CYBERSECURITY NEWS MAY V. T-Mobile breach, Twitter Circle posts, the new Akira ransomware & more

We continue to share our monthly cybersecurity incident digest highlighting the most noticeable security incidents of the month. In this May edition, we’ll look into security breaches hitting T-Mobile, Twitter Circle posts that are getting available to a wide audience, the new Akira ransomware, and others.

Another security breach hit T-Mobile

T-Mobile suffered the second data breach of 2023. Fortunately, the leak was not large-scale and only affected the data of 836 people — compared to 37 million affected earlier in the previous attack. One way or another, the risks of the incident should not be underestimated since even such leaks can potentially lead to data theft and phishing attacks on users.
The company said that the call records and financial information were not exposed to third parties. The affected data could include names, contact details, T-Mobile account PIN, social security number, government ID, date of birth, balance due, and internal codes — which is already enough information that attackers can use for their own purposes.

Akira ransomware encrypts victims’ files

The new Akira ransomware operation has gradually gained victims by hacking into corporate networks worldwide. During the attacks, user files were encrypted, after which the malefactors demanded a ransom of millions of dollars. In 2017, another ransomware with the same name was released, but specialists believe the attacks are unrelated.
The latest Akira operation was launched in March 2023, and after only two months, sixteen companies from various fields, including education, finance, real estate, manufacturing, and consulting, were attacked.

Private Twitter Circle posts get available to wide audience

Another security incident has affected Twitter - the company recently reported a case in which private tweets posted on Twitter Circles were publicly available to users outside the Circle.
As a reminder, Twitter Circle is a feature launched in August 2022. With its help, users can send tweets to a limited group of people. Users themselves choose other users within their circle: this function was created so that users could share content with a limited number of people. However, at one point, reports appeared that the tweets forwarded in circles went public instead of only being available to selected users.

Twitter itself warned users that their accounts were allegedly affected by a security incident, which, according to the company’s officials, was resolved soon.

Overview of the recent cyber incident landscape

New ransomware is constantly emerging, and here is a small list of what has appeared recently. Let's take a quick look at the latest incidents.
There were mentions of corporate attacks by such programs as Cactus, Akira, RA Group in the press. In addition, one of the most recent was Operation Abyss, which affected L3Harris. The victim of the attack is a $17 billion defense company.
MalasLocker also became known this month. This is ransomware that has been targeting Zimbra servers since March. The tactics of the scammers are also interesting - in appealing to the victims, they demand donations to an approved charitable organization.
Read about other events in the field in the source.

Imposter ChatGPT and Midjourney pages used in a cyber attack

Recently it became known about the attacker BatLoader, who ran a malicious campaign using Google Search Ads. He did this to deliver fake web pages for ChatGPT and Midjourney. Security researchers from the eSentire Threat Response Unit (TRU) have already published a description of the incident.
Researchers say that attackers may have taken advantage of ChatGPT and Midjourney's lack of standalone apps of their own — allowing for spoofing web pages that advertise fake apps. One example of such an attack was when a Midjourney impostor page prompted users to download a Windows application package signed by Ashana Global Ltd.
While it is difficult to control and spread such attacks, experts recommend raising user awareness and strengthening protection with up-to-date antivirus signatures and Next-Gen AV or EDR solutions. It can also be effective to implement Windows Defender Application Control to manage packaged applications.

UPD:

At Hexway we've recently made an integration with ChatGPT. Find more information in the June 0.55 update.