---
title: "Cybersecurity Updates For The Week 30 of 2022 | Phish Protection"
description: "Cybersecurity Updates For The Week 30 of 2022: Phishing attacks are a common form of social engineering, frequently targeting global organizations. To ensure."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-week-30-2022.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-week-30-2022/"
---

Quick Answer

\*\*Phishing attacks\*\* are a common form of social engineering, frequently targeting global organizations. To ensure \[anti-phishing\](/content/anti-phishing) protection for your systems, follow this week's major hacking news and stay a step ahead of the adversaries.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-week-30-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2030%20of%202022&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-week-30-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-week-30-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-week-30-2022%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2030%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2030%20of%202022&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-week-30-2022%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/08/phishing-prevention.jpg) 

**Phishing attacks** are a common form of social engineering, frequently targeting global organizations. To ensure [anti-phishing](/content/anti-phishing) protection for your systems, follow this week’s major hacking news and stay a step ahead of the adversaries.

### Cyberattack Hits Ukrainian Radio Operator TAVR Media

A [cyberattack](https://www.wsj.com/articles/a-cyberattack-forced-a-logistics-company-to-temporarily-halt-operations-dde27a19) recently targeted the Ukrainian radio operator TAVR Media which led to the circulation of a **fake broadcast message** that President Volodymyr Zelenskyy was ill. The attackers spread the news that Volodymyr Zelenskyy is unwell and in intensive care and that his duties are currently being performed by Ruslan Stefanchuk (the Chairman of the Verkhovna Rada).

TAVR Media regulates nine radio stations, including Hit FM, KISS FM, Radio ROKS, Radio RELAX, Nashe Radio, Melody FM, Radio JAZZ, Radio Bayraktar, and Classic Radio. The operator informed people via Facebook that the attack brought down its networks and servers. Further, it clarified that none of the information about Ukrainian President Volodymyr Zelenskyy’s[health problems](https://thehackernews.com/2022/07/ukrainian-radio-stations-hacked-to.html?&web%5Fview=true)is true.

TAVR Media is now taking[phishing attack prevention](/content/phishing-prevention/phishing-attack-prevention)measures to stop the attack’s spread. This fake broadcast also prompted the President to use Instagram and let everyone know he is feeling healthy.

### Cyberattack Hits Knauf Group

A cyberattack recently targeted the Knauf Group, which disrupted its business operations and caused its **global IT team to shut down**. Consequently, the group had to briefly abandon all IT systems to contain the attack’s spread.

The attack happened on 29th June 2022 , and Knauf quickly adopted[phishing protection](/)measures. The group apologized to its customers and partners for any inconvenience caused and requested their patience in case deliveries were a little **delayed**.

[Cybersecurity](/content/cybersecurity-in-a-nutshell) experts noted that Knauf Group’s **email system** was down as part of the attack response procedure. However, its Microsoft Teams and mobile phones were working fine. Knauf Group is a renowned German construction materials producer. While it did not mention the type of attack, the prolonged time it took to revive from the attack suggests that it could have been a **ransomware attack**.

Days after the attack, the ransomware gang Black Basta took **ownership** of the Knauf attack on its extortion site. As proof of the attack, Black Basta posted[20% of the files](https://www.bleepingcomputer.com/news/security/building-materials-giant-knauf-hit-by-black-basta-ransomware-gang/?&web%5Fview=true)stolen from Knauf, which equates to the data of around 350 visitors.

### Cyberattack Shuts Down Albanian Government Systems

A massive cyberattack from abroad recently targeted the **Albanian government** and shut down its systems. The cyberattack targeted the National Agency for Information Society (AKSHI) servers responsible for handling many [government services](https://krdo.com/news/2022/08/17/fremont-county-government-services-closed-due-to-a-cyber-security-breach/).

In a statement following the attack, AKSHI mentioned that it had to **shut down its systems** till the enemy attacks had been neutralized. This happens to be the first time such a major attack has targeted Albania, and to contain its spread; the AKSHI had to shut down all of its systems and services.

![Phishing prevention](https://media.mailhop.org/phishprotection/images/2022/08/phishing-prevention.jpg) 

Since servers affected by the attack handled most[desk services](https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html?web%5Fview=true), several services remained interrupted. However, a few important services, like the online **tax filing system**, were working fine because servers unaffected by the breach were handling them. The Microsoft Jones Group International team assists AKSHI in ensuring

**protection from phishing** attacks

and restoring its systems.

### Ransomware Hits Narragansett Bay Commission

A ransomware attack recently **targeted** the Narragansett Bay Commission, which runs sewer systems in the Providence and Blackstone Valley areas. A spokeswoman for the commission confirmed that the attack occurred **via an email** to The Providence Journal.

While the spokesperson didn’t mention the attack type, it could be a [ransomware attack](/content/protection-against-ransomware/ransomware-attack-solutions). This is because data on certain systems and computers were reportedly **encrypted**.

The commission denied responding to a follow-up email asking whether it paid a [ransom](https://www.gazetteandherald.co.uk/news/23476464.hacker-demands-ransom-taking-control-wiltshire-schools/). However, the spokesperson did mention that the attacked systems were **not in charge of controlling** the sewage system’s operations. Therefore, the collection of waste and its treatment continues **uninterrupted**.

As part of its measures to ensure

protection against phishing

, the Narragansett Bay Commission contacted **law enforcement** immediately.

So far, it’s unclear whether **customer information** was accessed during this attack. If anyone’s PII (Personally Identifiable Information) is found to have been compromised because of this attack, then the commission will immediately provide notice to such individuals. Fortunately, the Narragansett Bay Commission **never stores** customers’ social security numbers or[payment information](https://www.providencejournal.com/story/news/local/2022/07/16/ri-sewer-system-narragansett-bay-commission-hit-cyber-attack/10076978002/?&web%5Fview=true).

### Beware of North Korean Ransomware Holy Ghost

A **new ransomware group** has been in operation for over a year. Known as “Holy Ghost,” this ransomware linked to North Korean hackers primarily targets small businesses across different countries.

The first [payload](https://securityintelligence.com/news/malicious-email-payloads-increased-in-volume-and-diversity-in-q2-2018/) of Holy Ghost (DEV-0530) was seen in June 2021\. Its earlier version, SiennaPurple (BTLC\_C\[.\]exe), lacked **many new features** introduced in October 2021.

The latest versions of Holy Ghost include the HolyLocker\[.\]exe, BTLC\[.\]exe, and HolyRS\[.\]exe payloads, and they were used in the **latest** campaigns.

Over time, these variants have evolved to include more [encryption](https://www.wsj.com/articles/apple-plans-new-encryption-system-to-ward-off-hackers-and-protect-icloud-data-11670435635) options, internet/intranet support, **public key management**, and string obfuscation. The ransomware group’s main targets include banks, schools, event and meeting planning entities, and manufacturing organizations. The threat actors usually **demand 1.2-5 BTC for each attack**.

The uncovering of the Holy Ghost ransomware after a year is proof of the effort adversaries make to keep their operations hidden and smooth. Therefore, it is advised that organizations take measures to

**protect themselves** from phishing

and come forward collaboratively to help mitigate[such attacks](https://cyware.com/news/north-korea-based-holy-ghost-ransomware-targets-victims-globally-fa605242).

### Cyberattack Hits Lithuanian Ad Website alio.lt

A cyberattack recently targeted the Lithuanian **ad website** alio.lt, which compromised the data belonging to thousands of customers. From the looks of it, experts predict that this could have been another Russian attack on Lithuania’s online space. Since most business entities **fail to resist** such attacks, this kind of attack has increased rapidly .

An alio.lt spokesperson said that the company is trying its best to protect users and has already implemented its **legal action** plan. The [adversaries](https://www.defense.gov/News/News-Stories/Article/Article/1990408/adversaries-pose-unconventional-threats-in-gray-zone-dod-official-says/) attempted to extract the data of over 345,000 users . While the exact quantity of data extracted remains uncertain, alio.lt is taking all**anti-phishing**\*\* measures\*\*.

It has contacted the Computer Emergency Response Team, the State Data Protection Inspectorate, and the police about the incident. Fortunately, the portal \*\*doesn’t store \*\*sensitive customer details such as payment card or bank account details, home addresses, or[personal ID codes](https://www.lrt.lt/en/news-in-english/19/1739037/lithuanian-ad-website-hit-by-cyberattack-warns-of-possible-customer-data-leak?&web%5Fview=true).

### Data Breach at Cleartrip

The Indian **travel-booking platform** Cleartrip recently confirmed that it had undergone a data breach. The adversaries claim to have posted the stolen data on the dark web. Cleartrip mentioned that after detecting some **suspicious activities** in its internal systems, it is now taking legal action against the adversaries.

![Phishing prevention best practices](https://media.mailhop.org/phishprotection/images/2022/08/phishing-prevention-best-practices-5839.jpg) 

The company’s information security team is **investigating** the incident with the cooperation of an external forensics partner and taking necessary[phishing prevention](/content/phishing-prevention/phishing-prevention-best-practices)measures.

So far, it is unknown whether the data stolen was **sensitive**, but as per reports, the attackers are already selling this information on a private, **invite-only forum** in the [dark market](https://www.europol.europa.eu/media-press/newsroom/news/darkmarket-worlds-largest-illegal-dark-web-marketplace-taken-down). From the look of the data on sale, the hackers stole all of Cleartip’s data, including files with revenues, customer details, **GST filings**, etc. The nature of the stolen data also hints at the involvement of an insider in the breach.

The stolen information includes data from June 2022, indicating that the hack is **fairly recent**. As part of its measures for

protection from phishing

, Cleartrip started informing users of the breach, albeit without disclosing the specifics of the incident. It assured users that no sensitive details were compromised and advised them to change their[account passwords](https://techcrunch.com/2022/07/18/cleartrip-data-breach-dark-web/?&web%5Fview=true)for **added security**.

### Altahrea Team Claims Ownership of Attack on Israel’s Health Ministry Website

Pro-Iranian hackers based in Iraq, called the Altahrea Team, have recently claimed ownership of the attack on Israel’s Health Ministry website. The cyberattack on the Health Ministry website disrupted **communication with users** abroad.

C

onsequently, while the website worked fine for the **local Israelis**, those trying to access it from abroad couldn’t do so. The ministry was dealing with the incident internally, but eventually, the Altahrea group took to its [Telegram channel](https://thehackernews.com/2023/04/researchers-uncover-thriving-phishing.html) to **claim responsibility** for this attack.

It mentioned that (among other reasons) the attack was conducted because Israel bombed the Gaza Strip recently and put sanctions on Iran, which is purportedly killing thousands. Further, the group justified the attack by saying that this marks an **act of support** for Ukraine amidst the[ongoing war](https://www.i24news.tv/en/news/israel/defense/1658119439-israel-health-ministry-website-faces-cyberattack-oversea-access-blocked?&web%5Fview=true).

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 30 of 2022","description":"Cybersecurity Updates For The Week 30 of 2022: Phishing attacks are a common form of social engineering, frequently targeting global organizations. To ensure.","url":"https://phishprotection.com/blog/cybersecurity-updates-week-30-2022/","datePublished":"2022-08-01T06:20:11.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-08-01T06:20:11.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-week-30-2022/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1423,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/08/phishing-prevention.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 30 of 2022","item":"https://phishprotection.com/blog/cybersecurity-updates-week-30-2022/"}]}
```