In 2023, cyber attacks wreaked havoc on organizations around the globe. From the September attack on MGM Resorts to malicious uses of generative AI tools, last year’s cyber incidents were on par with those of previous years, if not worse.
Below is our list of the top five cyber events of 2023, as reported in our Beyond the Headlines reports. These events were selected based on the depth of press coverage each incident received in mainstream news outlets and security-focused publications and the amount of chatter Cybserxigll detected on dark web forums, Telegram, Discord, and other online locales where threat actors congregate. The insights in our reports demonstrate the value of the Cybersixgill Investigative Portal in helping our customers protect their organizations from vulnerabilities and attacks.
‘Clop' Exploits Zero-Day 'MOVEit' Flaw in Massive Data Theft Campaign
A leading Russian cybercrime gang, Clop, took credit for a string of cyber attacks exploiting a zero-day vulnerability in the popular MOVEit file transfer service. The vulnerability (CVE-2023-34362) enabled the Clop gang to breach servers and steal customer data from multiple victims, including UK-based human resources/payroll giant Zellis and its customers, such as British Airways and the BBC.
Cybersixgill detected threat actors on the underground seeking stolen data from the attacks and asking for assistance exploiting CVE-2023-34362. The stolen data contained personal information, names, addresses, national insurance numbers, and banking details, among other sensitive content.
MGM Cyber Attack: Slots and ATMs Disrupted at Casinos, Website Down
On September 11, 2023, MGM Resorts reported that a “cybersecurity issue” was affecting some of its systems, which it shut down to protect its data. For about 10 days, slot machines, ATMs, credit card machines, online reservations, and the company’s official website were disrupted. Guests had to wait in lines for hours simply to check in or get handwritten receipts. On October 5, MGM revealed that the hackers behind the attack gained access to customers’ personal information, including names, contact information, gender, date of birth, driver’s licenses, passports, and even Social Security numbers.
Following the incident, Cybersixgill detected threat actors leveraging MGM Resorts' customer data on the underground, in addition to ads on forums for stolen MGM data. We also observed threat actors seeking initial access to American and European casinos, which are viewed as “big game” victims capable of paying significant ransoms. As a result, we believe threat actors will continue to pursue paydays from the casino industry. We recommend that organizations remain vigilant and pay careful attention to emails and other content with misspelled URLs to avoid entering credentials into fraudulent websites.
ChatGPT's Dark Side: Cybercriminals Create Malware, Target Victims Using Revolutionary AI Tools
Since the release of ChatGPT by OpenAI in November 2022, Cybersixgill has detected threat actors using the AI platform to develop malware, create phishing campaigns, and conduct other malicious operations. Threat actors have also developed malicious versions of ChatGPT specifically designed for illicit activities, in addition to advertising AI chatbots allegedly capable of generating malicious content.
Cybersixgill also observed more than 100,000 stolen credentials for the generative AI tool advertised on popular dark web marketplaces and underground sites. Stolen ChatGPT credentials include usernames, passwords, and other personal information associated with accounts. Cybercriminals can use these credentials to access sensitive information stored by the AI platform, including classified content, proprietary code, and other intellectual property.
FBI Arrests Founder of Popular 'Breached’ Cybercrime Forum in New York
On March 15, 2023, Conor Brian Fitzpatrick (aka Pompompurin), the founder and primary administrator of the notorious cybercrime forum Breached, was arrested at his New York home. Breached had become one of the dark web’s most popular addresses for cybercrime activity, and Fitzpatrick was convicted of multiple federal crimes and was awaiting sentencing at the end of 2023. His arrest led to the forum being shut down.
Concurrent with Fitzpatrick’s arrest in New York, Cybersixgill collected discourse among Breached members discussing Pompompurin’s arrest and expressing fears that fallout from the arrest might give authorities access to their personal information, which could lead to further arrests. With Pompompurin’s arrest, law enforcement took down a significant individual in the cybercriminal underground. Not long after Breached’s demise, an alternative opened for business called BreachForums. Cybersixgill’s Investigative Portal and the data it collected immediately identified Breached’s successor forum.
Pentagon Leaker Doxed as Classified Intelligence Spreads Among Cybercriminals
On April 13, 2023, U.S. authorities arrested 21-year-old Jack Teixeira, a Massachusetts Air National Guardsman, who was accused of leaking highly classified documents on an invite-only Discord group with dozens of members. The documents appear to originate from the U.S. Central Intelligence Agency (CIA), the Defense Intelligence Agency (DIA), and the National Geospatial Agency (NGA). According to media sources, the documents contained information related to U.S. involvement in the Russia-Ukraine war, China, South Korea, and Turkey, among other countries.
After the arrest of Teixeira, Cybersixgill found the suspect’s personal details exposed on a popular site for doxing, which involves sharing information (such as real names, addresses, job titles, or other identifying data), opening the doors to fraud or harassment. As the FBI’s investigation into the massive Pentagon leak continued, Cybersixgill observed threat actors sharing the classified documents on various underground cybercrime sites.
Cybersixgill empowers organizations with intelligence and insights to help teams build a fortified, resilient digital future. Discover the transformative power of Cybersixgill at www.cybersixgill.com.