Security Audit

Recent Cyber Attacks – 2023

Published on: April 7, 2023

<strong data-lazy-src=

The prediction is that $8 trillion will be lost to cyber crimes by the end of 2023, which is almost a third of the USA’s GDP in 2022 and twice as much as India’s predicted GDP in March 2023. The global loss to cybercrime is will grow more than 15% year by year to reach $10.5 trillion by 2025. 

These numbers help you measure the depth of the impact of cybercrime on the global economy. What it should also tell you is, no one is safe – not even governments. The Costa Rican nation, for instance, was in a state of emergency for almost the entirety of the last year owing to repeated cyber attacks on various ministries.     

List of Recent Cyber Attacks 2023


  1. Attack on Tallahassee Memorial
  2. Attack on VMware ESXi
  3. Bank Accounts Hacked in Nepal
  4. XSS vulnerabilities found in DMS providers
  5. 71 million request-per-second HTTP DDoS attack thwarted by CloudFlare
  6. Dish Network faced a data breach
  7. US Marshals Service faces ransomware attack


  1. T-Mobile Data Breach
  2. Attack on AirFrance and KLM
  3. Windows ALPC Zero Day
  4. Attack on Mailchimp
  5. Third-party data breach Nissan North America
  6. Attack on PayPal customers
  7. Attack on Schools in Tucson, Arizona, and Nantucket
  8. Exposition of Yandex source code
  9. Killnet targets US hospitals with DDoS attacks
  10. Attack on ION Group

The Cyber Threat Landscape in 2023

Before we start looking at the recent cyber attacks, it is important to understand the threat landscape we are dealing with at this point in time. We’d like to draw your attention to a few phenomena that are currently impacting the global cyber threat landscape.

  1. The Covid 19 Pandemic  

The pandemic, the lockdown, and the ensuing adaptations made by businesses and communities across the globe have changed how cyber security is perceived. The impact of the pandemic on cyber security is deep and pervasive. Thanks to the bring-your-own-device trend, remote workplaces, and the exigency of third-party applications, attackers are exploring new attack surfaces and there is a frightening number of new vulnerabilities. 

  1. The Ukraine-Russia War

The information assault that Russia exercised against Ukraine since 2014 culminated in February 2022 with Russia’s invasion of Ukraine. Ukraine’s defenses against Russian cyber attacks had been hardened over the years. Hence, the practical impact of the Russian attacks during and after the invasion wasn’t noteworthy. Nonetheless, a lot of valuable lessons were learned by the security experts of the world from these incidents as well as the hackers.

  1. The Emergence of RaaS Gangs

From Doppelpaymer and REvil to Vice Society and Nevada, a bunch of Ransomware as a Service gangs have posed significant threats to businesses, individuals, and governments across the world. Some were politically motivated like the Conti gang and some have specific targets like Vice Society almost exclusively targets schools and other educational institutes. The rise of RaaS has forced administrative bodies to rethink security.

Major Cyber Attacks in February 2023

Attack on Tallahassee Memorial

  • Date: February 2, 2023
  • Attack type: Ransomware (unconfirmed)
  • Target: IT systems of Tallahassee Memorial Hospital
  • Vulnerability: Unknown
  • Perpetrators: Unknown
  • Impact: Surgeries were rescheduled, patients were re-directed, and IT systems were shut down for weeks.

Tallahassee Memorial is a 772-bed hospital and it also has special care units in 21 counties across North Florida. A suspected ransomware attack crippled the hospital’s IT systems and forced it to shut down all online procedures for over a week. All elective surgeries had to be rescheduled. A lot of patients had to be transferred to other facilities.

As of the end of 2022, Microsoft has detected more than 50 new active ransomware families and 100 threat actors deploying ransomware.

Attack on VMware ESXi

  • Date: February 3, 2023
  • Attack type: ESXiArgs Ransomware Attack
  • Target: Unpatched VMware ESXi prior to version 6.7
  • Vulnerability:  CVE-2021-21974. Vulnerable Open Service Location Protocol
  • Perpetrators: Nevada (Unconfirmed) 
  • Impact: Nearly 1000 ESXi servers have been infected

VMware ESXi provides a Hypervisor to run virtual machines. The company launched a patch for the vulnerable OpenSLP in 2021 but a lot of servers weren’t patched, apparently. “The ransomware encrypts files with the .vmxf, .vmx, .vmdk, .vmsd, and .nvram extensions on compromised ESXi servers and creates a .args file for each encrypted document”

Bank Accounts Hacked in Nepal

  • Date: February 3, 2023
  • Attack type: credential theft
  • Target: Individuals using net banking
  • Impact: Several million rupees stolen

Eight malicious actors were arrested in Kathmandu, Nepal, were arrested by the police for hacking into bank accounts. The attackers shared the Android package kit (APK) for a fake app called Nepali Keti over WhatsApp. Then they hacked into the bank accounts of the people who downloaded the app and stole money.   

XSS vulnerabilities found in DMS providers

  • Date: February 7, 2023
  • Attack type: Zero-day
  • Target: OnlyOffice, OpenKM, LogicalDOC, Mayan
  • Vulnerability: Improper input neutralization
  • Impact: Unknown

Four DMS providers reportedly had XSS vulnerability – CWE – 79. The companies have both free and freemium offerings. The zero-day vulnerabilities were discovered by Rapid7 during a regular inspection.

71 million request-per-second HTTP DDoS attack thwarted by CloudFlare

  • Date: February 14, 2023
  • Attack type: DDoS
  • Target: Cloudflare users
  • Perpetrators: Unknown
  • Impact: The attack was mitigated

On 14th February 2023, Cloudflare thwarted the largest known DDoS attack peaking at 71 million requests per second. The attack was mounted against gaming platforms, cryptocurrency companies, and hosting providers, among others, that use Cloudflare to protect their websites. The attack was based on HTTP/2 and involved 30,000 IP addresses.

Dish Network faced a data breach

  • Date: February 23, 2023
  • Attack type: Data Breach
  • Target: Dish Network
  • Impact: Some data was extracted and Dish’s share price fell by 6.5%

Dish Network, one of the USA’s biggest television providers, disclosed that the network outage reported earlier was connected to a cyber attack. The root causes of the intrusion are yet to be found. The attack resulted in data theft and internal communication breakdown.

US Marshals Service faces ransomware attack

  • Date: February 17, 2023
  • Attack type: Ransomware
  • Target: USMS
  • Impact: Sensitive law enforcement data exposed

The U.S. Marshals Service is responsible for sensitive tasks like the security of federal judges, fugitive apprehension, etc. The stand-alone USMS system was compromised by attackers exposing data related to USMS investigations. 

Major Cyber Attacks in January 2023

In this section, we’ll learn about recent cyber attacks – their targets, perpetrators, impact, and current status. This is not an exhaustive list. We’ve picked the most impactful attacks.

T-Mobile Data Breach

  • Date: January 5, 2023
  • Attack type: API data breach
  • Target: T-Mobile
  • Perpetrator: Unknown
  • Impact: Limited types of information were exposed affecting 37 million users 

On January 19, 2023, T-Mobile, a wireless telecommunication provider in the US, announced that a bad actor had gained access to some customer data through a vulnerable API. As per their declaration, sensitive data like payment card information, or social security numbers were stolen in the breach.

Attack on AirFrance and KLM

  • Date: January 9, 2023
  • Attack type: Data breach
  • Target: Flying Blue customers of AirFrance and KLM
  • Perpetrator: Unknown
  • Impact: Exposure of email IDs, user names, earned miles balance

In a recent report, two major airlines, AirFrance and KLM have confirmed unauthorized access to customer data. The attack exposed some personally identifiable information about Flying Blue customers. However, no Passport, financial information, or social security information was exposed. Flying Blue is a customer-loyalty program run by a number of airlines.

Windows ALPC Zero Day

  • Date: January 10, 2023
  • Attack type: Zero-day
  • Target: Windows Advanced Local Procedure Call
  • CVE: CVE-2023-21674
  • Impact: Privilege escalation

According to Microsoft, A malicious user who successfully exploited this vulnerability could gain SYSTEM privileges”

Notably, Microsoft released 98 patches on January 10, 2023, including the one for the ALPC zero-day vulnerability.  

Attack on Mailchimp

  • Date: January 11, 2023
  • Attack type: Data Breach through social engineering
  • Target: Tool used by Mailchimp’s customer-facing teams
  • Perpetrator: Unknown
  • Impact: Unauthorized access to 133 Mailchimp accounts

On January 11, 2023 Mailchimp discovered unauthorized access to some Mailchimp accounts. Attackers used social engineering to steal employee credentials for a tool used by MailChimp’s customer-facing employees. As per the declaration by Mailchimp, the attack was limited to 133 accounts. On 12th January the affected accounts were shut down and later reinstated.

A third-party data breach affected Nissan North America

  • Date: January 16, 2023
  • Attack type: Third-party data breach
  • Target: A third-party software development vendor used by Nissan North America
  • Perpetrator: Unknown individual
  • Impact: Personally Identifiable Information of 17,998 customers was exposed

Nissan North America reported on January 16, 2023, a data breach that had taken place in June 2022. A third-party vendor that had access to limited customer data for development purposes was victimized by the bad actor. An investigation launched by Nissan in September 2022 confirmed that the attack took advantage of the badly configured database used by the vendor.

Attack on PayPal customers

  • Date: January 18, 2023
  • Attack type: Credential stuffing
  • Target: PayPal customers
  • Perpetrator: Unknown
  • Impact: Hackers had access to the personal data of 34,942 PayPal users for 2 days

Credential stuffing is a cyber-attack where hackers use automated tools to enter thousands of user IDs and passwords stolen during earlier attacks into the input fields meant for customers. Due to the habit of people using the same credentials for multiple accounts, credential stuffing actually works. 

In the case of PayPal users, hackers had access to the full names, dates of birth, social security numbers, postal addresses, and individual tax identification numbers of 34,942 users for 2 days.

Attack on Schools in Tucson, Arizona, and Nantucket

  • Date: January 20, 2023
  • Attack type: Ransomware
  • Target: Tucson Unified School District, Arizona
  • Vulnerability: Clickjacking (unconfirmed)
  • Perpetrators: Royal Ransomware gang
  • Impact: 42000 students and 7000 staff members are affected.

The Tucson Unified School District is Southern Arizona’s largest school district. The schools had to shift to an offline mode of instruction as their data was encrypted by a ransomware attack on the last weekend of January. The hackers have demanded ransom and threatened to publish stolen data on non-payment.

Exposition of Yandex source code

  • Date: January 26, 2023
  • Attack type: Information theft
  • Target: Yandex
  • Perpetrator: Allegedly former Yandex employee
  • Impact: Unconfirmed

Yandex is a major Russian technology company. Code repositories amounting to 44.7GB were published as a Torrent on a hacker forum recently. The poster claimed that the files contain Git resources belonging to Yandex. The company has denied having been hacked. It has blamed a former employee for the theft and also confirmed that the exposed source code is not currently in use.

Killnet targets US hospitals with DDoS attacks

  • Date: January 30, 2023
  • Attack type: DDoS
  • Target: 14 hospitals in the USA
  • Perpetrators: KillNet
  • Impact: Outage in IT services and electronic health records

KillNet is a Russian hacktivist group that has been actively targeting US healthcare facilities including Stanford University. The US Department of Health and Human Services has raised an alert regarding these attacks. KillNet is well-known for attacking countries that opposed Russia’s invasion of Ukraine.    

Notably, Kaspersky’s recent quarterly report mentioned 57000 reported DDoS attacks in three months. There was a 79% spike in DDoS attacks in 2022. 

Attack on ION Group

  • Date: January 31, 2023
  • Attack type: Ransomware
  • Target: ION Cleared Derivatives
  • Vulnerability: Unknown
  • Perpetrators: LockBit Ransomware gang
  • Impact: 42 Financial Institutions in the US and Europe

The Russian RaaS gang LockBit added ION Group to their data leak site threatening to publish sensitive data of investors after mounting a ransomware attack on ION Cleared Derivatives, a branch of ION Markets, on January 31. This affected derivative trading in Europe, the US, and the UK. 

Cyber Security Trends and Predictions for 2023

  1. There will be a rise in zero-day vulnerabilities and attacks on supply chains 
  2. Owing to the decreasing profitability of illegitimate crypto mining, crypto-jacking groups are likely to turn their focus on cloud-based applications and perpetrate DDoS and ransomware attacks.
  3. IoT devices are likely to be attacked with ransomware more frequently
  4. API continues to be one of the most important attack vectors
  5. Deepfake audio and videos will be used more frequently in phishing attacks.

How to Secure Your Business?

While the current cyber threat landscape is gloomy and quite frightening, you can take some fairly simple steps to decrease the risk of being victimized by a cyber attack.

  • Implement multifactor authentication for all your accounts
  • Stress on using vendors that offer multifactor authentication
  • Implement proper input validation on all customer-input-enabled areas on your website
  • Keep all extensions, appliances, and applications up-to-date
  • Do not delay implementing patches
  • Practice regular security testing – vulnerability assessment and penetration testing.


The best you can do to run a secure business in 2023 is to make life really hard for hackers. While you may not have control over zero-day exploits, you can ensure that you never run a vulnerable appliance for which a patch was available. Educate your teams, and make cybersecurity an integral part of your business functionality. You should be good.

Was this post helpful?

Nivedita James

Nivedita is a technical writer with Astra who has a deep love for knowledge and all things curious in nature. An avid reader at heart she found her calling writing about SEO, robotics, and currently cybersecurity.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany