The 14 Most Notorious Cyberattacks of 2023

In 2023, the world of cybersecurity experienced an unprecedented surge in cyber activity, ranging from massive attacks to the emergence of new threats and vulnerabilities. Out of countless incidents, 14 major cybersecurity events stood out, each deserving special attention.

1. 23andMe Data Breach

Genetic testing company 23andMe suffered a breach that exposed the data of 6.9 million users. The attack revealed genetic information of Ashkenazi Jews, UK and German residents, and, according to hackers, included data on members of royal families, the Rothschilds, and the Rockefellers.

2. Hosting Firm Loses All Client Data After Ransomware Attack

Danish cloud provider CloudNordic fell victim to a ransomware attack, resulting in most clients irreversibly losing all data stored on the company’s servers.

3. Anonymous Sudan Hacktivists Disrupt Tech Giants with DDoS Attacks

The group Anonymous Sudan caused outages for major tech companies, including Microsoft, by launching large-scale DDoS attacks that disrupted websites and services.

4. New Acoustic Attack Steals Keystrokes with 95% Accuracy

Researchers from UK universities trained a deep learning model to steal keyboard keystrokes recorded via microphone, achieving up to 95% accuracy in capturing sensitive data.

5. PayPal Account Breach

PayPal faced a credential stuffing attack that compromised 34,942 accounts, exposing users’ personal information.

6. DISH Network Ransomware Attack

American TV giant DISH Network suffered a ransomware attack that disrupted its services, compromised user data, and left company systems offline for several days.

7. Hackers Steal GoDaddy Source Code and Install Malware

Hosting service GoDaddy was attacked, allowing unknown hackers to steal source code and install malware on company servers. The breach, which began in 2021, gave cybercriminals access to the personal information of 1.2 million WordPress site owners, including credentials, and enabled them to redirect websites to other domains. No group has claimed responsibility for the attack.

8. Ransomware Attack on MGM Resorts International

A cyberattack on hospitality and entertainment giant MGM Resorts International crippled key systems, including the main website, online booking, and casino services. ATMs, slot machines, and credit card terminals were also affected. The same group (Scattered Spider) also targeted Caesars Entertainment. Researchers believe the hackers are young adults, aged 19 and up, living in the US and UK.

9. 3CX Supply Chain Attack

The North Korean hacker group Lazarus breached 3CX systems to inject malware into the company’s supply chain, affecting thousands of users worldwide.

10. Barracuda Urges Immediate Replacement of Compromised ESG Devices

Some Barracuda Email Security Gateway (ESG) devices were compromised via a zero-day vulnerability, leading to malware installation and data theft.

11. Massive ESXiArgs Ransomware Attack on VMware ESXi Servers

More than 3,000 VMware ESXi servers were encrypted by the ESXiArgs ransomware. Victims reported that all files related to VMware ESXi virtual machines (.vmxf, .vmx, .vmdk, .vmsd, and .nvram) were encrypted within hours of the attack.

12. Brazil Seizes Flipper Zero Devices to Prevent Criminal Use

In March 2023, Brazilian customs seized shipments of Flipper Zero gadgets, blocking their delivery to recipients. Authorities cited concerns over potential criminal use, while buyers claimed the regulator rejected all attempts to certify this multifunctional cybersecurity tool for penetration testers.

13. iPhone Spyware Infections in Operation Triangulation

Kaspersky Lab experts revealed details of Operation Triangulation, in which cyber spies collected data from iOS devices using a unique implant called TriangleDB. This implant operates in device memory and leaves no trace on disk.

14. MOVEit Transfer Data Theft Attacks

A series of attacks exploited a zero-day vulnerability in the MOVEit Transfer file transfer platform, allowing hackers to breach servers and steal stored data. The flaw was used to hack 2,706 organizations and expose the personal data of over 93 million people.

Key Takeaways for Cybersecurity in 2023

These cybersecurity incidents from 2023 highlight the critical importance of data protection and readiness for new threats. They serve as a reminder that cyberspace is constantly evolving, and it’s essential not only to respond to emerging threats but also to anticipate potential risks.

These events are a warning to organizations of all sizes about the need to invest in stronger security measures, staff training, and incident response planning to minimize the risks and consequences of cyberattacks.