ICBC ransomware attack and ChatGPT outage
ICBC suffers ransomware attack, OpenAI links ongoing ChatGPT outages to DDoS campaign and Google Ads CPU-Z malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. ICBC discloses ransomware attack that reportedly disrupted U.S. Treasuries
On November 8, the Industrial & Commercial Bank of China (ICBC) suffered a ransomware attack that disrupted its financial services. The attack specifically affected U.S. Treasury market trades and repo financing transactions. Equity traders also faced significant disruptions due to the bank’s ability to connect to DTCC/NSCC. ICBC responded by isolating the affected systems and launched an investigation with security experts.
2. OpenAI links recent ChatGPT outages to DDoS attacks
OpenAI has linked recent outages affecting ChatGPT and its developer tools to a Distributed Denial-of-Service (DDoS) attack. ChatGPT users faced sporadic access issues on November 8, receiving messages about the service being at capacity. Initially, OpenAI CEO Sam Altman attributed the problem to high interest in new features. However, the company later updated its incident report to reveal the outages happened due to a DDoS.
3. Threat actor abuses Google Ads to distribute malware-laden CPU-Z installer
Malwarebytes recently discovered a cyberattack using Google Ads to distribute a trojanized CPU-Z tool carrying the Redline malware. The campaign involved a fake Windows news site clone hosting the malicious ad. Users who clicked were led to download a signed CPU-Z installer embedded with malware. This installer launched the Redline Stealer, designed to steal sensitive data. Google has since removed these ads and acted against the accounts responsible.
4. Microsoft reveals hackers exploited zero-day flaw SysAid IT support in Cl0p ransomware campaign
SysAid has alerted its customers to patch their systems against a zero-day vulnerability exploited to deploy ransomware. Discovered after a tip from Microsoft, the flaw enables remote code execution where the threat actor behind the attack conducts a multi-stage attack using a WebShell and other payloads. The hacker is reportedly using this vulnerability to install Cl0p ransomware. SysAid advises updating to version 23.3.36 and conducting thorough network assessments to avoid further compromises.
5. North Korea hacking group blamed for infiltrating Macs with ObjCShellz malware
The North Korean-backed BlueNoroff group recently launched a new macOS malware targeting Apple customers. Dubbed ObjCShellz, it enables remote shell access on compromised devices. ObjCShellz impacts Intel and Arm Macs and executes commands on infected systems in the post-exploitation stage. Security analysts suggest this malware is part of a broader attack involving social engineering.
See Infosec IQ in action
In this Series
- ICBC ransomware attack and ChatGPT outage
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
