TL;DR: Attack on the Children’s Hospital and Success of the Ukrainian Police (51st Week)

Security forces in Ukraine managed to achieve another success in the fight against cybercrime. The LastPass data breach is escalating; and there is also more recent information about the sports betting company DraftKings’ data leak. Cybercriminals attacked a children’s hospital in Canada; and several charges were laid and several sentences handed down.

Ransomware attack on the children’s hospital

The Canadian Hospital for Sick Children known as SickKids in Toronto has become a target of a ransomware attack, yet unspecified. Though the attack reportedly impacted only a few clinical and corporate systems, healthcare delivery was not impacted. The attack is under investigation and full recovery of systems will take weeks.

Success of cyber police in Ukraine

The cyber police in Ukraine detected and stopped the activities of 31 persons who were spreading disinformation and war propaganda. 13 bot farms operating more than 1.5 million fake accounts were suspended. 24 house searches led to the seizure of more than 100,000 SIM cards, more than 100 pieces of computer equipment, 150 pieces of mobile phones and approximately 300 GSM gateways.

LastPass data breach

An investigation of cyberattack on the LastPass password management service in November 2022 revealed that the attackers managed to gain access to the decryption keys of another employee, and thus gaining access to some of the encrypted data. The leaked data included company names, end-user names, billing and email addresses, phone numbers, and IP addresses from which customers were accessing the LastPass service. The service reminds that usernames and passwords are still encrypted.

Almost unsecured sports betting company

The DraftKings sports betting company became a target of a credential attack in November 2022, with exploiting passwords leaked in other services. The result was a data leak from more than 67,000 profiles – names, addresses, phone numbers, email addresses, profile photos, available account balance and last date of password change. Apart from the last four digits of payment cards, no other payment-related data (CVSS and expiration date) was allegedly leaked. Since the data breach, cybercriminals have stolen 300,000 dollars from the accounts, which the company will refund to users.

Ransomware attack on The Guardian

One of the most-read newspapers in the world, The Guardian, was hit by what is suspected to be a ransomware attack. The attack disrupted the operation of some internal technology infrastructure, but reportedly did not affect the website, the app or publishing of new articles.


  • Cyble security researchers have detected the GodFather banking trojan on the Turkish Android app MYT Müzik. The app has more than 10 million downloads on the Google Play Store.
  • A former Twitter employee was sentenced to three-and-a-half years in prison for spying on users on behalf of Saudi Arabia.
  • A member of an international crime syndicate was sentenced to five years and six months in prison for her involvement in cybercrimes leading to the theft of more than 3 million dollars and money laundering of 2.5 million dollars.
  • The U.S. Department of Justice charged six people with computer crimes related to operating a service used for DDoS attacks.
  • North Korea-linked threat actors managed to steal 626 million dollars in cryptocurrency in 2022. The damage in the past five years is estimated at 1.2 billion dollars.

« Späť na zoznam