fraud/investment-fraud) networks by volume and size targeting **Internet users** from the U.S., Canada, Australia, China, Colombia, the European Union, Singapore, Malaysia, India, United Arab Emirates, Saudi Arabia, and Mexico regions. The threat actors operate as an **organized crime syndicate** with massive infrastructure. They impersonate Fortune 100 corporations from the UK and the US, using their **market reputation** and brand value to defraud consumers. _After collecting victims’ payments, they erase the previously created resources and set up the next campaign, hence the investigators naming the group ”_\_[Digital Smoke](https://securityaffairs.com/142803/cyber-crime/investment-scam-network-digital-smoke.html?web%5Fview=true).” The security researchers identified that most **fraudulent projects** were linked to financial services (FIs) , renewable energy, EV batteries, electric vehicles, oil & gas, semiconductors, healthcare, investment corporations, and **world-recognized funds**. The researchers quickly shared information about Digital Smoke and the identities of the key actors with the US **Law Enforcement** and the Indian Cybercrime Coordination Center in Q4 of 2022\. As a result of the numerous [domain takedowns](https://dashwire.com/everything-you-need-to-know-about-domain-takedowns) and coordinated action, the majority of the scam projects were **terminated**. ![Protection from phishing](https://media.mailhop.org/phishprotection/images/2023/02/protection-from-phishing-5748.jpg) ### Cyberattack on a Boston Labor Union Results in $6.4M Loss [Cybercriminals](/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/) targeted a Boston-based labor union’s **health fund**, leading to the firm incurring a loss of $6.4 million . However, the union officials said that it does not appear that the attackers **stole** or compromised the personal information of members. Financial secretary-treasurer and union business manager Daniel O’Brien said that Federal and local law enforcement was **notified** about the attack targeting[Pipefitters Local 537](https://www.securityweek.com/cyberattack-on-boston-union-results-in-6-4m-loss/?web%5Fview=true), which the union **discovered** on Feb 7. > “It is **unfortunate news**, but please rest assured that our health fund remains well-funded and nothing regarding your benefits with Local 537 has changed,” O’Brien wrote. He added that law enforcement agencies are “optimistic” that they will return most of the stolen funds, and the **fund is also insured**. O’Brien described the attack as a [social engineering](/phishing-awareness/social-engineering-attack-twilio-compromises-employee-accounts-customer-data) tactic and said private investigators had completed the fund office’s **email server’s review**, concluding that there was **no breach** or hack. ### Thousands of Cloud Servers Targeted by the Mysterious Nevada Group A group of **unidentified mysterious** hackers (named the Nevada Group by security experts) is rapidly storming SMEs with[encryption-based cyberattacks](https://cyware.com/news/thousands-of-cloud-servers-targeted-by-the-mysterious-nevada-group-9c666bd3)across Europe and the US. The threat actors are targeting an **easy-to-fix vulnerability** commonly found in cloud servers. According to a report, the group aims to compromise over 5,000 victims across Europe and the US Most targeted organizations used VMware products hosted on the European **low-cost hosting** services provider OVHcloud. The VMware products were deployed on [bare-metal servers](https://www.ibm.com/in-en/topics/bare-metal-dedicated-servers), and the hosts **did not patch** them for several years. The **targeted businesses** include universities in the US and Hungary, manufacturers in Germany, and shipping and construction groups in Italy. Publicly visible ransom notes Malicious actors demanded two Bitcoins (around $50,000), a relatively **small ransom** compared to prominent [ransomware](/content/protection-against-ransomware/what-is-ransomware) groups. Another peculiar feature of the attacks is that hackers left their Bitcoin wallet addresses and **publicly visible** ransom notes, making it possible to trace the transactions. ### ‘Anonymous Sudan’ Launches DDoS Attacks on 9 Danish Hospitals Threat actors calling themselves the ‘Anonymous Sudan’ launched[distributed denial-of-service (DDoS) attacks](https://therecord.media/danish-hospitals-hit-by-cyberattack-from-anonymous-sudan/?web%5Fview=true)on nine Denmark **hospitals**, leading to their websites getting crashed. Copenhagen’s health authority mentioned on Twitter that although the websites were down, medical care at the said facilities remained unaffected by the attacks. After “a couple of hours,” the **websites came back** online. Anonymous Sudan stated on Telegram that they **launched** the attacks “due to Quran burnings,” referring to an incident in Stockholm where Rasmus Paludan, a dual Danish-Swedish national, set the **holy book on fire** in front of the Turkish embassy. The Guardian describes the Danish-Swedish national as a “far-right politician and anti-Islam provocateur.” Truesec noted in its threat intelligence report that “Anonymous Sudan’s” Telegram account has its user location listed in Russia. Furthermore, the report said that an illegal [botnet](https://www.bleepingcomputer.com/news/security/medusa-botnet-returns-as-a-mirai-based-variant-with-ransomware-sting/) did not generate the group’s DDoS traffic, but it was done by a “61 **paid** **server cluster** hosted at IBM/Softlayer in Germany.” Unusual for a hacktivist group, they “routed the traffic through open proxies to disguise the **attacks’ real origin**.” ### Hackers Use ChatGPT’s Official Website To Launch Phishing Attacks Distributing Windows and Android Malware The ChatGPT chatbot, which created a sudden interest in AI and its use cases, has become a **go-to lure** today for cybercriminals looking to distribute malware and launch other \*\*AI-assisted \*\*[cyberattacks](https://www.chinadaily.com.cn/a/202303/05/WS64041c25a31057c47ebb247f.html). Attackers are using several social media pages, phishing websites, and fake apps impersonating[ChatGPT](https://cyware.com/news/chatgpt-phishing-attacks-distribute-windows-and-android-malware-fefc7a36)to **spread malware** and steal credit card information. Typosquatting and phishing attempts Cyble researchers discovered attackers leveraging typosquatting domains to launch [phishing attacks](/resources/7-most-common-phishing-attacks-and-learning-to-protect-against-them). The websites mimicked the official ChatGPT website and showed a “TRY CHATGPT” button containing **malicious links** hosting various **malicious files**. The files contained executable files for notorious [malware](/content/protection-against-malware/what-is-malware) families like the **clipper** malware Lumma Stealer and Aurora Stealer. Furthermore, the attackers created fake ChatGPT-related **payment pages** to trick users and steal their money and credit card information. _These pages offered visitors a payment portal for purchasing **ChatGPT Plus**._ Additionally, security experts identified about 50 malicious and **fake apps** pretending to be ChatGPT, targeting unsuspecting users with malware families, like a Spynote malware variant, [adware](https://www.eset.com/uk/types-of-cyber-threats/adware/), spyware, and **billing fraud**. ### Australian Retailer The Good Guys’ Customer Data Compromised In A Third-Party Breach Data of The Good Guys customers recently got compromised in a **security breach** in which the Australian retailer[My Rewards](https://www.zdnet.com/article/australia-retailers-customer-data-compromised-in-third-party-breach/?web%5Fview=true), a former third-party supplier, was involved. Formerly called the Pegasus Group Australia, My Rewards **confirmed** the breach in a statement, revealing that preliminary investigations showed ” unauthorized access ” to its systems in August 2021, which led to the **data compromise**. > The company said it means that [personally identifiable information (PII)](https://www.investopedia.com/terms/p/personally-identifiable-information-pii.asp), including names, phone numbers, and email addresses, have likely been **publicly available**. It further noted that it **stored all its data in Australia**. My Rewards said there was no evidence that its IT systems had suffered any breach. It is working with the relevant authorities , including the Australian Federal Police, to investigate the breach. In its statement, The Good Guys said it **got notified** regarding the breach this month, and its IT systems were not involved . ### Pirated Video Editing Software for MacOS Leads To Stealth Malware Delivery Do you think Apple’s MacOS is safe from state-of-art malware attacks? It might be the thought in many people’s minds when they downloaded[Final Cut Pro](https://www.darkreading.com/analytics/pirated-final-cut-pro-macos-stealth-malware-delivery?&web%5Fview=true)‘s pirated version on their Apple devices and got more than they asked for! For several months, an unknown [threat actor](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems) has been using the pirated version of the macOS **video editing software** to install the XMRig **cryptocurrency mining tool** on systems that downloaded the app. Researchers from Jamf recently spotted the operation but could not determine how many users installed the **weaponized software** and currently have XMRig running on them. But the experts say that the level of [software sharing](https://brainly.in/question/9817070) suggests it could be **hundreds**. The security researchers said the threat actor had modified the main binary in the Final Cut Pro’s pirated version. So when a user double-clicked the application bundle, it opened the main **executable**, a malware [dropper](https://www.f-secure.com/v-descs/dropper.shtml). The dropper carries out all **malicious activity** on the system, including displaying the pirated application to the user and launching the [crypto-miner](https://www.forbes.com/sites/qai/2023/01/24/what-is-a-crypto-miner-and-how-does-bitcoin-mining-work/?sh=5575b84d3cd3) in the background . ![Email phishing protection](https://media.mailhop.org/phishprotection/images/2023/02/email-phishing-protection-7346.jpg) ### New S1deload Stealer Malware Hijacking Youtube and Facebook accounts An ongoing malware campaign targets YouTube and Facebook users , infecting their systems with a new [information stealer](https://blog.f-secure.com/what-are-infostealers/) that **hijacks** their social media accounts and uses their systems to **mine** **cryptocurrency**. Bitdefender’s Advanced Threat Control (ATC) team identified the new malware and named it[S1deload Stealer](https://www.bleepingcomputer.com/news/security/new-s1deload-stealer-malware-hijacks-youtube-facebook-accounts/?&web%5Fview=true)because it extensively uses **DLL sideloading** to evade detection. Bitdefender researcher Dávid Ács said, “From July to December 2022, Bitdefender products discovered over 600 unique users infected with the S1deload Stealer malware.” Victims get tricked using social engineering and **comments** on [FaceBook](https://www.cybertalk.org/2022/07/27/facebook-business-accounts-hacked-customers-may-find-this-shocking/) pages pushing archives with **adult themes** (for example, AlbumGirlSexy.zip, HDSexyGirl.zip, SexyGirlAlbum.zip, etc.). If the user downloads the linked archives, they receive an **executable** signed with a valid Western Digital signature and a malicious [DLL](https://virtualdoers.com/dll-hijacking-attack-3-recent-use-cases/) (WDSync.dll) having the final payload. Once installed on the victims’ devices, the S1deload Stealer’s operators connect to the **command-and-control (C2) server** and instruct it to perform malicious tasks . ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 9 of 2023","description":"Cybersecurity Updates For The Week 9 of 2023: Cyber threats are on the rise, and no organization is immune to their impact, regardless of their industry or.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-9-of-2023/","datePublished":"2023-02-27T07:12:13.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-02-27T07:12:13.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-9-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1512,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/02/protection-from-phishing-5748.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 9 of 2023","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-9-of-2023/"}]} ```