Cyber Security Blog

Recent Cyber Attacks Data Breaches & Ransomware Attacks September 2022

Written by Aditi Uberoi | 30 September 2022

We've compiled a list of the cyber-attacks, data breaches and ransomware attacks that made news in September 2022.

This list has been created for purely educational purposes, to turn the spotlight on the ever-increasing number of cyber attacks on organisations across the world. 

Below are the other cyber-attacks, ransomware attacks and data breaches that made the news in the month gone by. 

  1.  Cyber-Attacks in September 2022
  2.  Data Breaches in September 2022
  3. Ransomware Attacks in September 2022
  4. New Ransomware/Malware Detected in September 2022
  5. Vulnerabilities/Patches 
  6. Advisories issued etc. in September 2022 

The idea is to help businesses understand that they must look into their cyber-attack or ransomware readiness with utmost urgency. Apart from investing in the right infrastructure and software tools, it is also important to be ready with a strong cyber incident response plan and strategy. This can help mitigate the impact of any attack that may occur. 

The Uber hack was perhaps the most significant cyber-attack of September 2022 and definitely one of the biggest for this year. The fact that a classic social engineering attack was able to compromise the infrastructure of a Fortune 500 company was yet another bugle call for the cybersecurity community to evaluate where it stands in terms of breach readiness and the awareness and training of its staff.

For further reading into this specific attack, we have curated a Live Uber Hack Timeline

Cyber Attacks in September 2022

Date Target/
Victim
Summary Threat Actor(s) Business Impact Reference Link

Sept 1, 2022

Yandex Taxi

Hackers hit Russian taxi app, Yandex Taxi; Send hundreds of taxis to the same address in Moscow to halt services.

Suspected hacker under OpRussia campaign

Breakdown of the taxi service & a massive gridlock in Moscow

Yandex Hack

Sept 5, 2022

Holiday Inn

Holiday Inn, owned by Intercontinental Hotels Group (IHG), suffers a cyber-attack.

TeaPea (Supposedly a Vietnamese couple)

Booking channels & other applications  significantly disrupted

Holiday Inn Hack

Sept 5, 2022

Go-Ahead

Go-Ahead, one of the UK’s biggest transport companies, has said it is managing a cyber-attack that has affected software used to schedule bus drivers and services.

Unknown

Several back office systems affected, including bus services and payroll software

Go-Ahead Attack

Sept 6, 2022

Japanese Govt 
Website

A Pro-Russian hacker group, Killnet, takes responsibility for a series of cyber-attacks against the Japanese Government.

Killnet

Japanese  e-Gov portal website became inaccessible
along with several other sites

Japanese Govt Attack

Sept 10, 2022

Albania Border System

Albania reports 2nd cyberattack by Iran on one of its border systems.

Iranian Source

Border System Hit

Albania Border System Attack

Sept 11, 2022

Swedish Election Authority

Hackers hit Swedish Election Authority with three DDoS attacks on day of vote.

Unknown

Uncertain

Swedish Election Authority Attack

Sept 14, 2022 Individual Microsoft users Threat actors exploit the death of Queen Elizabeth II in phishing attacks to lure targets to malicious sites designed to steal their Microsoft account credentials. Unknown  Uncertain Phishing Campaign Exploiting the Queen's Death
Sept 14, 2022 US govt & power cos FBI indicts three Iranians hackers for cyber attacks targeting local US governments, power companies. Three Iranian Nationals  Undefined Multiple Cyber-Attacks by Iranian Nationals
Sept 19, 2022 Rockstar Games Rockstar has confirmed the Grand Theft Auto VI footage leaked online over the weekend was stolen from its network. Lapsus$ group Hacker stole and leaked footage of GTA6 Rockstar System Compromised
Sept 21, 2022 Slovakians using LinkedIn Smart Link Phishing Campaign abuses LinkedIn slink (Smart Link) to bypass Secure Email Gateways (SEGs). Unknown  Unknown LinkedIn Smart Link Phishing Campaign

 

 




Data Breaches in September 2022

Date Target/
Victim
Summary Threat Actor(s) Business Impact Reference Link
Sept 2, 2022 Samsung Samsung confirms a new data breach. Unknown Customers' names, contacts & demographic information, dates of birth, & product registration data stolen Samsung Data Breach
Sept 2, 2022 Taxpayers in the US The Internal Revenue Service accidentally leaks confidential information for approximately 120,000 taxpayers. - Taxpayer data leaked IRS taxpayer data leaked
Sept 3, 2022 TikTok and WeChat TikTok denies data breach in which a hacking group known as 'AgainstTheWest' claims to have breached both TikTok and WeChat 'AgainstTheWest' Hackers claim to have stolen source code and user data of TickTok and WeChat TikTok denies data breach
Sept 7, 2022 U-Haul After a detailed investigation, U-Haul discloses data breach which exposed customers and
driver licences
Unknown  Customers' name & driver licence information stolen U-Haul Data Breach
Sept 7, 2022 Armed Forces General Staff Agency of Portugal Hackers hit the Armed Forces General Staff agency of Portugal (EMGFA) and allegedly sell the stolen classified NATO documents on the dark web.    Theft of classified NATO documents Classified NATO docs stolen from Portugal
Sept 7, 2022 North Face A credential stuffing attack on North Face occurred between July and August 2022; hit 200,000 North Face accounts. Unknown 200,000 North Face accounts affected North Face Credential Stuffing Attack
Sept 11, 2022 Revolut  Revolut suffers a cyber-attack giving unauthorised third-party access to personal information of tens of thousands of clients Unknown Data of 50,000 users exposed Revolut Cyber-Attack
Sept 13, 2022 FishPig Hackers breach FishPig, a software vendor for Magento, in a supply-chain attack.  Unknown Malicious code added to vendor's software FishPig
Cyber-Attack
Sept 15, 2022 Uber

An 18-year old hacker allegedly breaches the Uber database. 

Read more on this major, news-making attack in our Uber Cyber-Attack Live Timeline
Lapsus$ Group Hacker/breached multiple internal systems, with administrative access to Uber's cloud services including on Amazon Web Services (AWS) and Google Cloud (GCP) Uber Cyber-Attack
Sept 16, 2022 American Airlines American Airlines discloses data breach after employee email accounts & unconfirmed personal data compromised. Unknown Credentials of 1700 customers & employees, allegedly, compromised American Airlines Data Breach
Sept 16, 2022 GitHub GitHub warns of on-going Phishing Campaign using fake CircleCI notifications. Unknown GitHub not impacted but accounts of its customers were affected GitHub Phishing Campaign
Sept 16, 2022 2K Hackers compromise support system of American video game publisher 2K & send support tickets to gamers containing RedLine password-stealing malware. Unknown Uncertain 2K support system hack
Sept 20, 2022 Wintermute Digital assets trading firm Wintermute gets hacked & loses $162.2 million in DeFi operations. Unknown $162.2 million stolen in DeFi ops Wintermute hack
Sept 21, 2022 LockBit Ransomware Gang LockBit ransomware operation suffers a breach, with an allegedly disgruntled developer leaking the builder for the gang's newest encryptor.  Allegedly a disgruntled LockBit developer Uncertain LockBit Ransomware Operation Breach
Sept 22, 2022 Optus Australia's second-largest telecommunications company, Optus, has reported a cyber-attack affecting 2.8 million Australians Unknown 2.8 million Australians' data compromised Optus Cyber Attack

 

Ransomware Attacks in September 2022

Date Target/
Victim
Summary Threat Actor(s) Business Impact Reference Link
Sept 1, 2022 Damart Hive ransomware gang demands $2 million from Damart, a French clothing company it attacked in mid-August Hive Ransomware Gang  Company systems encrypted & operations disrupted since Aug, 2022 Damart Ransomware Attack
Sept 1, 2022 NFL's San Francisco 49ers NFL's San Francisco 49ers confirms and informs its customers that a ransomware attack that hit its network earlier this year affected more than 20,000 individuals Blackbyte Ransomware Gang Personal information of 20,930 individuals compromised 49ers Ransomware Attack
Sept 1, 2022 Montenegro Government Hackers demand $10 million for a ransomware attack that hit Montenegro in mid-August Cuba Ransomware Gang Critical Infrastructure Impacted Montenegro Ransomware Attack
Sept 1, 2022 Chile Govt Agency New ransomware targets Windows, Linux servers of Chile govt agency Uncertain Operations & Online Services of govt agency impacted Chile Govt Agency Attack
Sept 2, 2022 Italy's Energy Agency GSE The BlackCat/ALPHV ransomware gang takes responsibility for the attack that hit the systems of Italy's energy agency Gestore dei Servizi Energetici SpA (GSE) BlackCat/
ALPHV
GSE website taken down Italy's Energy Agency Attack
Sept 3, 2022 Los Angeles Unified School District  The Los Angeles Unified School District deals with a ransomware attack where Vice Society gang stole 500 GB of data Vice Society 500 GB of data stolen LAUSD Ransomware Attack
Sept 9, 2022 Empress Emergency Medical Services, New York Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider, has disclosed that a ransomware attack earlier in the year led to a data breach exposing information of 3,18,558 customers Hive Ransomware (unconfirmed) Customer data exposed Empress EMS Ransomware Attack
Sept 12, 2022 Mitel MiVoice VOIP  Lorenz ransomware gang exploits critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises via phone systems Lorenz Ransomware Gang Unknown Mitel MiVoice VOIP Ransomware Attack
Sept 12, 2022 Bell Canada subsidiary, Bell Technical Solutions (BTS) Hive ransomware gang claims responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS) on 20th August 2022 Hive Ransomware Unknown Bell Technical Solutions Ransomware Attack
Sept 19, 2022 New York Racing Association Hive ransomware operation claims responsibility for an attack on the New York Racing Association (NYRA), which previously disclosed that a cyber attack on June 30, 2022, impacted IT operations and website availability and compromised member data Hive Ransomware IT Operations & Website Data affected; member data compromised NYRA Ransomware Attack

 

Ransomware attacks are becoming more complex and dangerous with every passing month. That's why our experts at Cyber Management Alliance have created these FREE downloadable resources for ransomware mitigation and response. 

  1. Ransomware Mitigation Checklist
  2. Ransomware Response Checklist
  3. Ransomware Response Workflow Guide  

New Ransomware/Malware Discovered in September 2022

New Ransomware/Malware Summary Reference Link
Ballacks Ransomware  PCrisk researchers find new ransomware belonging to the VoidCrypt Ransomware family. Ballacks Ransomware Discovered
DoyUK 7.1 Ransomware PCrisk researchers discover DoyUK 7.1 Ransomware after previously analysing DoyUK 2.0 and DoyUK 5.0.  DoyUK 7.1 Ransomware Discovered
MLF Ransomware PCrisk tracks new ransomware-type programme - MLF. It belongs to the Phobos Ransomware family. MLF Ransomware Discovered
FARGO Ransomware ASEC analysis team discovers distribution of FARGO Ransomware targetting unsecured MS-SQL servers.   FARGO Ransomware distribution 

 


Vulnerabilities/Patches Discovered in September 2022

Date Flaws Summary Reference Link
Sept 2, 2022 CVE-2022-3075 Google has released an update by fixing the 6th zero-day bug (CVE-2022-3075), a high severity vulnerability caused by insufficient data validation in Mojo. Google Chrome Emergency Update
Sept 3, 2022 DEADBOLT (CVE-2022-27593) QNAP Systems, Inc. detected and patched the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability-(CVE-2022-27593) to encrypt QNAP NAS that are directly connected to the Internet. QNAP patches zero-day vulnerability
Sept 8, 2022 Critical privilege escalation security flaw (CVE-2022-3180) WordPress sites are actively targeted with exploits targeting a zero-day vulnerability (CVE-2022-3180) in the WPGateway premium plugin. Zero-day in WPGateway WordPress plugin
Sept 8, 2022 Full list of flaws CISA has added 12 more security flaws to its list of bugs exploited in attacks, including two critical D-Link vulnerabilities and two (now-patched) zero-days in Google Chrome and the Photo Station QNAP software. CISA adds 12 security flaws to list of bugs
Sept 12, 2022 CVE-2022-32917- may allow maliciously crafted applications to execute arbitrary code with kernel privileges. Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs. Apple releases security patch for 8th
zero-day
Sept 13, 2022 CVE-2022-40139- enables attackers to execute arbitrary code remotely on systems running unpatched software. Security software firm Trend Micro warned customers today to patch an actively exploited Apex One security vulnerability as soon as possible. Apex One Security Vulnerability
Sept 21, 2022 A bug that allowed Twitter accounts to stay logged in from multiple devices after a voluntary password reset. Twitter announces a bug that failed to log users out of all devices after password resets. Twitter Bug
Sept 22, 2022 CVE-2022-35405 The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical severity Java deserialization vulnerability affecting multiple Zoho ManageEngine products to its catalogue of bugs exploited in the wild. ManageEngine bug
Sept 28, 2022 ZDI-CAN-18333 &
ZDI-CAN-18802
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC. New 0-Day RCE Vulnerability
Sept 29, 2022 ProxyShell (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) and ProxyLogon (CVE-2021-26855 and CVE-2021-27065) The Witchetty espionage group (aka LookingFrog) using a new backdoor that leverages rarely seen steganography techniques in attacks on targets in the Middle East and Africa. Witchetty exploits new backdoor Trojan
Sept 29, 2022 CVE-2021-27853
CVE-2021-27854
CVE-2021-27861
CVE-2021-27862

Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service (DoS) or man-in-the-middle (MitM) attacks against network targets using custom-crafted packets. L2 controls vulnerability

 

 


Warnings/Advisories/Reports/Malware Detection 

Date Summary Link
Sept 1, 2022 Threat analysts find JuiceLedger gang behind the recent attack against PyPl phishing campaign. PyPI Phishing Campaign
Sept 1, 2022 Twitter experiences an outage and shows ‘Something went wrong’ errors. Twitter Outage
Sept 6, 2022 FBI warns that Vice Society ransomware group disproportionately targets the education sector with ransomware attacks. Vice Society Education Sector attacks
Sept 6, 2022 Former Conti ransomware members target Ukraine & European NGOs, says Google. UAC-0098 attacks
Sept 6, 2022 Dutch Police arrest man for laundering tens of millions in crypto stolen in phishing attacks. Stolen Crypto Laundering
Sept 7, 2022 The North Korean APT group 'Lazarus' exploits VMWare Horizon servers with MagicRAT to access corporate networks in the United States, Canada, and Japan. Lazarus exploits MagicRAT 
Sept 8, 2022 ‘GIFShell’ allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data. GIFShell abuses Microsoft Teams
Sept 9, 2022 Lampion operators urge users to download a "Proof of Payment" document from WeTransfer in new phishing attack. Lampion Malware Phishing Attacks
Sept 9, 2022 A hacktivist group Mysterious Team Bangladesh (MT) targeting Indian government websites and servers has been discovered by CloudSEK. Mysterious Team Bangladesh
Sept 12, 2022 DoJ orders 12 years of prison sentence to a tax fraud ring leader for selling children’s stolen identities. Tax Fraud ring leader imprisoned 
Sept 12, 2022 Threat hunters detect hackers launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique. Steam Credentials Theft
Sept 13, 2022 New Wave of Espionage Activity Targets Asian Governments. Attacks against Asian governments
Sept 19, 2022 Ongoing phishing campaign targets U.S. government contractors.  Microsoft 365 Phishing Attacks
Sept 19, 2022 The Russian state-sponsored hacking group known as Sandworm has been observed to be masquerading as telecommunication providers to target Ukrainian entities with malware. Russia-Nexus UAC-0113 Attacks
Sept 22, 2022 Cyber mercenary group known as Void Balaur continues to expand their hack-for-hire campaigns into 2022, unphased by disruptions to their online advertising personas. Void Balaur continues to expand
Sept 22, 2022 Intel and Microsoft have found incompatibility issues with certain versions of drivers for Intel Smart Sound Technology (Intel SST) on Intel 11th Gen Core processors and Windows 11. Intel & Microsoft incompatibility
Sept 23, 2022 YouTube experiences worldwide outage as users can't access Live Streams.  YouTube down
Sept 23, 2022 Cluster25 researchers collected and analysed a lure document (a PowerPoint file) used to implant a variant of Graphite malware, uniquely linked to the threat actor known as APT28 (aka Fancy Bear, TSAR Team).
Lure Document to implant Graphite Malware
Sept 25, 2022 The Erbium malware is an information-stealer/ info stealer, which is distributed as Malware-as- a-Service (MaaS). CYFIRMA research team observed this malware binary in August, 2022 while carrying out threat hunting activities. Erbium Malware
Sept 26, 2022 Australia plans to toughen privacy rules to force companies to notify banks faster when they experience cyber attacks, after hackers targeted the country's second-largest telecom firm. Australia toughens privacy rules
Sept 26, 2022 The Kremlin supposedly plans to carry out massive cyberattacks on critical infrastructure facilities of Ukrainian enterprises and critical infrastructure institutions of Ukraine's allies Kremlin attack on Ukraine infra
Sept 26, 2022 The North Korean Lazarus hacking group is now using fake 'Crypto.com' job offers to lure developers and artists in the crypto space. Lazarus targets crypto job hunters
Sept 27, 2022 Meta says it took down an extensive network of Facebook and Instagram accounts pushing disinformation published on more than 60 websites that spoofed multiple legitimate news sites across Europe. Meta takes down accounts
Sept 27, 2022 NHS cyber-attack continues to affect the quality of services the trusts can render.  NHS Cyber-Attack
Sept 28, 2022 Fired IT system administrator disrupts the IT operations of his former employer to get his job back.  Disgruntled employee attacks Hawaii firm
Sept 28, 2022 The Internal Revenue Service (IRS) warn Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information. IRS-themed Phishing Attacks
Sept 28, 2022 Hackers use VIRTUALPITA & VIRTUALPIE backdoor to establish persistence on VMware ESXi hypervisors to control vCenter servers and virtual machines for Windows and Linux while avoiding detection VIRTUALPITA & VIRTUALPIE backdoor exploits
Sept 28, 2022 Security researchers detect a new campaign targeting multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier. Attacks on Military Contractors
Sept 28, 2022 A quickly expanding botnet Chaos targets and infects Windows and Linux devices to use them for crypto mining and launching DDoS attacks. Chaos Analysis
Sept 28, 2022 NCSC can learn from Russia's failure to destablise Ukraine through cyber-attacks.  Russia's cyber-attacks on Ukraine

 

The writing on the wall is clear - Malicious threat actors are pulling out all the stops to find new ways to infiltrate businesses and compromise sensitive data. In the case of Uber, apparently, it was an 18-year old who hacked the company's internal systems. 

The message here is that no matter who you are and how large your organisation may be, never underestimate the adversary. 

We always advise our clients to keep their cybersecurity infrastructure tight, policies and plans updated and their cybersecurity hygiene in place. Yes, agreed that this can be a daunting task and that's why you can hire Cyber Management Alliance's Virtual Cyber Assistants to perform these essential cybersecurity duties for you. 

Whether you need to create new documents or review or refresh existing ones, our experienced cybersecurity consultants can help you out. From Business Continuity and Disaster Recovery Plans, Information Asset Registers, Incident Management Policies and Procedures to becoming Cyber Essentials ready or ISO 27001 certified, our experienced cybersecurity consultants can help in a cost-effective way that works for your business.