CSTI
    industryThe Ransomware Era (2020-Present) Daily Briefing

    Cybersecurity Briefing: July 3, 2023 – Active Ransomware and Exploited Vulnerabilities

    Monday, July 3, 2023

    Lead Story: LockBit Ransomware Targets Kinmax Technology

    On July 3, 2023, the notorious LockBit ransomware group executed a major attack on Kinmax Technology, a supplier for Taiwan Semiconductor Manufacturing Company (TSMC). The attackers demanded a ransom of $70 million, although TSMC confirmed that the breach did not compromise its operations or customer data. This incident highlights the vulnerabilities present within supply chains, especially those tied to high-profile companies like TSMC, and underscores the need for robust cybersecurity measures to protect against third-party risks.

    MOVEit Vulnerability Continues to Plague Organizations

    The Cl0p ransomware group has ramped up its operations, exploiting the MOVEit vulnerability to leak sensitive data from major firms, including Siemens Energy and Schneider Electric. This vulnerability, which affects file transfer protocols, has become a critical target for cybercriminals, emphasizing the need for organizations to patch known vulnerabilities promptly to avoid falling victim to data breaches.

    Credential Theft Escalates with Midnight Blizzard

    Microsoft has reported a significant rise in credential theft attacks linked to the Russian threat group Midnight Blizzard. This group is focusing on government entities and NGOs, employing advanced techniques like routing traffic through residential proxies to obfuscate their origins. The increased sophistication of these attacks raises concerns about the security of sensitive information in the public sector.

    Unpatched CVE-2023-3460 Vulnerability Under Attack

    Hackers are actively exploiting an unpatched critical vulnerability (CVE-2023-3460) in the Ultimate Member plugin affecting numerous WordPress installations. This incident underscores the persistent risks associated with widely used web application plugins and the urgent need for organizations to prioritize patch management and vulnerability assessments.

    Analyst Perspective

    The events of July 3, 2023, reflect a concerning trend in the cybersecurity landscape, where attackers are exploiting unpatched vulnerabilities and targeting supply chains. The LockBit and Cl0p ransomware incidents illustrate the high stakes involved, while the rising sophistication of threat actors like Midnight Blizzard reveals the evolving tactics in credential theft. Organizations must remain vigilant and proactive in their cybersecurity strategies, ensuring that they not only patch known vulnerabilities but also reinforce their defenses against increasingly complex attacks.

    Sources

    LockBit Cl0p Midnight Blizzard CVE-2023-3460 cybersecurity