The year 2023 witnessed a surge in high-profile cyberattacks, leaving organizations shattered and the world in chaos. This digital turmoil of hackers in 2023 was exacerbated by the aggressive adoption of AI and machine learning technologies, pushing cybercriminals to employ increasingly sophisticated tactics.
As 2024 dawns, it’s evident that the realm of cybersecurity is set for a significant evolution. With technological advancements accelerating, cyberattacks and their methodologies are expected to become more sophisticated and formidable.
However, a retrospective analysis of past cyber incidents provides valuable insights. By examining the strategies employed by hacker groups in 2023, we can better anticipate future challenges and fortify our defenses.
This article by The Cyber Express takes a deep dive into the activities of prominent hacker groups and individual hackers of 2023.
These entities were responsible for some of the most devastating attacks and data breaches, drawing considerable attention from the security community.
By scrutinizing these incidents, we aim to understand their tactics and implications, providing a groundwork for enhanced preparedness in the face of evolving cyber threats.
Hackers in 2023; Ransomware Groups, Hacktivists, & More
The cyber battlefield of 2023 witnessed a series of impactful attacks, each leaving its distinct imprint on the digital canvas. Ransomware incidents, such as the notorious Cl0p malware attack, showcased the audacity of cybercriminals.
According to cryptocurrency firm Chainalysis, 2023 was on track to be the second-worst year in terms of total extortion payments collected by ransomware gangs.
Cl0p Ransomware group and MOVEit Attacks
A ransomware attack on the MOVEit Transfer file-transfer platform resulted in compromised global networks. Ismael Valenzuela, BlackBerry’s Vice President of Threat Intelligence, emphasizes the significant information threat actors can uncover by compromising such tools.
File-transfer platforms are attractive targets due to their often-sensitive data, exposing industries like payroll, law, U.S. government agencies, airlines, media, oil, health services, and international consulting firms.
The attack, orchestrated by the Clop ransomware gang, exploited a vulnerability in MOVEit Transfer, differentiating it from the SolarWinds supply chain attack.
Mitigation strategies recommended by the Cybersecurity and Infrastructure Security Agency (CISA) include inventory management, access restriction, network monitoring, and regular software updates.
Alphv Ransomware Group
Not far behind in ruthlessness was the Alphv group, also known as Black Cat. With ties to the hackers responsible for the 2021 Colonial Pipeline attack, Alphv gained notoriety in September by targeting MGM Resorts International. Recently, the FBI successfully took down the darknet website of the threat actor.
Following the arrests of ransomware operators in November 2023, the Department of Justice (DoJ) shared a decryption tool with over 500 victims affected by ALPHV.
Despite the FBI’s claims, ALPHV contends that the site was moved, asserting that the decryption key offered by the DoJ pertains to an old version.
After ALPHV resumed control of its domain, the FBI and CISA released a Joint Cybersecurity Advisory detailing tactics, techniques, and procedures (TTPs) along with updates to indicators of compromise (IOCs).
Sandworm and Volt Typhoon
Despite sanctions, indictments, and hefty bounties, certain hackers of 2023 proved resilient this year. The notorious Sandworm, a team of hyper-aggressive military intelligence hackers associated with Russia, remained active and focused on disrupting Ukraine.
Their third blackout cyberattack on a Ukrainian electric utility, amid a Russian air strike, exemplified their audacity. Volt Typhoon, a group dubbed as the potential “Sandworm of China,” raised alarms by planting malware in US power grid networks and critical infrastructure.
The group’s intentions remain unclear, but the specter of disruption during a crisis, such as a conflict over Taiwan, looms large.
Predatory Sparrow’s Cyber Espionage
Predatory Sparrow emerged as a relatively lesser-known entity but not without impact. The group, translating from the Persian Gonjeshke Darande, caught attention in 2022 with a cyberattack on Iranian companies.
Their claim to fame included starting a fire in a steel mill, as evidenced by posted videos. The Iranian government, while branding them as hacktivists linked to the Israeli state, faced a complex web of cyber-espionage and geopolitical tensions.
LockBit 3.0
In 2023, the LockBit ransomware group intensified its activities with the deployment of LockBit 3.0, leveraging vulnerabilities like the CVE-2023-4966 “Citrix Bleed” to infiltrate systems.
This new variant, along with other strains such as LockBit 2.0 (Red) and LockBit 3.0 (Black), contributed to a significant rise in LockBit’s share of ransomware-related incidents, reaching 27% of such activities reported to CERT-FR that year.
Notably, LockBit exploited various critical vulnerabilities across different platforms, including the Fortra GoAnywhere Managed File Transfer, PaperCut MF/NG, and Microsoft Remote Desktop, allowing them to execute remote code, escalate privileges, and access systems unauthorizedly.
Among their high-profile attacks, the disruption of the UK’s Royal Mail stood out, where they encrypted essential systems, significantly affecting international shipping services.
Twitter Data Breach Incident
In the expansive cyberattacks of 2023, the battleground stretched beyond routine targets, reaching the muddy waters of legal repercussions for hackers. Notable among them, Joseph James O’Connor, orchestrator of the 2020 Twitter breach, faced the judicial aftermath, sentenced to five years behind bars.
On July 15, 2020, a major cybersecurity incident unfolded as 130 high-profile Twitter accounts were compromised, promoting a Bitcoin scam. Perpetrators gained access to Twitter’s administrative tools through social engineering, affecting accounts like Elon Musk, Barack Obama, and major companies.
The scam promised to double Bitcoin contributions for a purported COVID-19 relief effort. Three individuals were charged with wire fraud and more. Security experts labeled it “the worst hack of a major social media platform.”
Shakeeb Ahmed
Shakeeb Ahmed, a former Amazon security engineer, pleaded guilty to hacking and embezzling over $12.3 million from two crypto exchanges in July 2022.
The targeted platforms, Nirvana Finance and an undisclosed Solana blockchain exchange fell prey to Ahmed’s adept hacking skills. Ahmed manipulated smart contracts, inflating fees and exploiting a DeFi protocol loophole, racking up illicit gains.
Employing tactics to obfuscate the digital trail, he used cryptocurrency mixers and shifted funds across blockchains.
Ahmed’s online activities revealed intentions to evade legal consequences, including researching strategies to thwart asset seizures. His guilty plea carries a maximum five-year imprisonment term, with sentencing set for March 13, 2024. U.S.
The 18-year-old GTA Hacker
The human element in cybercrime manifested through the case of Arion Kurtaj, an 18-year-old hacker affiliated with the international group Lapsus$.
Despite being diagnosed with severe autism and deemed unfit for trial, Kurtaj received an indefinite hospital order for leaking unreleased Grand Theft Auto 6 clips.
His targeting of tech giants like Uber, Nvidia, and Rockstar Games resulted in approximately $10 million in damages, highlighting the complex intersection of mental health and cybercrime.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.