Date: 1 May 2023
April 2023 saw some major cyber attacks, ransomware attacks and data breaches across the globe. The lists on this page cover all the major cybersecurity incidents that made news in the month gone by. We also include updates on new malware and ransomware discovered as well as vulnerabilities, warnings, reports and analysis from the world of cybersecurity.
- Ransomware Attacks in April 2023
- Data Breaches in April 2023
- Cyber-Attacks in April 2023
- New Ransomware/Malware Detected in April 2023
- Vulnerabilities/Patches
- Advisories issued, reports, analysis etc. in April 2023
The UK Cyber Security Breaches Survey 2023 was released recently. A worrying trend captured by the report was that smaller businesses appear to be identifying cyber breaches less than last year. This may reflect that cybersecurity is being given a lesser priority - a dangerous tendency given the increasing number of cyber risks and threats that loom large in the current economic climate.
In this post, we've created separate lists that capture the major ransomware attacks, cyber attacks and data breaches in April 2023. The idea is not to create panic or fear. The endeavour is simply to highlight that cybersecurity attacks are not going anywhere. If anything, they're rising in number and intensity.
While there is no wishing them away, the only thing business owners and organisations can do is to stay proactive in identifying them and having a solid plan to deal with them.
In this context, the UK Cyber Security Breaches Survey also pointed to the fact that while cyber resilience is much spoken of across the globe, only 21% businesses in the UK have a cyber incident response plan.
A Cyber Incident Response Plan contains agreed-upon steps and processes that an organisation will take when under attack. This helps to control the compromise and mitigate damage. It is important to have a plan that specifies individual roles and responsibilities, guidance on external and internal reporting and ways to protect the most critical assets.
Every business must accord importance to being prepared for a cyber attack. This can be achieved by reviewing or creating existing plans, policies and processes with the help of external cybersecurity experts like our Virtual Cyber Assistants.
Board engagement and corporate governance is another important aspect that needs to be improved upon. Executive training, enhancing board knowledge about the threats to their business, improving overall board engagement with cybersecurity are certainly critical if the below lists are anything to go by.
Ransomware Attacks in April 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
April 3, 2023 |
Capita cyber attack disrupted access to its Microsoft Office 365 apps and hackers stole its data. |
Black Basta Ransomware |
Capita said the attack impacted limited parts of the network. It also said that the disruption only affected some services provided to individual clients, while most of its customer base didn’t experience any adverse impacts. Capita also admitted that hackers exfiltrated data from its systems as the ransomware gang threatened to sell stolen data. |
||
|
April 6, 2023 |
Medusa ransomware claims attack on Open University of Cyprus. |
Medusa ransomware gang |
The attack forced several central services and critical systems to go offline. |
||
|
April 7, 2023 |
MSI confirms security breach following ransomware attack claims. |
Money Message ransomware gang |
According to chats allegedly seen by Bleeping Computer between the ransomware gang and an MSI representative, the threat actors demanded a ransom payment of $4,000,000 based on a claim that they've stolen roughly 1.5TB worth of documents from MSI's network. The gang threatened to leak some of the files online if the company refused to pay the $4 million ransom. |
||
|
April 10, 2023 |
KFC, Pizza Hut owner discloses data breach after ransomware attack in January 2023. |
Unknown |
The attackers stole some employees' personal information, including names, driver's licence numbers, and other ID card numbers but there was supposedly no impact on customers’ data. |
||
|
April 12, 2023 |
US Navy Contractor Fincantieri Marine Group Hit by cyber attack. |
Unknown |
The attack affected its email server and some network operations and caused a temporary disruption to certain computer systems running on its network |
||
|
April 13, 2023 |
NCR, an American software and technology consulting company |
NCR suffers Aloha POS outage after BlackCat ransomware attack. |
BlackCat/ALPHV gang |
One of NCR's products, the Aloha POS platform used in hospitality services, has suffered an outage. The threat actors claimed to have stolen credentials for NCR's customers and stated that they would be published if a ransom was not paid. |
|
|
April 18, 2023 |
Hackers publish sensitive employee data stolen during CommScope ransomware attack. |
Unknown |
Hackers published a trove of data stolen from U.S. network infrastructure giant CommScope, including thousands of employees’ Social Security numbers and bank account details. |
||
|
April 24, 2023 |
Kenya-based supermarket chain Naivas |
Naivas confirms a ransomware attack on its data. |
Unknown |
Nivas said that some of its data had been compromised, but the containment process is complete and its system is now secure. |
|
|
April 24, 2023 |
Fullerton India |
LockBit 3.0 ransomware targets retail banking company Fullerton India. Company forced to switch to offline operations as a precaution |
LockBit 3.0 |
The group claimed to have over 600 GB of sensitive data, including loan agreements, account statuses, bank agreements, international transfers, financial documents, and personal customer information, and also demanded a ransom of $3 million. |
|
|
April 28, 2023 |
Hardenhuish School in Chippenham hit by a ransomware attack |
Unknown |
Unknown hackers gained access to IT systems and disrupted the IT network of Hardenhuish School and demanded a ransom in return for restored access. |
Worried by the recent rise in ransomware attacks and demands? Use these FREE resources created by our cybersecurity experts to help you prepare for ransomware attacks and mitigating the damage they can cause:
Data Breaches in April 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
April 3, 2023 |
The California-based computer drive maker Western Digital discloses network breach; My Cloud service down. |
Unknown |
The incident affected the company's My Cloud service. Western Digital said that based on the investigation to date, the company believes the unauthorised party obtained certain data from its systems. The company is still working to understand the nature and scope of that data. |
Data breach takes Western Digital’s My Cloud Service goes down |
|
|
April 8, 2023 |
Kodi discloses data breach after forum database for sale online. |
A hacker named The seller, Amius, on a hacking forum) |
The hackers stole the organisation's MyBB forum database containing user data and private messages and attempted to sell it online. |
||
|
April 12, 2023 |
Hyundai data breach exposes owner details in France and Italy. |
Unknown |
The data breach impacted Italian and French car owners and those who booked a test drive as the victim company warned that hackers gained access to personal data like e-mail addresses, physical addresses, telephone numbers, vehicle chassis numbers. |
||
|
April 13, 2023 |
Darktrace says investigation found no evidence of LockBit breach. |
LockBit ransomware group |
As per Darktrace’s statement, there is no impact but the ransomware group claimed that it has stolen data from the company’s systems. |
||
|
April 18, 2023 |
Philippine Agencies NBI, PNP, BIR, and SAF |
Over 1M records from NBI, PNP, and other agencies leaked in a massive data breach. |
Unknown |
The hack incident exposed 817.54 gigabytes of both applicant and employee records under multiple state agencies, including the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and Special Action Force (SAF). It has put the personal information of millions of Filipinos at risk. |
Data breach attack on Philippine Agencies - NBI, PNP, BIR and SAF |
|
April 19, 2023 |
Indian Furniture rental startup RentoMojo |
Furniture rental startup RentoMojo reports data breach by hackers. 1.5 lakh subscribers could potentially be affected. |
Unknown |
The victim firm said the attackers were able to get unauthorised access to its customer data, including in some cases personally identifiable information by exploiting the cloud misconfiguration through extremely sophisticated attacks, thus breaching one of the databases. The attackers also, apparently, started blackmailing RentoMojo customers. |
|
|
April 19, 2023 |
NationsBenefits confirms thousands had personal data stolen in Fortra breach. |
Unknown |
Florida-based technology company NationsBenefits said that more than 7,100 state residents had their personal information stolen in the late-January ransomware attack on Fortra’s systems. |
Florida-based technology company NationsBenefits data breach |
|
|
April 20, 2023 |
American Bar Association data breach hits 1.4 million members. |
Unknown |
The hackers compromised the Bar Association's network and gained access to older credentials for 1,466,000 members. |
||
|
April 20, 2023 |
Client data breach at Angel One; stock falls 2%. |
Unknown |
Client profile data (like name, email, mobile number) and client holding data may have been accessed. The company's stock price also dropped down by 2% apparently due to the incident. |
||
|
April 21, 2023 |
ICICI Bank refutes data breach allegation. |
Unknown |
Over 3.6 million ICICI Bank files comprising the bank's and its clients' information was allegedly leaked from a publicly accessible cloud storage bucket managed by DigitalOcean. The hackers allegedly stole bank statements, credit card numbers, KYCs, PAN card info., scanned passport copies, and also the resumes of current and prospective employees. But ICICI bank denies the breach saying they don’t own the URL captured by the hackers. |
||
|
April 23, 2023 |
Yellow Pages Canada confirms cyber attack as Black Basta leaks data. |
Black Basta Ransomware |
The ransomware group has leaked a sample of sensitive documents exposing personal information. These include but are not limited to ID documents (such as scans of passports and driver licences) exposing people's date of birth and address, tax documents—exposing Social Insurance Number (SIN), Sales and purchase agreements, 'Accounts Receivable' spreadsheet dated February, 28 2023, Budget and debt forecast dated December 2022. |
||
|
April 24, 2023 |
The US Consumer Financial Protection Bureau suffers a breach affecting 256,000 consumer accounts. |
A former CFPB employee |
In this February data breach, the personal information of around 256,000 consumer accounts was compromised. |
||
|
April 24, 2023 |
Data security breach may have left Jewel-Osco employees' information exposed. |
Unknown |
Thousands of Jewel-Osco employees might have had their personal information exposed in a December 2022 data breach. |
||
|
April 24, 2023 |
Dutch tank storage company Koninklijk Vopak |
Vopak Suffers Data Breach at Crude Terminal in Malaysia. |
Unknown |
A data breach incident resulted in the unauthorised access of some data at the Vopak terminal in Malaysia. The victim company said there was no impact to Vopak’s global network. |
|
|
April 26, 2023 |
Cold storage giant Americold outage caused by network breach. |
Unknown |
The attack impacted the IT network of Americold and disrupted the operations due to which the victim company halted the inbound and outbound deliveries. |
Cyber Attacks in April 2023
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
April 6, 2023 |
The UK's Criminal Records Office-ACRO |
UK criminal records office confirms cyber incident behind portal issues. |
Unknown |
The incident caused delays to the issuing of Police Certificates. |
|
|
April 10, 2023 |
Belgian HR and payroll giant SD Worx |
SD Worx shuts down UK payroll, HR services after cyber attack. |
Unknown |
The cyber attack forced SD Worx to shut down all IT systems for its UK and Ireland services. |
|
|
April 14, 2023 |
Rheinmetall suffers cyber attack, military business unaffected, spokesperson says. |
Unknown |
The cyber attack impacted a division of its business dealing with industrial customers, mostly in the automotive sector. |
||
|
April 24, 2023 |
KuCoin's Twitter account was hacked to promote a crypto scam. |
Unknown |
The compromise allowed attackers to promote a fake giveaway scam that led to the theft of over $22.6K in cryptocurrency. |
||
|
April 24, 2023 |
Mossad, Israeli companies targeted in major cyber attack by Sudanese hacker group. |
A hacker group calling itself Anonymous Sudan |
The cyber attack forced various Israeli websites, including those of Mossad and the so-called National Insurance Institute, which is responsible for the social security of Israeli settlers, to go offline. |
||
|
April 24, 2023 |
Cyber attack disrupts Lowell city government, shuts down computers. |
Unknown |
The attack impacted the IT network and computer systems of the municipality of the city of Lowell. The computer servers, networks, phones, and other systems throughout the City became inaccessible. |
||
|
April 25, 2023 |
Irrigation systems in Israel hit with a cyber attack that temporarily disabled farm equipment. |
Annual Hacktivist Campaign |
The Galil Sewage Corporation was one of the targeted wastewater processors that was breached. The cyber attack, reportedly, blocked several controllers for about a day and disrupted some treatment processes. |
||
|
April 26, 2023 |
UPSRTC |
UPSRTC ticket website hacked. Hacker demands Bitcoins worth Rs 40 crores to restore system. |
Unknown |
The attack disrupted the online booking system of UPSRTC with hackers demanding BTC worth Rs 40 crores to restore the systems. |
|
|
April 27, 2023 |
Major power failure in Israel after suspected cyber attack. |
A hacker group calling itself Anonymous Sudan |
The attack caused major power disruption in cities across Israel. The hackers apparently said that the electric attack was just for fun and there's more to come for Israel. |
New Ransomware/Malware Discovered in April 2023
|
New Ransomware |
Summary |
Source Link |
|
Money Message ransomware |
A new ransomware gang named 'Money Message' has appeared, targeting victims worldwide and demanding million-dollar ransoms not to leak data and release a decryptor. |
New Money Message ransomware demands million dollar ransoms |
|
New Stop/Djvu Ransomware-v0682 |
Stop/Djvu Ransomware (v0682); Extension: .kiop; Ransom note: _readme.txt |
|
|
A new Android trojan ‘Chameleon’ |
A new Android trojan called ‘Chameleon’ has been targeting users in Australia and Poland since the start of the year, mimicking the CoinSpot cryptocurrency exchange, an Australian government agency, and the IKO bank. |
New Chameleon Android malware mimics bank, govt, and crypto apps |
|
A new malware family named 'Domino' |
Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named 'Domino' in attacks on corporate networks. |
Ex-Conti members and FIN7 devs team up to push new Domino malware |
|
VoNiX Ransomware |
VoNiX Ransomware; Xorist ransomware family; Extension: .VoNiX; Ransom note: HOW TO DECRYPT FILES.txt |
|
|
Stop/Djvu Ransomware (v0697) |
Stop/Djvu Ransomware:v0697; Extension: .foza; Ransom note: _readme.txt |
|
|
Attack Ransomware |
Attack Ransomware; MedusaLocker ransomware family; Extension: .attack7 (the number may differ); Ransom note: how_to_back_files.html |
Attack Ransomware, a new version of MedusaLocker ransomware family |
|
Stop/Djvu Ransomware (v0696) |
Stop/Djvu Ransomware (v0696); Extension: .foty; Ransom note: _readme.txt |
|
|
DVN Ransomware |
DVN Ransomware; Based on Chaos ransomware; Extension: .devinn; Ransom note: unlock_here.txt |
|
|
A new version of ViperSoftX malware |
A new version of the ViperSoftX information-stealing malware has been discovered with a broader range of targets, including targeting the KeePass and 1Password password managers. |
ViperSoftX info-stealing malware now targets password managers |
Vulnerabilities/Patches Discovered in April 2023
|
Date |
Flaws/Fixes |
Summary |
Source Link |
|
April 3, 2023 |
Zimbra-CVE-2022-27926 |
The Cybersecurity and Infrastructure Security Agency (CISA) warned federal agencies to patch a Zimbra Collaboration (ZCS) cross-site scripting flaw exploited by Russian hackers to steal emails in attacks targeting NATO countries. |
CISA warns of Zimbra bug exploited in attacks against NATO countries |
|
April 4, 2023 |
CVE-2023-1707 |
HP announced in a security bulletin that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of certain business-grade printers. |
HP to patch critical bug in LaserJet printers within 90 days |
|
April 5, 2023 |
CVE-2023-1748 CVE-2023-1749 CVE-2023-1750 CVE-2023-1751 CVE-2023-1752 |
Multiple vulnerabilities discovered in Nexx smart devices can be exploited to control garage doors, disable home alarms, or smart plugs. |
Hackers can open Nexx garage doors remotely, and there's no fix |
|
April 7, 2023 |
CVE-2021-27877 |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) increased by five its list of security issues that threat actors have used in attacks, three of them in Veritas Backup Exec exploited to deploy ransomware. |
CISA orders agencies to patch Backup Exec bugs used by ransomware gang |
|
April 7, 2023 |
CVE-2023-28206 CVE-2023-28205 |
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. |
Apple fixes two zero-days exploited to hack iPhones and Macs |
|
April 7, 2023 |
CVE-2023-29017 |
Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment. |
Exploit available for critical bug in VM2 JavaScript sandbox library |
|
April 11, 2023 |
CVE-2023-27267, CVE-2023-28765, and CVE-2023-29186 |
SAP has released its security updates for several of its products, which includes fixes for two critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform. |
SAP releases security updates for two critical-severity flaws |
|
April 11, 2023 |
CVE-2023-28252 |
Microsoft has patched a zero-day flaw in the Windows Common Log File System (CLFS), actively exploited by hackers to escalate privileges and deploy Nokoyawa ransomware payloads. |
Windows zero-day vulnerability exploited in ransomware attacks |
|
April 11, 2023 |
CVE-2023-28252 - Zero Day. The number of bugs in each vulnerability category is listed below: 20 Elevation of Privilege Vulnerabilities, 8 Security Feature Bypass Vulnerabilities, 45 Remote Code Execution Vulnerabilities, 10 Information Disclosure Vulnerabilities, 9 Denial of Service Vulnerabilities, and 6 Spoofing Vulnerabilities |
Microsoft's April 2023 Patch Tuesday, and security updates fix one actively exploited zero-day vulnerability and a total of 97 flaws. |
Microsoft April 2023 Patch Tuesday fixes 1 zero-day, 97 flaws |
|
April 12, 2023 |
CVE-2023-25954 |
A Kyocera Android printing app is vulnerable to improper intent handling, allowing other malicious applications to abuse the flaw to download and potentially install malware on devices. |
Kyocera Android app with 1M installs can be abused to drop malware |
|
April 12, 2023 |
CVE-2023-21554 |
Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service patched by Microsoft during this month's Patch Tuesday. |
Windows admins warned to patch critical MSMQ QueueJumper bug |
|
April 14, 2023 |
CVE-2023-2033 |
Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year. |
|
|
April 19, 2023 |
CVE-2023-2136 |
Google has released a security update for the Chrome web browser to fix the second zero-day vulnerability found to be exploited in attacks this year. |
|
|
April 19, 2023 |
ZDI-CAN-18987 / PO-1216 ZDI-CAN-19226 / PO-1219 |
Print management software developer PaperCut is warning customers to update their software immediately, as hackers are actively exploiting flaws to gain access to vulnerable servers. |
Hackers actively exploit critical RCE bug in PaperCut servers |
|
April 20, 2023 |
CVE-2023-20864 |
VMware addressed a critical vRealize Log Insight security vulnerability that allows remote attackers to gain remote execution on vulnerable appliances. |
VMware fixes vRealize bug that lets attackers run code as root |
|
April 21, 2023 |
CVE-2023-28205 and CVE-2023-28206 |
Apple has released emergency updates to backport security patches, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. |
Apple fixes recently disclosed zero-days on older iPhones and iPads |
|
April 21, 2023 |
Cloud Platform (GCP) security vulnerability |
Google has addressed a Cloud Platform (GCP) security vulnerability impacting all users and allowing attackers to backdoor their accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers. |
|
|
April 24, 2023 |
CVE-2023-29411 CVE-2023-29412 CVE-2023-29413 |
APC's Easy UPS Online Monitoring Software is vulnerable to unauthenticated arbitrary remote code execution, allowing hackers to take over devices and, in a worst-case scenario, disabling its functionality altogether. |
APC warns of critical unauthenticated RCE flaws in UPS software |
|
April 24, 2023 |
CVE-2023-27350 and CVE-2023-27351 |
Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers. |
Exploit released for PaperCut flaw abused to hijack servers, patched now |
|
April 25, 2023 |
CVE-2023-20869 and CVE-2023-20870 |
VMware has released security updates to address zero-day vulnerabilities that could be chained to gain code execution systems running unpatched versions of the company's Workstation and Fusion software hypervisors. |
VMware fixes critical zero-day exploit chain used at Pwn2Own |
|
April 25, 2023 |
CVE-2023-1389 |
The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router flaw tracked as CVE-2023-1389 to incorporate devices into DDoS swarms. |
|
|
April 25, 2023 |
CVE-2023-29552 |
A new reflective Denial-of-Service (DoS) amplification vulnerability in the Service Location Protocol (SLP) allows threat actors to launch massive denial-of-service attacks with 2,200X amplification. |
New SLP bug can lead to massive 2,200x DDoS amplification attacks |
|
April 26, 2023 |
CVE-2023-30839 |
The open-source e-commerce platform PrestaShop has released a new version that addresses a critical-severity vulnerability allowing any back-office user to write, update, or delete SQL databases regardless of their permissions. |
PrestaShop fixes bug that lets any backend user delete databases |
|
April 26, 2023 |
CVE-2023-20060 |
Cisco disclosed a zero-day vulnerability in the company's Prime Collaboration Deployment (PCD) software that can be exploited for cross-site scripting attacks. |
