Take a look at our latest Cyber Weekly Digest for a rundown of our biggest cyber security news picks. In this digest find out about one of the largest crypto heists of the year as well as the Egyptian MP targeted in a spyware attack.  Keep reading to stay up to date on the biggest cyber security news from around the world.‍

‍

1. Microsoft data beach affects 60,000 US government officials emails. ‍

In May, Chinese threat actors compromised Microsoft’s cloud-based exchange email platform, stealing tens of thousands of US government officials emails. During a recent Senate staff briefing, US State Department officials disclosed that the attackers stole at least 60,000 emails from Outlook accounts belonging to State Department officials stationed in East Asia, the Pacific, and Europe. The hackers managed to obtain a list containing all of the department's email accounts. Microsoft revealed that during the breach threat actors successfully breached Outlook accounts associated with approximately 25 organisations.‍

‍

2. New Apple zero-day vulnerability used to target Egyptian ex-MP with Predator spyware.

The three zero days patches by Apple last week were found to be leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian MP Ahmed Eltantawy between May and September 2023. It is believed that the attacks started after the MP started his plans to run for president. According to investigations the surveillance tool is said to have been delivered via links sent on SMS and WhatsApp. The Predator Spyware enables its customers to surveil targets of interest and harvest sensitive data from compromised devices, but has been abused to target high profile officials.‍

‍

3. Johnson control suffers major ransomware attack.

Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations. Johnson suffered the cyberattack over the weekend and caused the company to shut down portions of its IT systems. Researchers have since shared a sample of a Dark Angels VMware ESXi encryptor containing a ransom note stating it was used against Johnson Controls. The ransom note links to a negotiation chat where the ransomware gang demands $51 million to provide a decryptor and to delete stolen data. The threat actors also claim to have stolen over 27 TB of corporate data and encrypted the company's VMWare ESXi virtual machines during the attack.‍

‍

4. Booking customers targeted in widespread phishing campaign. ‍

Booking.com customers have been the focus of a new, large-scale phishing campaign according to a new advisory released this week. Researchers noted that to carry out the campaign attackers gain unauthorized access to hotel systems, effectively taking control of the hotel’s Booking.com account. From here the attackers extract the personal data of hotel guests. This includes names, booking dates, hotel details and partial payment methods.  In the third phase of the attack, the attackers utilize the stolen data to send messages alerting guests that their bookings are at risk of cancellation within 24 hours unless they promptly provide their credit card details under the guise of a verification.‍

‍

5. Mixin Network suspends service following a $200 million attack.

Mixin Network, an open-source, peer-to-peer transactional network for digital assets, has announced on Twitter that deposits and withdrawals are suspended effective immediately due to a $200 million hack the platform suffered on Saturday. The incident occurred on September 23 early in the morning and the attack reportedly targeted the database of Mixin’s cloud service provider.  With the hack causing $200 million in losses, it makes it one of the largest crypto thefts this year. The North Korean hackers, who are specialists in crypto heists, have been blamed for stealing a total of $240,000,000 worth of cryptocurrency this year. However, the North Korean Lazarus hackers have not yet been attributed to this attack.