Date: 30 September 2022
We've compiled a list of the cyber-attacks, data breaches and ransomware attacks that made news in September 2022.
This list has been created for purely educational purposes, to turn the spotlight on the ever-increasing number of cyber attacks on organisations across the world.
Below are the other cyber-attacks, ransomware attacks and data breaches that made the news in the month gone by.
- Cyber-Attacks in September 2022
- Data Breaches in September 2022
- Ransomware Attacks in September 2022
- New Ransomware/Malware Detected in September 2022
- Vulnerabilities/Patches
- Advisories issued etc. in September 2022
The idea is to help businesses understand that they must look into their cyber-attack or ransomware readiness with utmost urgency. Apart from investing in the right infrastructure and software tools, it is also important to be ready with a strong cyber incident response plan and strategy. This can help mitigate the impact of any attack that may occur.
The Uber hack was perhaps the most significant cyber-attack of September 2022 and definitely one of the biggest for this year. The fact that a classic social engineering attack was able to compromise the infrastructure of a Fortune 500 company was yet another bugle call for the cybersecurity community to evaluate where it stands in terms of breach readiness and the awareness and training of its staff.
For further reading into this specific attack, we have curated a Live Uber Hack Timeline.
Cyber Attacks in September 2022
| Date | Target/ Victim |
Summary | Threat Actor(s) | Business Impact | Reference Link |
|
Sept 1, 2022 |
Hackers hit Russian taxi app, Yandex Taxi; Send hundreds of taxis to the same address in Moscow to halt services. |
Suspected hacker under OpRussia campaign |
Breakdown of the taxi service & a massive gridlock in Moscow |
||
|
Sept 5, 2022 |
Holiday Inn, owned by Intercontinental Hotels Group (IHG), suffers a cyber-attack. |
TeaPea (Supposedly a Vietnamese couple) |
Booking channels & other applications significantly disrupted |
||
|
Sept 5, 2022 |
Go-Ahead |
Go-Ahead, one of the UK’s biggest transport companies, has said it is managing a cyber-attack that has affected software used to schedule bus drivers and services. |
Unknown |
Several back office systems affected, including bus services and payroll software |
|
|
Sept 6, 2022 |
A Pro-Russian hacker group, Killnet, takes responsibility for a series of cyber-attacks against the Japanese Government. |
Killnet |
Japanese e-Gov portal website became inaccessible |
||
|
Sept 10, 2022 |
Albania Border System |
Albania reports 2nd cyberattack by Iran on one of its border systems. |
Iranian Source |
Border System Hit |
|
|
Sept 11, 2022 |
Hackers hit Swedish Election Authority with three DDoS attacks on day of vote. |
Unknown |
Uncertain |
||
| Sept 14, 2022 | Individual Microsoft users | Threat actors exploit the death of Queen Elizabeth II in phishing attacks to lure targets to malicious sites designed to steal their Microsoft account credentials. | Unknown | Uncertain | Phishing Campaign Exploiting the Queen's Death |
| Sept 14, 2022 | US govt & power cos | FBI indicts three Iranians hackers for cyber attacks targeting local US governments, power companies. | Three Iranian Nationals | Undefined | Multiple Cyber-Attacks by Iranian Nationals |
| Sept 19, 2022 | Rockstar Games | Rockstar has confirmed the Grand Theft Auto VI footage leaked online over the weekend was stolen from its network. | Lapsus$ group | Hacker stole and leaked footage of GTA6 | Rockstar System Compromised |
| Sept 21, 2022 | Slovakians using LinkedIn Smart Link | Phishing Campaign abuses LinkedIn slink (Smart Link) to bypass Secure Email Gateways (SEGs). | Unknown | Unknown | LinkedIn Smart Link Phishing Campaign |
Data Breaches in September 2022
| Date | Target/ Victim |
Summary | Threat Actor(s) | Business Impact | Reference Link |
| Sept 2, 2022 | Samsung | Samsung confirms a new data breach. | Unknown | Customers' names, contacts & demographic information, dates of birth, & product registration data stolen | Samsung Data Breach |
| Sept 2, 2022 | Taxpayers in the US | The Internal Revenue Service accidentally leaks confidential information for approximately 120,000 taxpayers. | - | Taxpayer data leaked | IRS taxpayer data leaked |
| Sept 3, 2022 | TikTok and WeChat | TikTok denies data breach in which a hacking group known as 'AgainstTheWest' claims to have breached both TikTok and WeChat | 'AgainstTheWest' | Hackers claim to have stolen source code and user data of TickTok and WeChat | TikTok denies data breach |
| Sept 7, 2022 | U-Haul | After a detailed investigation, U-Haul discloses data breach which exposed customers and driver licences |
Unknown | Customers' name & driver licence information stolen | U-Haul Data Breach |
| Sept 7, 2022 | Armed Forces General Staff Agency of Portugal | Hackers hit the Armed Forces General Staff agency of Portugal (EMGFA) and allegedly sell the stolen classified NATO documents on the dark web. | Theft of classified NATO documents | Classified NATO docs stolen from Portugal | |
| Sept 7, 2022 | North Face | A credential stuffing attack on North Face occurred between July and August 2022; hit 200,000 North Face accounts. | Unknown | 200,000 North Face accounts affected | North Face Credential Stuffing Attack |
| Sept 11, 2022 | Revolut | Revolut suffers a cyber-attack giving unauthorised third-party access to personal information of tens of thousands of clients | Unknown | Data of 50,000 users exposed | Revolut Cyber-Attack |
| Sept 13, 2022 | FishPig | Hackers breach FishPig, a software vendor for Magento, in a supply-chain attack. | Unknown | Malicious code added to vendor's software | FishPig Cyber-Attack |
| Sept 15, 2022 | Uber |
An 18-year old hacker allegedly breaches the Uber database. Read more on this major, news-making attack in our Uber Cyber-Attack Live Timeline |
Lapsus$ Group | Hacker/breached multiple internal systems, with administrative access to Uber's cloud services including on Amazon Web Services (AWS) and Google Cloud (GCP) | Uber Cyber-Attack |
| Sept 16, 2022 | American Airlines | American Airlines discloses data breach after employee email accounts & unconfirmed personal data compromised. | Unknown | Credentials of 1700 customers & employees, allegedly, compromised | American Airlines Data Breach |
| Sept 16, 2022 | GitHub | GitHub warns of on-going Phishing Campaign using fake CircleCI notifications. | Unknown | GitHub not impacted but accounts of its customers were affected | GitHub Phishing Campaign |
| Sept 16, 2022 | 2K | Hackers compromise support system of American video game publisher 2K & send support tickets to gamers containing RedLine password-stealing malware. | Unknown | Uncertain | 2K support system hack |
| Sept 20, 2022 | Wintermute | Digital assets trading firm Wintermute gets hacked & loses $162.2 million in DeFi operations. | Unknown | $162.2 million stolen in DeFi ops | Wintermute hack |
| Sept 21, 2022 | LockBit Ransomware Gang | LockBit ransomware operation suffers a breach, with an allegedly disgruntled developer leaking the builder for the gang's newest encryptor. | Allegedly a disgruntled LockBit developer | Uncertain | LockBit Ransomware Operation Breach |
| Sept 22, 2022 | Optus | Australia's second-largest telecommunications company, Optus, has reported a cyber-attack affecting 2.8 million Australians | Unknown | 2.8 million Australians' data compromised | Optus Cyber Attack |
Ransomware Attacks in September 2022
| Date | Target/ Victim |
Summary | Threat Actor(s) | Business Impact | Reference Link |
| Sept 1, 2022 | Damart | Hive ransomware gang demands $2 million from Damart, a French clothing company it attacked in mid-August | Hive Ransomware Gang | Company systems encrypted & operations disrupted since Aug, 2022 | Damart Ransomware Attack |
| Sept 1, 2022 | NFL's San Francisco 49ers | NFL's San Francisco 49ers confirms and informs its customers that a ransomware attack that hit its network earlier this year affected more than 20,000 individuals | Blackbyte Ransomware Gang | Personal information of 20,930 individuals compromised | 49ers Ransomware Attack |
| Sept 1, 2022 | Montenegro Government | Hackers demand $10 million for a ransomware attack that hit Montenegro in mid-August | Cuba Ransomware Gang | Critical Infrastructure Impacted | Montenegro Ransomware Attack |
| Sept 1, 2022 | Chile Govt Agency | New ransomware targets Windows, Linux servers of Chile govt agency | Uncertain | Operations & Online Services of govt agency impacted | Chile Govt Agency Attack |
| Sept 2, 2022 | Italy's Energy Agency GSE | The BlackCat/ALPHV ransomware gang takes responsibility for the attack that hit the systems of Italy's energy agency Gestore dei Servizi Energetici SpA (GSE) | BlackCat/ ALPHV |
GSE website taken down | Italy's Energy Agency Attack |
| Sept 3, 2022 | Los Angeles Unified School District | The Los Angeles Unified School District deals with a ransomware attack where Vice Society gang stole 500 GB of data | Vice Society | 500 GB of data stolen | LAUSD Ransomware Attack |
| Sept 9, 2022 | Empress Emergency Medical Services, New York | Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider, has disclosed that a ransomware attack earlier in the year led to a data breach exposing information of 3,18,558 customers | Hive Ransomware (unconfirmed) | Customer data exposed | Empress EMS Ransomware Attack |
| Sept 12, 2022 | Mitel MiVoice VOIP | Lorenz ransomware gang exploits critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises via phone systems | Lorenz Ransomware Gang | Unknown | Mitel MiVoice VOIP Ransomware Attack |
| Sept 12, 2022 | Bell Canada subsidiary, Bell Technical Solutions (BTS) | Hive ransomware gang claims responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS) on 20th August 2022 | Hive Ransomware | Unknown | Bell Technical Solutions Ransomware Attack |
| Sept 19, 2022 | New York Racing Association | Hive ransomware operation claims responsibility for an attack on the New York Racing Association (NYRA), which previously disclosed that a cyber attack on June 30, 2022, impacted IT operations and website availability and compromised member data | Hive Ransomware | IT Operations & Website Data affected; member data compromised | NYRA Ransomware Attack |
Ransomware attacks are becoming more complex and dangerous with every passing month. That's why our experts at Cyber Management Alliance have created these FREE downloadable resources for ransomware mitigation and response.
New Ransomware/Malware Discovered in September 2022
| New Ransomware/Malware | Summary | Reference Link |
| Ballacks Ransomware | PCrisk researchers find new ransomware belonging to the VoidCrypt Ransomware family. | Ballacks Ransomware Discovered |
| DoyUK 7.1 Ransomware | PCrisk researchers discover DoyUK 7.1 Ransomware after previously analysing DoyUK 2.0 and DoyUK 5.0. | DoyUK 7.1 Ransomware Discovered |
| MLF Ransomware | PCrisk tracks new ransomware-type programme - MLF. It belongs to the Phobos Ransomware family. | MLF Ransomware Discovered |
| FARGO Ransomware | ASEC analysis team discovers distribution of FARGO Ransomware targetting unsecured MS-SQL servers. | FARGO Ransomware distribution |
Vulnerabilities/Patches Discovered in September 2022
| Date | Flaws | Summary | Reference Link |
| Sept 2, 2022 | CVE-2022-3075 | Google has released an update by fixing the 6th zero-day bug (CVE-2022-3075), a high severity vulnerability caused by insufficient data validation in Mojo. | Google Chrome Emergency Update |
| Sept 3, 2022 | DEADBOLT (CVE-2022-27593) | QNAP Systems, Inc. detected and patched the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability-(CVE-2022-27593) to encrypt QNAP NAS that are directly connected to the Internet. | QNAP patches zero-day vulnerability |
| Sept 8, 2022 | Critical privilege escalation security flaw (CVE-2022-3180) | WordPress sites are actively targeted with exploits targeting a zero-day vulnerability (CVE-2022-3180) in the WPGateway premium plugin. | Zero-day in WPGateway WordPress plugin |
| Sept 8, 2022 | Full list of flaws | CISA has added 12 more security flaws to its list of bugs exploited in attacks, including two critical D-Link vulnerabilities and two (now-patched) zero-days in Google Chrome and the Photo Station QNAP software. | CISA adds 12 security flaws to list of bugs |
| Sept 12, 2022 | CVE-2022-32917- may allow maliciously crafted applications to execute arbitrary code with kernel privileges. | Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs. | Apple releases security patch for 8th zero-day |
| Sept 13, 2022 | CVE-2022-40139- enables attackers to execute arbitrary code remotely on systems running unpatched software. | Security software firm Trend Micro warned customers today to patch an actively exploited Apex One security vulnerability as soon as possible. | Apex One Security Vulnerability |
| Sept 21, 2022 | A bug that allowed Twitter accounts to stay logged in from multiple devices after a voluntary password reset. | Twitter announces a bug that failed to log users out of all devices after password resets. | Twitter Bug |
| Sept 22, 2022 | CVE-2022-35405 | The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical severity Java deserialization vulnerability affecting multiple Zoho ManageEngine products to its catalogue of bugs exploited in the wild. | ManageEngine bug |
| Sept 28, 2022 | ZDI-CAN-18333 & ZDI-CAN-18802 |
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC. | New 0-Day RCE Vulnerability |
| Sept 29, 2022 | ProxyShell (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) and ProxyLogon (CVE-2021-26855 and CVE-2021-27065) | The Witchetty espionage group (aka LookingFrog) using a new backdoor that leverages rarely seen steganography techniques in attacks on targets in the Middle East and Africa. | Witchetty exploits new backdoor Trojan |
| Sept 29, 2022 | CVE-2021-27853 CVE-2021-27854 CVE-2021-27861 CVE-2021-27862 |
Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service (DoS) or man-in-the-middle (MitM) attacks against network targets using custom-crafted packets. | L2 controls vulnerability |
Warnings/Advisories/Reports/Malware Detection
| Date | Summary | Link |
| Sept 1, 2022 | Threat analysts find JuiceLedger gang behind the recent attack against PyPl phishing campaign. | PyPI Phishing Campaign |
| Sept 1, 2022 | Twitter experiences an outage and shows ‘Something went wrong’ errors. | Twitter Outage |
| Sept 6, 2022 | FBI warns that Vice Society ransomware group disproportionately targets the education sector with ransomware attacks. | Vice Society Education Sector attacks |
| Sept 6, 2022 | Former Conti ransomware members target Ukraine & European NGOs, says Google. | UAC-0098 attacks |
| Sept 6, 2022 | Dutch Police arrest man for laundering tens of millions in crypto stolen in phishing attacks. | Stolen Crypto Laundering |
| Sept 7, 2022 | The North Korean APT group 'Lazarus' exploits VMWare Horizon servers with MagicRAT to access corporate networks in the United States, Canada, and Japan. | Lazarus exploits MagicRAT |
| Sept 8, 2022 | ‘GIFShell’ allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data. | GIFShell abuses Microsoft Teams |
| Sept 9, 2022 | Lampion operators urge users to download a "Proof of Payment" document from WeTransfer in new phishing attack. | Lampion Malware Phishing Attacks |
| Sept 9, 2022 | A hacktivist group Mysterious Team Bangladesh (MT) targeting Indian government websites and servers has been discovered by CloudSEK. | Mysterious Team Bangladesh |
| Sept 12, 2022 | DoJ orders 12 years of prison sentence to a tax fraud ring leader for selling children’s stolen identities. | Tax Fraud ring leader imprisoned |
| Sept 12, 2022 | Threat hunters detect hackers launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique. | Steam Credentials Theft |
| Sept 13, 2022 | New Wave of Espionage Activity Targets Asian Governments. | Attacks against Asian governments |
| Sept 19, 2022 | Ongoing phishing campaign targets U.S. government contractors. | Microsoft 365 Phishing Attacks |
| Sept 19, 2022 | The Russian state-sponsored hacking group known as Sandworm has been observed to be masquerading as telecommunication providers to target Ukrainian entities with malware. | Russia-Nexus UAC-0113 Attacks |
| Sept 22, 2022 | Cyber mercenary group known as Void Balaur continues to expand their hack-for-hire campaigns into 2022, unphased by disruptions to their online advertising personas. | Void Balaur continues to expand |
| Sept 22, 2022 | Intel and Microsoft have found incompatibility issues with certain versions of drivers for Intel Smart Sound Technology (Intel SST) on Intel 11th Gen Core processors and Windows 11. | Intel & Microsoft incompatibility |
| Sept 23, 2022 | YouTube experiences worldwide outage as users can't access Live Streams. | YouTube down |
| Sept 23, 2022 | Cluster25 researchers collected and analysed a lure document (a PowerPoint file) used to implant a variant of Graphite malware, uniquely linked to the threat actor known as APT28 (aka Fancy Bear, TSAR Team). |
Lure Document to implant Graphite Malware |
| Sept 25, 2022 | The Erbium malware is an information-stealer/ info stealer, which is distributed as Malware-as- a-Service (MaaS). CYFIRMA research team observed this malware binary in August, 2022 while carrying out threat hunting activities. | Erbium Malware |
| Sept 26, 2022 | Australia plans to toughen privacy rules to force companies to notify banks faster when they experience cyber attacks, after hackers targeted the country's second-largest telecom firm. | Australia toughens privacy rules |
| Sept 26, 2022 | The Kremlin supposedly plans to carry out massive cyberattacks on critical infrastructure facilities of Ukrainian enterprises and critical infrastructure institutions of Ukraine's allies | Kremlin attack on Ukraine infra |
| Sept 26, 2022 | The North Korean Lazarus hacking group is now using fake 'Crypto.com' job offers to lure developers and artists in the crypto space. | Lazarus targets crypto job hunters |
| Sept 27, 2022 | Meta says it took down an extensive network of Facebook and Instagram accounts pushing disinformation published on more than 60 websites that spoofed multiple legitimate news sites across Europe. | Meta takes down accounts |
| Sept 27, 2022 | NHS cyber-attack continues to affect the quality of services the trusts can render. | NHS Cyber-Attack |
| Sept 28, 2022 | Fired IT system administrator disrupts the IT operations of his former employer to get his job back. | Disgruntled employee attacks Hawaii firm |
| Sept 28, 2022 | The Internal Revenue Service (IRS) warn Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information. | IRS-themed Phishing Attacks |
| Sept 28, 2022 | Hackers use VIRTUALPITA & VIRTUALPIE backdoor to establish persistence on VMware ESXi hypervisors to control vCenter servers and virtual machines for Windows and Linux while avoiding detection | VIRTUALPITA & VIRTUALPIE backdoor exploits |
| Sept 28, 2022 | Security researchers detect a new campaign targeting multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier. | Attacks on Military Contractors |
| Sept 28, 2022 | A quickly expanding botnet Chaos targets and infects Windows and Linux devices to use them for crypto mining and launching DDoS attacks. | Chaos Analysis |
| Sept 28, 2022 | NCSC can learn from Russia's failure to destablise Ukraine through cyber-attacks. | Russia's cyber-attacks on Ukraine |
The writing on the wall is clear - Malicious threat actors are pulling out all the stops to find new ways to infiltrate businesses and compromise sensitive data. In the case of Uber, apparently, it was an 18-year old who hacked the company's internal systems.
The message here is that no matter who you are and how large your organisation may be, never underestimate the adversary.
We always advise our clients to keep their cybersecurity infrastructure tight, policies and plans updated and their cybersecurity hygiene in place. Yes, agreed that this can be a daunting task and that's why you can hire Cyber Management Alliance's Virtual Cyber Assistants to perform these essential cybersecurity duties for you.
Whether you need to create new documents or review or refresh existing ones, our experienced cybersecurity consultants can help you out. From Business Continuity and Disaster Recovery Plans, Information Asset Registers, Incident Management Policies and Procedures to becoming Cyber Essentials ready or ISO 27001 certified, our experienced cybersecurity consultants can help in a cost-effective way that works for your business.
