TL;DR: Beware of Attacking SMS! (8th Week)

Two major cyberattacks started with a text message from an attacker; and data of tens of millions of Indian railway travellers leaked. Cybercriminals have started to actively exploit the chatbot to attract potential victims; a ransomware gang makes money from insurance companies; and security forces achieved successes and one failure.

Did the investigators underestimate the problem?

An employee of gaming company Activision has become a target of an SMS phishing attack that enabled attackers to gain access to the company’s internal systems. Activision’s investigation revealed that the attacker did not obtain any sensitive information, but according to vx-undergorund researchers the attackers stole “sensitive work documents.” Insider Gaming’s analysis revealed that the cache of leaked data contains names, email addresses, phone numbers, salaries, work locations and other employee details.

Paranoia more precious than gold

An employee of cryptocurrency exchange platform Coinbase has also become a victim of a SMS phishing attack. During the attack, the threat actor called the employee, claiming to be an employee of the IT team and step by step guided the victim through what to do. Because the suspicious victim contacted the company’s real IT team during the attack, the attack resulted in limited consequences.

Database of tens of millions of users

Indian train ticket booking platform RailYatri has become a target of a cyberattack. The attacker obtained the data of 31 million travellers, which includes their email addresses, full names, gender, phone numbers, location and 37 thousand invoices. The entire database is exposed on a well-known hacker forum.

Atlassian data leak

An Atlassian employee mistakenly posted his login credentials in a public repository. The threat actors subsequently exploited them to gain access to the file of Atlassian third-party vendor Envoy. By misusing the login credentials, the attackers obtained office floor plans and Envoy profiles of Atlassian employees and contractors.


  • Cybercriminals have started to exploit the popularity of OpenAI’s ChatGPT chatbot to distribute malware.
  • Gcore blocked a DDoS attack with a peak volume of 650 Gbps.
  • The ransomware gang HardBit adjusts their ransom demands to the amounts covered by the insurance company in the event of a ransomware attack.
  • Europol, in cooperation with the security forces of several countries, successfully dismantled an 8-member gang of cybercriminals. The gang members impersonated the CEOs of various companies (CEO scam) and are responsible for damages worth 40 million dollars.
  • Norwegian police agency Økokrim successfully seized84 million euros in cryptocurrencies stolen by the APT Lazarus Group (attributed to North Korea).
  • Computer systems used by the FBI’s New York Field Office for investigating child sexual exploitation have become a target of an unspecified The attack has reportedly been stopped, isolated, and is under investigation.


« Späť na zoznam