Recent Cyber Attacks, Data Breaches & Ransomware Attacks January 2023

Date: 1 February 2023

Featured Image

The New Year has started and the cyber criminals are back with a bang. January 2023 has presented us with an exhaustive list of cyber-attacks, ransomware attacks and data breaches which are captured in this blog. 

Several high-profile organisations, including healthcare providers, educational institutions and government bodies, have reportedly become targets of cyber-attacks already at the start of the year. In this blog, we have listed out the recent major cyber attacks, ransomware attacks and data breaches in January 2023. Wherever the data was available, we have also added information on who the attackers were and what the business impact was. 

As always, the idea is not to create panic or fear-mongering. It is merely to reiterate the fact that the threat of cyber attacks and ransomware attacks continues to grow, and it is essential for you to take action to protect your organisation in 2023. By staying informed, implementing strong security measures, and educating employees, organisations across the world can reduce their risk of falling victim to these attacks.

If you need help with strengthening your cybersecurity posture and/or creating and refreshing your cyber incident plans, policies and procedures you can do so conveniently and cost-effectively through services such as the Virtual Cyber Assistant. The virtual cybersecurity experts can also help you conduct risk assessments and evaluate your breach readiness. You could also use their services to achieve compliance and become ready for various cybersecurity certifications.  

cyber tabletop scenarios

Below are the other biggest cyber-attacks, ransomware attacks and data breaches in January 2023. 

  1. Ransomware Attacks in January 2023
  2. Data Breaches in January 2023
  3. Cyber-Attacks in January 2023
  4. New Ransomware/Malware Detected in January 2023
  5. Vulnerabilities/Patches 
  6. Advisories issued, reports, analysis etc. in January 2023

Ransomware Attacks in January 2023




Threat Actor

Business Impact

Source Link

January 1, 2023

SickKids hospital 

SickKids hospital impacted in Ransomware Attack; LockBit gang apologised and gave the organisation a free decryptor. 

LockBit ransomware

The attack impacted internal and corporate systems, hospital phone lines, and the website.

SickKids hospital ransomware attack

January 1, 2023

Queensland University of Technology

Queensland University of Technology, one of the largest Australian universities, attacked by Royal Ransomware. The ransomware gang also allegedly has been leaking the university data.

Royal ransomware

The ransomware gang leaked HR files, email and letter communications, ID cards and documents, and financial and administrative documents. The university had to shut down all IT systems to contain the attack. 

Queensland University of Technology ransomware attack

January 04, 2023


Rackspace confirms Play ransomware was behind the recent cyberattack.

Play ransomware

Hackers accessed some of the customers' Personal Storage Table (PST) files which can contain a wide range of information, including emails, calendar data, contacts, and tasks.

Play ransomware hits Rackspace

January 10, 2023

Australia's Fire Rescue Victoria

Australia’s Fire Rescue Victoria discloses data breach after Vice Society ransomware attack in December 2022.  

Vice Society ransomware

Hackers have stolen personal and financial account information on FRV staff and applicants.

Australian firefighting service attack

January 10, 2023

Royal Mail

Royal Mail cyber attack linked to LockBit ransomware. 

LockBit ransomware

Royal Mail stopped its international shipping services due to the severe service disruption. 

LockBit ransomware operation behind Royal Mail cyber attack

January 16, 2023

University of Duisburg-Essen

Vice Society ransomware takes responsibility for the November 2022 attack on University of Duisburg-Essen.

Vice Society

Hackers stole and leaked sensitive details about the university's operations, students, and personnel. The university was forced to reconstruct its IT infrastructure after the attack. 

University of Duisburg-Essen’s data leaked on Vice Society’s darknet 

January 18, 2023

Yum! Brands, the owner of KFC, Taco Bell, and Pizza Hut fast food chains. 

Ransomware gang apparently stole data from Yum!Brands. However, the business said there is no indication that customer information was exposed. 


The attack forced Yum! Brands to temporarily close 300 locations in the United Kingdom. However, the company said that all restaurant operations have been restored to normal and it's unlikely that the attack will cause any further disruptions. 

Yum! Brands ransomware attack

January 20, 2023

Los Angeles Unified School District (LAUSD)

LAUSD says the Vice Society ransomware has stolen files containing contractors' personal information, including Social Security Numbers (SSNs).

Vice Society 

500 GB of data leaked as LAUSD refused to give into the hackers’ ransom demands. 

Vice Society hits Los Angeles Unified School District (LAUSD)

January 20, 2023

Costa Rica’s Ministry of Public Works and Transport

Costa Rica’s Ministry of Public Works and Transport crippled by ransomware attack


The attack encrypted 12 of MOPT’s servers and forced this public department to shut down its computer systems 

Ransomware attack on Costa Rica’s Ministry of Public Works and Transport

January 24, 2023

Riot Games

Riot Games receives $10 million ransom demand from hackers who stole source code for the League of Legends (LoL) multiplayer online battle arena, the Teamfight Tactics (TFT) auto battler game, and a legacy anti-cheat platform. Riot Games has refused to pay the ransom. 


Riot Games said that while the attack certainly disrupted their build environment which could also cause issues in the future, no player data or player personal information was compromised. 

Riot Games ransomware attack


Ransomware attacks can be devastating to a business in both monetary terms as well as in terms of loss of reputation. However, they can be prevented by following best practices such as regularly updating software, backing up files, enabling firewalls, being cautious with email attachments, using strong passwords, enabling pop-up blockers, installing anti-virus software, and being cautious when clicking links. By taking these steps, you can help protect yourself from ransomware attacks and ensure that your business critical data and sensitive information stays safe. 

Ransomware Attack (1)

You can also use these FREE resources created by our cybersecurity experts to help you prevent ransomware attacks and mitigate the damage they can cause:

  1. Ransomware Mitigation Checklist
  2. Ransomware Response Checklist
  3. Ransomware Response Workflow Guide  

Back to Top 

New call-to-action

Data Breaches in January 2023




Threat Actor

Business Impact

Source Link

January 3, 2023

Rail giant Wabtec

Rail and locomotive company Wabtec hit by  Lockbit ransomware attack

LockBit Ransomware

The stolen data includes a wide variety of sensitive information, including full names, dates of birth and other important Personal Identifiable Information. 

Rail giant Wabtec ransomware attack

January 4, 2023


CircleCI, a software development service, has disclosed a data breach


Not disclosed yet. However, the company has advised all customers to update their passwords. 

CircleCI data breach 

January 5, 2023


T-Mobile hacked & data of 37 million accounts stolen through one of its APIs. 


Hackers accessed a limited set of customer account data, including name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features.

T-Mobile cyber attack in January 2023 

January 06, 2023

Air France and KLM

Air France and KLM notify Flying Blue customers (a popular loyalty programme) that some of their personal information may have been exposed after a data breach.   


The compromised data includes customers’ names, phone numbers, email addresses,  latest transactions, and Flying Blue information like their earned miles balance.

Air France and KLM inform customers about data breach

January 11, 2023


MailChimp discloses a new breach through a social engineering attack on employees and contractors.  


Data of 133 customers accessed by threat actors. 

MailChimp second data breach

January 16, 2023

Nissan North America

Nissan North America sends data breach notifications to customers. Event triggered by breach at third-party service provider.


17,998 customers affected and the exposed data includes full names, dates of birth, and NMAC account numbers (Nissan finance account).

Nissan North America data breach incident

January 18, 2023


PayPal notifies users whose accounts had been accessed through credential stuffing attacks that compromised their personal data.


34,942 PayPal users have been impacted by the incident. Hackers apparently gained access to their full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers.


PayPal credential stuffing data breach incident 

January 19, 2023


FanDuels warns customers to be vigilant against phishing emails as their data may have been breached after the January 2023 security breach at MailChimp.


The threat actors accessed FanDuels customer names and email addresses in the breach at MailChimp.

FanDuels data breach

January 23, 2023

GoTo (formerly LogMeIn)

GoTo says customer data was breached as hackers stole encrypted backups containing personal information as well as the encryption key for a portion of the data. 


The incident had a significant impact on customer information including their account usernames, passwords and multi-factor authentication information. 

GoTo data breach

January 25, 2023

Zacks Investment Research

Zacks Investment Research data was breached last year and data of 820,000 clients was compromised. 


Personal and sensitive information such as names, email addresses and user passwords belonging to 820,000 customers exposed.

Zacks Investment Research data breach

January 25, 2023


What is allegedly a Yandex source code repository has been leaked as a Torrent on a popular hacking forum.


The hacker leaked a Yandex Git repository containing technical data and code of apparently 44.7 GB about several of the Russian technology company’s products. Yandex has responded saying its systems were not hacked, and a former employee leaked the source code repository.

Yandex source code repository leaked

January 25, 2023

Charter Communications

Charter Communications says vendor breach exposed some customer data.


Hackers allegedly stole information from the company that included names, account numbers, addresses and more for about 550,000 customers.

Charter Communications data breach

January 30, 2023

JD Sports

JD Sports says hackers stole data of 10 million customers.


Hackers were able to steal  data of approximately 10 million unique customers, which consisted of their personal and credit card information.

JD Sports data breach

Back to Top 

New call-to-action

Cyber Attacks in January 2023




Threat Actor

Business Impact

Source Link

January 09, 2023

Des Moines Public Schools

Iowa’s largest school district hit by cyber-attack; cancels classes. 


The school district took all its networked systems offline in response to "unusual activity" detected on its network. It also cancelled all classes in response to the event.

Iowa’s largest school district Des Moines public schools cyber attack

January 13, 2023

Solaris (Darknet Marketplace)

Illegal Solaris darknet market hacked by competitor Kraken.

Kraken (a darknet marketplace)

Solaris, a large darknet marketplace focussed on illegal substances, has been taken over by a smaller competitor named 'Kraken,' who claims to have hacked the Tor site of Solaris which currently redirects to Kraken.

Kraken takes its rival Solaris, a darknet marketplace down

January 15, 2023

Qulliq Energy Corporation

Qulliq Energy Corporation impacted by a cybersecurity incident.


While the company managed to ensure that its power plants continue to operate normally, its customer care and admin offices became unavailable. Due to the cyber attack, the company also remained unable to receive payments through credit cards.

Qulliq Energy Corporation cyber attack

January 18, 2023

Bank of America

Bank of America starts restoring missing Zelle transactions.


Due to the cyber attack,  Zelle transactions disappeared from customers' bank accounts causing some to dip into negative balances.

Bank of America Cyber Attack

January 18, 2023

Guildford County School

Cyber attack confirmed as cause for IT outages at the British music school.


The cyberattack knocked out the school’s phone lines and impacted the IT systems.

Guildford County School cyber attack

January 23, 2023

Exco Technologies Limited

Canadian tool manufacturer hit by cyber attack.


The victim company temporarily disabled some computer systems as it investigated the incident. It said, however, that there was no material impact on shipments to customers. 

Exco Technologies cyber attack

January 26, 2023

The websites of key German administrations, including companies and airports

Russian hackers launch cyberattack on Germany in Leopard retaliation 

Russian Killnet

Hackers targeted the financial sector and federal government sites with DDoS attacks. 

Russian hackers hit Germany with DDoS attacks

January 26, 2023

Bitwarden password vaults

Bitwarden password vaults targeted in Google ads phishing attack.


Hackers are targeting Bitwarden and other password managers in Google ads phishing campaigns to steal users' password vault credentials.

Bitwarden password vaults attack

January 27, 2023


Ukraine: Sandworm hackers hit the news agency with 5 data wipers.

Hackers are apparently the Russian Military Unit 74455 of the Main Intelligence Directorate (GRU)

CERT-UA detected 5 samples of malicious programs (scripts) aimed at violating the integrity and availability of information (writing files/disks with zero bytes/arbitrary data and their subsequent deletion.

Ukrainian National News Agency attack 


Cyber attacks in January 2023 continued to make headlines and cause widespread damage to individuals and organisations. The frequency and severity of cyber attacks has also risen, making it more important than ever to stay informed and take proactive measures to protect against these threats.186521217_m (1)
One of the most significant ways in which you can reduce your organisational vulnerability is to train the weakest link in the chain - the human element. Effectively training your staff in cybersecurity best practices and cyber incident response is one of the time-tested ways of reducing exposure to basic online threats.

You can also conduct Cyber Attack Tabletop Exercises for the board and management that helps them understand your organisational threat landscape better and improves their awareness of contextual business risks. 

Back to Top 

New call-to-action

New Ransomware/Malware Discovered in January 2023

New Ransomware


Source Link

Stop/Djvu Ransomware (v0627)

Extension: .bpws; Ransom note: _readme.txt

New version of Stop/Djvu ransomware-v0627

Stop/Djvu Ransomware (v0625)

Extension: .znto; Ransom note: _readme.txt

New variant of Stop ransomware-v0627 

CY3 ransomware; Dharma/CrySis family

Extension: .CY3 (also appends filenames with victim's unique ID and developers' email address); Ransom notes: info.txt and pop-up window (Info.hta)

New variant of Dharma ransomware; CY3

Upsilon Ransomware

Extension: .upsil0n; Ransom note: Upsilon.txt

New Upsilon ransomware

Bettercallsaul Ransomware

Extension: .bettercallsaul; Ransom notes: DECRYPT_MY_FILES.txt and desktop wallpaper

New Bettercallsaul Ransomware

D0n ransomware; Dharma/CrySis family

Extension: .d0n (also appends filenames with victim's unique ID and developers' email address); Ransom notes: info.txt and pop-up window (Info.hta)

New variant of Dharma ransomware; D0n ransomware

Stop/Djvu Ransomware (v0626)

Extension: .bpsm; Ransom note: _readme.txt

New version of Stop ransomware; v0626

Mao ransomware; Dharma/CrySis family

Extension: .mao (also appends filenames with victim's unique ID and developers' email address); Ransom notes: info.txt and pop-up window (Info.hta)

New version of Dharma ransomware; Mao ransomware

Stop/Djvu Ransomware (v0629)

Extension: .zoqw; Ransom note: _readme.txt

New version of Stop ransomware; v0629 

RYKCRYPT Ransomware; VoidCrypt ransomware family

Extension: .RYKCRYPT (filenames are also appended with victim's ID and developers' email address); Ransom note: unlock-info.txt

New version of VoidCrypt ransomware; RYKCRYPT Ransomware

KoRyA Ransomware; Xorist ransomware family

Extension: .KoRyA; Ransom notes: HOW TO DECRYPT FILES.txt and pop-up window

A new version of Xorist ransomware family; KoRyA Ransomware

Stop/Djvu Ransomware (v0631)

Extension: .zouu; Ransom note: _readme.txt

New variant of Stop ransomware; v0631 

A new Android malware named 'Hook'

New 'Hook' Android malware lets hackers remotely control your phone

Hackers sell a new Android malware that can control your phone remotely 

New Mimic ransomware

New Mimic ransomware abuses leverages the APIs of the 'Everything' file search tool for Windows to look for files targeted for encryption

New Mimic ransomware abuses ‘Everything’ Windows search tool


Vulnerabilities/Patches Discovered in January 2023




Source Link

January 3, 2023


NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers.

Synology patches high severity vulnerability in VPN routers

January 4, 2023

CVE-2022-47523, an SQL injection vulnerability

Zoho urges admins to patch severe ManageEngine bugs. 

Zoho urges admins to fix severe ManageEngine flaw immediately

January 9, 2023


Auth0 fixes the RCE flaw in the JsonWebToken library used by 22,000 projects.

Auth0 patches Remote Code Execution vulnerability in JsonWebToken library used by 22,000 projects

January 9, 2023

Flaws behind 0x800700b7 errors

Microsoft fixes Windows 11 bug behind 0x800700b7 provisioning errors

Microsoft patches flaws behind 0x800700b7 issues

January 10, 2023

39 Elevation of Privilege Vulnerabilities, 

4 Security Feature Bypass Vulnerabilities, 

33 Remote Code Execution Vulnerabilities, 

10 Information Disclosure Vulnerabilities, 

10 Denial of Service Vulnerabilities, 

2 Spoofing Vulnerabilities, and CVE-2023-21674 - Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day

Microsoft fixes 98 flaws, 1 zero-day in its January 2023 Patch

January 12, 2023

server-side request forgery (SSRF) vulnerability CVE-2022-41080

Microsoft: Cuba ransomware hacks Exchange servers via OWASSRF flaw

Cuba ransomware targets Exchange servers via OWASSRF flaw

January 12, 2023


Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day

Govt networks hit with recently fixed SSL-VPN zero-day

January 17, 2023

CVE-2022-41903 in the commit formatting mechanism and CVE-2022-23521 in the .gitattributes parser

Git has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses.

Git fixes two critical RCE security vulnerabilities

January 17, 2023


Over 4,000 Sophos Firewall devices vulnerable to RCE attacks

Over 4,000 Sophos Firewall appliances are vulnerable to RCE vulnerability

January 20, 2023



Exploits released for two Samsung Galaxy App Store vulnerabilities

NCC group published exploits details for two Samsung Galaxy App Store vulnerabilities

January 20, 2023


New Boldmove Linux malware used to backdoor Fortinet devices

Hackers use new Boldmove Linux malware to hit Fortinet devices

January 20, 2023

CVE-2022-47966, a pre-authentication remote code execution (RCE) vulnerability

Critical ManageEngine RCE bug now exploited to open reverse shells

Hackers exploit critical ManageEngine RCE bug to open reverse shells

January 23, 2023

CVE-2022-42856, a zero day flaw

Apple fixes actively exploited iOS zero-day on older iPhones, iPads.

Apple patches actively exploited iOS zero-day 

January 24, 2023

CVE-2022-31703, a directory traversal vulnerability

VMware fixes critical security bugs in vRealize log analysis tool.

VMware fixes a directory traversal bug in vRealize log analysis tool

January 27, 2023

Windows 11 vulnerability behind Remote Desktop freezes

Microsoft fixes Windows 11 issues behind Remote Desktop freezes.

Microsoft patched Windows 11 flaws responsible for Remote Desktop freezing

 Back to Top 

New call-to-action




Sources Link


Ransomware gang clones victim’s website to leak stolen data.

ALPHV ransomware group cloned victim’s website to leak stolen data


Ransomware impacts over 200 govt, edu, healthcare orgs in 2022.

Ransomware attacks hit over 200 govt, edu, healthcare organisations in 2022


The Polish government warns of a rise in cyberattacks from Russia-linked hackers, especially the state-sponsored hacking group known as GhostWriter.

Russia linked ghostwriter threat actors target Poland 


Slack's private GitHub code repositories stolen over holidays.

Hackers steal Slack's private GitHub code repositories


Over 60,000 Exchange servers are vulnerable to ProxyNotShell attacks.

Thousands of Microsoft Exchange servers are vulnerable to ProxyNotShell attacks


Ongoing Flipper Zero phishing attacks target infosec community.

Infosec community is under threat of Flipper Zero phishing attacks


Bluebottle hackers used signed Windows driver in attacks on banks in French-speaking countries;  $11 million allegedly stolen from various banks.

Bluebottle hackers steal from banks by using signed Windows driver


Toyota, Mercedes, BMW API flaws exposed owners’ personal information. 

Hackers exposed API flaws to steal customer information of big brands like Toyota, Mercedes, BMW


Meta to fight €390 million fine by Ireland for breaching EU data privacy laws.

DPC Ireland fined Meta €390 million for breaching EU data privacy laws


Chick-fil-A is investigating reports of suspicious activity linked to some customers’ accounts.

Chick-fil-A hacking incident is under investigation


200 million Twitter users' email addresses allegedly leaked online.

Hackers allegedly leak 200 million Twitter users' email addresses online


WhatsApp adds proxy support to help its users to use the App where it has been blocked.

WhatsApp adds proxy support to help bypass Internet blocks


France has fined Apple €8,000,000 ($8.5M) for collecting user data on the App Store without requesting user's consent.

France fines Apple for targeted App Store ads without consent


Hackers abuse Windows Problem Reporting (WerFault.exe) error to load malware in compromised systems.

Cyber criminals abuse Windows error reporting tool to deploy malware


Hackers push fake Pokemon NFT game to take over Windows devices.

Hackers try to take control over Windows devices through fake Pokemon NFT game


FCC wants telecom carriers to report data breaches faster.

Telecom companies have to report data breaches faster: U.S. FCC


VSCode Marketplace can be abused to host malicious extensions.

Hackers can abuse VSCode Marketplace to host malicious extensions


Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL.

Kinsing malware actively breach Kubernetes via PostgreSQL


Over 1,300 fake AnyDesk sites push Vidar info-stealing malware.

More than 1,300 bogus AnyDesk websites push Vidar data-stealing malware


Hackers abused an open redirect on the United Kingdom's Environment, Food & Rural Affairs (DEFRA) department to direct visitors to fake OnlyFans adult dating sites.

Fake OnlyFans dating sites abuse UK Environment Agency open redirect


CISA orders agencies to patch Exchange bug abused by Play ransomware gang

CISA orders agencies to fix Exchange flaws abused by ransomware group


StrongPity hackers target Android users via trojanised Telegram app.

Trojanised Telegram app becomes the gateway for StrongPity hackers to target Android users


FBI: North Korean hackers stole $100 million in Harmony crypto hack

North Korean hackers were responsible for $100 million theft of Harmony crypto token


Cisco warns of auth bypass bug with public exploit in EoL routers

EoL routers are carrying auth bypass vulnerability with public exploit


Gootkit malware abuses VLC to infect healthcare orgs with Cobalt Strike

Gootkit malware operators exploit VLC to infect Australian healthcare orgs with Cobalt Strike


Lorenz ransomware gang plants backdoors to use months later

Lorenz ransomware group plants backdoors to use in future


Android TV box on Amazon came pre-installed with malware

Android TV box on Amazon can have a pre-installed malware


European police takes down call centres behind cryptocurrency scams

Call centres behind cryptocurrency scams are on the radar of European police


Hackers now use Microsoft OneNote attachments to spread malware

Microsoft OneNote attachments being used to spread malware


Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner

Cyber ghosts spread malware via Google search ads for VLC, 7-Zip, CCleaner


U.S. sues Google for abusing dominance over online ad market

The U.S. Justice Department files a lawsuit against Google for abusing dominance over online ad market


75k WordPress sites impacted by critical online course plugin flaws

Critical online course plugin flaws hit 75k WordPress sites


New stealthy Python RAT malware targets Windows in attacks

New stealthy Python RAT malware targets Windows in attacks


Hive ransomware Tor payment and data leak sites were seized as part of an international law enforcement operation involving the US Department of Justice, FBI, Secret Service, Europol, and Germany's BKA and Polizei

Hive ransomware dark web sites seized by law enforcement


Threat actors auction the alleged source code for Riot Game's League of Legends and the Packman anti-cheat software, confirmed to be stolen in a recent hack of the game company's developer environment

Hackers auction alleged source code for League of Legends


UK warns of increased attacks from Russian, Iranian hackers

UK fears an increase in attacks from Russian, Iranian hackers


Massive Microsoft 365 outage caused by WAN router IP change

WAN router IP change was responsible for January’s massive Microsoft 365 outage


Hackers use new SwiftSlicer wiper to destroy Windows domains

Cyber ghosts use new SwiftSlicer data swiping malware to destroy Windows domains

Back to Top 


Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422