TL;DR: Serious Ransomware Attacks (15th Week)

A ransomware gang claims responsibility for an attack on a multinational corporation that admitted the attack but remains silent about the consequences; security researchers warn of a phishing campaign masquerading as a browser update; and forum members received a warning from the Dutch Police. OpenAI company promises rewards for discovering vulnerabilities; and an unknown cybercriminal has stolen millions of dollars in cryptocurrency.

Ransomware attack?

MSI suffered a cyberattack that was reportedly stopped upon detection of network anomalies. The company reported that operations have been resumed, the attack reportedly had no significant impact, but warns users not to obtain firmware/BIOS updates from sources other than the official website. MSI subsequently appeared on the list of victims of the Money Message ransomware gang. The gang claimed to have stolen 1.5 TB of data and source code, including framework to develop bios and private keys for signing BIOS modules. The gang demands a ransom payment of four million dollars for non-disclosure of the data.

More findings after the ransomware attack

Yum! Brands, the brand owner of the KFC, Pizza Hut and Taco Bell fast food chains, revealed that the data was stolen  as part of a January 13 ransomware attack. The attackers allegedly gained access to the personal data of an unknown number of people (names, driver’s license numbers and other ID card numbers). The persons whose data was leaked have been notified individually by the company.

Phishing campaign

Security researchers have published information about a phishing campaign spreading on sites under control of cybercriminals. The phishing campaign starts by displaying a fake Google Chrome automatic update to the victim and asks the victim to manually download the update. The downloaded “” archive contains a Monero miner called “updater.exe” which, once installed, will exploit the victim’s device to mine the Monero cryptocurrency.

Attack and data breach

An unknown cybercriminal offers for sale the data of The Kodi Foundation that is administering a cross-platform open-source media player Kodi. The hacker gained access to login credentials of a member of the Admin panel, created a database backup and then downloaded it along with nightly full-backups of the database. The stolen database contains, among other things, login credentials, email addresses and encrypted passwords (hashed + salted) of forum users. Despite the security fixes, the company declared the passwords compromised and provided the database to Have I Been Pwned.

Dutch warning

Dutch Police sent email and letter warnings and also conducted stop calls on former RaidForums members. They warned them that their actions were illegal and they were being monitored by law enforcement.


  • OpenAI company has launched a bug bounty program to reward security researchers looking for vulnerabilities in ChatGPT. The maximum reward for discovering a vulnerability is 20,000 dollars.
  • The ransomware gang Lockbit 3.0 has included the cybersecurity firm Darktrace to the list of its victims. The company denied any breaches or malicious activities after analysing its systems.
  • Hyundai has suffered a data breach that impacted Italian and French car owners who booked a test drive. The leaked data included email addresses, physical addresses, phone numbers and vehicle chassis numbers.
  • A cybercriminal gained access to the “hot” crypto wallets of South Korean cryptocurrency exchange and blockchain platform GDAC and successfully stole approximately 14 million dollars in cryptocurrencies.
  • An unspecified cyberattack (reportedly not a ransomware attack) has forced human resources company SD Worx to suspend all services provided in UK and Ireland. The company disclosed that IT systems were shut down and isolated as a precaution – to mitigate any further impact and adequately assess the threat.


« Späť na zoznam