We’ve compiled a list of the cyber-attacks, data breaches and ransomware attacks that made news in September 2022.
This list has been created for purely educational purposes, to turn the spotlight on the ever-increasing number of cyber attacks on organisations across the world.
Below are the other cyber-attacks, ransomware attacks and data breaches that made the news in the month gone by.
- Cyber-Attacks in September 2022
- Data Breaches in September 2022
- Ransomware Attacks in September 2022
- New Ransomware/Malware Detected in September 2022
- Vulnerabilities/Patches
- Advisories issued etc. in September 2022
The idea is to help businesses understand that they must look into their cyber-attack or ransomware readiness with utmost urgency. Apart from investing in the right infrastructure and software tools, it is also important to be ready with a strong cyber incident response plan and strategy. This can help mitigate the impact of any attack that may occur.
The Uber hack was perhaps the most significant cyber-attack of September 2022 and definitely one of the biggest for this year. The fact that a classic social engineering attack was able to compromise the infrastructure of a Fortune 500 company was yet another bugle call for the cybersecurity community to evaluate where it stands in terms of breach readiness and the awareness and training of its staff.
For further reading into this specific attack, we have curated a Live Uber Hack Timeline.
Cyber Attacks in September 2022
| Date | Target/ Victim |
Summary | Threat Actor(s) | Business Impact | Reference Link |
| Sept 1, 2022 | Yandex Taxi | Hackers hit Russian taxi app, Yandex Taxi; Send hundreds of taxis to the same address in Moscow to halt services. | Suspected hacker under OpRussia campaign | Breakdown of the taxi service & a massive gridlock in Moscow | Yandex Hack |
| Sept 5, 2022 | Holiday Inn | Holiday Inn, owned by Intercontinental Hotels Group (IHG), suffers a cyber-attack. | TeaPea (Supposedly a Vietnamese couple) | Booking channels & other applications significantly disrupted | Holiday Inn Hack |
| Sept 5, 2022 | Go-Ahead | Go-Ahead, one of the UK’s biggest transport companies, has said it is managing a cyber-attack that has affected software used to schedule bus drivers and services. | Unknown | Several back office systems affected, including bus services and payroll software | Go-Ahead Attack |
| Sept 6, 2022 | Japanese Govt Website |
A Pro-Russian hacker group, Killnet, takes responsibility for a series of cyber-attacks against the Japanese Government. | Killnet | Japanese e-Gov portal website became inaccessible along with several other sites |
Japanese Govt Attack |
| Sept 10, 2022 | Albania Border System | Albania reports 2nd cyberattack by Iran on one of its border systems. | Iranian Source | Border System Hit | Albania Border System Attack |
| Sept 11, 2022 | Swedish Election Authority | Hackers hit Swedish Election Authority with three DDoS attacks on day of vote. | Unknown | Uncertain | Swedish Election Authority Attack |
| Sept 14, 2022 | Individual Microsoft users | Threat actors exploit the death of Queen Elizabeth II in phishing attacks to lure targets to malicious sites designed to steal their Microsoft account credentials. | Unknown | Uncertain | Phishing Campaign Exploiting the Queen’s Death |
| Sept 14, 2022 | US govt & power cos | FBI indicts three Iranians hackers for cyber attacks targeting local US governments, power companies. | Three Iranian Nationals | Undefined | Multiple Cyber-Attacks by Iranian Nationals |
| Sept 19, 2022 | Rockstar Games | Rockstar has confirmed the Grand Theft Auto VI footage leaked online over the weekend was stolen from its network. | Lapsus$ group | Hacker stole and leaked footage of GTA6 | Rockstar System Compromised |
| Sept 21, 2022 | Slovakians using LinkedIn Smart Link | Phishing Campaign abuses LinkedIn slink (Smart Link) to bypass Secure Email Gateways (SEGs). | Unknown | Unknown | LinkedIn Smart Link Phishing Campaign |
Data Breaches in September 2022
| Date | Target/ Victim |
Summary | Threat Actor(s) | Business Impact | Reference Link |
| Sept 2, 2022 | Samsung | Samsung confirms a new data breach. | Unknown | Customers’ names, contacts & demographic information, dates of birth, & product registration data stolen | Samsung Data Breach |
| Sept 2, 2022 | Taxpayers in the US | The Internal Revenue Service accidentally leaks confidential information for approximately 120,000 taxpayers. | – | Taxpayer data leaked | IRS taxpayer data leaked |
| Sept 3, 2022 | TikTok and WeChat | TikTok denies data breach in which a hacking group known as ‘AgainstTheWest’ claims to have breached both TikTok and WeChat | ‘AgainstTheWest’ | Hackers claim to have stolen source code and user data of TickTok and WeChat | TikTok denies data breach |
| Sept 7, 2022 | U-Haul | After a detailed investigation, U-Haul discloses data breach which exposed customers and driver licences |
Unknown | Customers’ name & driver licence information stolen | U-Haul Data Breach |
| Sept 7, 2022 | Armed Forces General Staff Agency of Portugal | Hackers hit the Armed Forces General Staff agency of Portugal (EMGFA) and allegedly sell the stolen classified NATO documents on the dark web. | Theft of classified NATO documents | Classified NATO docs stolen from Portugal | |
| Sept 7, 2022 | North Face | A credential stuffing attack on North Face occurred between July and August 2022; hit 200,000 North Face accounts. | Unknown | 200,000 North Face accounts affected | North Face Credential Stuffing Attack |
| Sept 11, 2022 | Revolut | Revolut suffers a cyber-attack giving unauthorised third-party access to personal information of tens of thousands of clients | Unknown | Data of 50,000 users exposed | Revolut Cyber-Attack |
| Sept 13, 2022 | FishPig | Hackers breach FishPig, a software vendor for Magento, in a supply-chain attack. | Unknown | Malicious code added to vendor’s software | FishPig Cyber-Attack |
| Sept 15, 2022 | Uber | An 18-year old hacker allegedly breaches the Uber database.
Read more on this major, news-making attack in our Uber Cyber-Attack Live Timeline |
Lapsus$ Group | Hacker/breached multiple internal systems, with administrative access to Uber’s cloud services including on Amazon Web Services (AWS) and Google Cloud (GCP) | Uber Cyber-Attack |
| Sept 16, 2022 | American Airlines | American Airlines discloses data breach after employee email accounts & unconfirmed personal data compromised. | Unknown | Credentials of 1700 customers & employees, allegedly, compromised | American Airlines Data Breach |
| Sept 16, 2022 | GitHub | GitHub warns of on-going Phishing Campaign using fake CircleCI notifications. | Unknown | GitHub not impacted but accounts of its customers were affected | GitHub Phishing Campaign |
| Sept 16, 2022 | 2K | Hackers compromise support system of American video game publisher 2K & send support tickets to gamers containing RedLine password-stealing malware. | Unknown | Uncertain | 2K support system hack |
| Sept 20, 2022 | Wintermute | Digital assets trading firm Wintermute gets hacked & loses $162.2 million in DeFi operations. | Unknown | $162.2 million stolen in DeFi ops | Wintermute hack |
| Sept 21, 2022 | LockBit Ransomware Gang | LockBit ransomware operation suffers a breach, with an allegedly disgruntled developer leaking the builder for the gang’s newest encryptor. | Allegedly a disgruntled LockBit developer | Uncertain | LockBit Ransomware Operation Breach |
| Sept 22, 2022 | Optus | Australia’s second-largest telecommunications company, Optus, has reported a cyber-attack affecting 2.8 million Australians | Unknown | 2.8 million Australians’ data compromised | Optus Cyber Attack |
Ransomware Attacks in September 2022
| Date | Target/ Victim |
Summary | Threat Actor(s) | Business Impact | Reference Link |
| Sept 1, 2022 | Damart | Hive ransomware gang demands $2 million from Damart, a French clothing company it attacked in mid-August | Hive Ransomware Gang | Company systems encrypted & operations disrupted since Aug, 2022 | Damart Ransomware Attack |
| Sept 1, 2022 | NFL’s San Francisco 49ers | NFL’s San Francisco 49ers confirms and informs its customers that a ransomware attack that hit its network earlier this year affected more than 20,000 individuals | Blackbyte Ransomware Gang | Personal information of 20,930 individuals compromised | 49ers Ransomware Attack |
| Sept 1, 2022 | Montenegro Government | Hackers demand $10 million for a ransomware attack that hit Montenegro in mid-August | Cuba Ransomware Gang | Critical Infrastructure Impacted | Montenegro Ransomware Attack |
| Sept 1, 2022 | Chile Govt Agency | New ransomware targets Windows, Linux servers of Chile govt agency | Uncertain | Operations & Online Services of govt agency impacted | Chile Govt Agency Attack |
| Sept 2, 2022 | Italy’s Energy Agency GSE | The BlackCat/ALPHV ransomware gang takes responsibility for the attack that hit the systems of Italy’s energy agency Gestore dei Servizi Energetici SpA (GSE) | BlackCat/ ALPHV |
GSE website taken down | Italy’s Energy Agency Attack |
| Sept 3, 2022 | Los Angeles Unified School District | The Los Angeles Unified School District deals with a ransomware attack where Vice Society gang stole 500 GB of data | Vice Society | 500 GB of data stolen | LAUSD Ransomware Attack |
| Sept 9, 2022 | Empress Emergency Medical Services, New York | Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider, has disclosed that a ransomware attack earlier in the year led to a data breach exposing information of 3,18,558 customers | Hive Ransomware (unconfirmed) | Customer data exposed | Empress EMS Ransomware Attack |
| Sept 12, 2022 | Mitel MiVoice VOIP | Lorenz ransomware gang exploits critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises via phone systems | Lorenz Ransomware Gang | Unknown | Mitel MiVoice VOIP Ransomware Attack |
| Sept 12, 2022 | Bell Canada subsidiary, Bell Technical Solutions (BTS) | Hive ransomware gang claims responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS) on 20th August 2022 | Hive Ransomware | Unknown | Bell Technical Solutions Ransomware Attack |
| Sept 19, 2022 | New York Racing Association | Hive ransomware operation claims responsibility for an attack on the New York Racing Association (NYRA), which previously disclosed that a cyber attack on June 30, 2022, impacted IT operations and website availability and compromised member data | Hive Ransomware | IT Operations & Website Data affected; member data compromised | NYRA Ransomware Attack |
Ransomware attacks are becoming more complex and dangerous with every passing month. That’s why our experts at Cyber Management Alliance have created these FREE downloadable resources for ransomware mitigation and response.
New Ransomware/Malware Discovered in September 2022
| New Ransomware/Malware | Summary | Reference Link |
| Ballacks Ransomware | PCrisk researchers find new ransomware belonging to the VoidCrypt Ransomware family. | Ballacks Ransomware Discovered |
| DoyUK 7.1 Ransomware | PCrisk researchers discover DoyUK 7.1 Ransomware after previously analysing DoyUK 2.0 and DoyUK 5.0. | DoyUK 7.1 Ransomware Discovered |
| MLF Ransomware | PCrisk tracks new ransomware-type programme – MLF. It belongs to the Phobos Ransomware family. | MLF Ransomware Discovered |
| FARGO Ransomware | ASEC analysis team discovers distribution of FARGO Ransomware targetting unsecured MS-SQL servers. | FARGO Ransomware distribution |