{
	"id": "07bfea3c-3259-4434-8e63-6b9cf3e3dd57",
	"created_at": "2026-04-06T00:19:09.382905Z",
	"updated_at": "2026-04-10T13:11:57.292541Z",
	"deleted_at": null,
	"sha1_hash": "9af5b99ae14722b51c089aecee465486e519c8bf",
	"title": "30th October – Threat Intelligence Report - Check Point Research",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 62063,
	"plain_text": "30th October – Threat Intelligence Report - Check Point Research\r\nBy lorenf\r\nPublished: 2023-10-30 · Archived: 2026-04-05 15:42:24 UTC\r\nFor the latest discoveries in cyber research for the week of 30th October, please download our Threat_Intelligence\r\nBulletin.\r\nTOP ATTACKS AND BREACHES\r\nStanford University has been a victim of cyber-attack that affected the systems of its Department of Public\r\nSafety (SUDPS). Akira ransomware gang claimed responsibility for the attack, which allegedly resulted in\r\nthe exposure of 430GB of university’s data.\r\nCheck Point Harmony End Point and Threat Emulation provides protection against this threat\r\n(Ransomware_Linux_Akira; Ransomware.Wins.Akira)\r\nUkrainian hacktivists groups dubbed KibOrg and NLB in collaboration with the Ukraine Security Services\r\n(SBU) have breached the Russia’s largest private bank Alfa-Bank. The threat actors claimed to have\r\nobtained the private information of more than 30M clients, including full names, dates of birth, account\r\nnumbers, and phone numbers.\r\nThe University of Michigan has disclosed a data breach that affected the personal information of an\r\nunverified amount of students, applicants, employees and others. The threat actors have gained access to\r\nthe university servers between August 23-27, and have stolen Social Security numbers, driver’s license\r\nnumbers, government IDs, payment card numbers, as well as healthcare information.\r\nThe University of Tokyo has experienced a data breach that impacted the personal information of students\r\nfrom the academic years of 2003 to 2022. The exposed data consists of more than 4K files containing\r\naddresses and grades, which were leaked as a result of malware infection that was distributed from a\r\nfaculty member’s email.\r\nThe city of Philadelphia has confirmed a data breach that may have affected some individuals’ private\r\ninformation. The threat actors accessed the city’s email system for a period of two months, and potentially\r\nobtained sensitive healthcare data stored in the email accounts.\r\nVictorville city in California, has been a victim of a data breach that exposed the personal information of an\r\nunverified amount of individuals. The threat actors gained access to certain files within the city’s network\r\nwhich include Social Security numbers, driver’s license numbers, state ID card numbers, medical\r\ninformation, and health insurance policy numbers.\r\nThe Clark County School District (CCSD) in Nevada has suffered a data breach occurred due to an\r\nunauthorized access to the district’s email servers. The attackers accessed personal information related to a\r\nsubset of students, parents, and employees. The data potentially includes student photos, addresses, student\r\nhttps://research.checkpoint.com/2023/30th-october-threat-intelligence-report/\r\nPage 1 of 3\n\nID numbers, and email addresses. Security researchers found that SingularityMD threat group is behind the\r\nbreach and have already begun to leak the data.\r\nVULNERABILITIES AND PATCHES\r\nApple has released security patches for a variety of products, including iOS and iPadOS 17.1, macOS\r\nSonoma 14.1, watchOS 10.1, and others. Among them is a high severity single kernel-level security flaw\r\n(CVE-2023-32434) that could be exploited to execute arbitrary code with kernel privileges.\r\nA medium severity vulnerability (CVE-2023-4372) in the LiteSpeed Cache plugin could allow attackers to\r\ninject malicious code into WordPress websites. The plugin is used by over 4M WordPress websites, making\r\nit a popular target for attackers.\r\nF5 has addressed security hotfixes for a critical unauthenticated RCE vulnerability (CVE-2023-46747) in\r\nthe F5 BIG-IP configuration utility. The vulnerability can be exploited without authentication in low-complexity attacks, and could allow an attacker with remote access to the configuration utility to perform\r\nunauthenticated remote code execution.\r\nResearchers have observed a 0Auth vulnerability that can affect popular apps such as Grammarly, Vidio\r\nand Bukalapak. The vulnerability could allow an unauthorized access to users’ accounts.\r\nTHREAT INTELLIGENCE REPORTS\r\nCheck Point Research reports on a 3% uptick in average weekly global cyberattacks in first three quarters\r\nof 2023, compared to the corresponding period in the previous year. One in every 34 organizations globally\r\nencountered a ransomware attack attempt, marking a 4% increase compared to the same timeframe last\r\nyear. Additionally, the global healthcare sector faced an average of 1613 attacks per week, indicating a\r\nsubstantial 11% year-over-year surge, and APAC was the most heavily attacked region with a substantial\r\n15% YoY increase.\r\nCheck Point shares cybersecurity predictions for 2024 that broadly fall into seven categories: Artificial\r\nIntelligence and Machine Learning; Cloud GPU farming; Supply chain and critical infrastructure attacks;\r\ncyber insurance; nation state attacks; weaponized deepfake technology and phishing attacks.\r\nResearchers revealed how attackers could leverage Hugging Face, the popular AI development and\r\ncollaboration platform, to carry out an AI supply chain attack that could impact tens of thousands of\r\ndevelopers and researchers. The attack could lead to remote code execution and hijacking of heavily used\r\nmodels and datasets from Hugging Face with over 100K downloads.\r\nResearchers share a deep technical dive into Cactus ransomware. The ransomware, which was discovered\r\nin March 2023, has been observed creating a mutex to improve infection, and maintaining persistence\r\nusing a scheduled task named “Updates Check Task”.\r\nCheck Point Harmony Endpoint and Threat Emulation provide protection against this threat\r\n(Ransomware.Win.Cactus; Ransomware.Wins.Cactus.ta*)\r\nBLOGS AND PUBLICATIONS\r\nCheck Point Research Publications\r\nhttps://research.checkpoint.com/2023/30th-october-threat-intelligence-report/\r\nPage 2 of 3\n\nGlobal Cyber Attack Reports\r\nThreat Research\r\nFebruary 17, 2020\r\n“The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign\r\nWe value your privacy!\r\nBFSI uses cookies on this site. We use cookies to enable faster and easier experience for you. By continuing to\r\nvisit this website you agree to our use of cookies.\r\nSource: https://research.checkpoint.com/2023/30th-october-threat-intelligence-report/\r\nhttps://research.checkpoint.com/2023/30th-october-threat-intelligence-report/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://research.checkpoint.com/2023/30th-october-threat-intelligence-report/"
	],
	"report_names": [
		"30th-october-threat-intelligence-report"
	],
	"threat_actors": [
		{
			"id": "e3780667-cbca-4671-a9ff-073305fdc58b",
			"created_at": "2023-11-10T02:00:07.49368Z",
			"updated_at": "2026-04-10T02:00:03.435856Z",
			"deleted_at": null,
			"main_name": "SingularityMD",
			"aliases": [],
			"source_name": "MISPGALAXY:SingularityMD",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "8c8fea8c-c957-4618-99ee-1e188f073a0e",
			"created_at": "2024-02-02T02:00:04.086766Z",
			"updated_at": "2026-04-10T02:00:03.563647Z",
			"deleted_at": null,
			"main_name": "Storm-1567",
			"aliases": [
				"Akira",
				"PUNK SPIDER",
				"GOLD SAHARA"
			],
			"source_name": "MISPGALAXY:Storm-1567",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "910b38e9-07fe-4b47-9cf4-e190a07b1b84",
			"created_at": "2024-04-24T02:00:49.516358Z",
			"updated_at": "2026-04-10T02:00:05.309426Z",
			"deleted_at": null,
			"main_name": "Akira",
			"aliases": [
				"Akira",
				"GOLD SAHARA",
				"PUNK SPIDER",
				"Howling Scorpius"
			],
			"source_name": "MITRE:Akira",
			"tools": [
				"Mimikatz",
				"PsExec",
				"AdFind",
				"Akira _v2",
				"Akira",
				"Megazord",
				"LaZagne",
				"Rclone"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434749,
	"ts_updated_at": 1775826717,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9af5b99ae14722b51c089aecee465486e519c8bf.pdf",
		"text": "https://archive.orkl.eu/9af5b99ae14722b51c089aecee465486e519c8bf.txt",
		"img": "https://archive.orkl.eu/9af5b99ae14722b51c089aecee465486e519c8bf.jpg"
	}
}