It was quite a roller coaster ride in 2023 when it came to cybersecurity. Cybercriminals continue on a rampage, taking advantage of weaknesses in all sorts of devices, platforms, and networks. From sneaky phishing tricks to dreaded malware infections and data breaches, it felt like we were under constant siege. Here are some of the worst malware, security, and privacy breaches of this past year.
1) Russian cyber group Star Blizzard unleashes a global spear-phishing attack
A Russian hacking group tied to the Kremlin unleashed a global attack. They use what appear to be links to innocent websites to steal information. These hackers from Star Blizzard, which formerly operated as SEABORGIUM, are also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie.
The dangerous group targets anyone who might have information they can use. They even went after the U.S. government. For the most part, Star Blizzard has attacked people tied to academics, defense, government organizations, and more in the U.S. and the U.K.
2) Guard your passwords: CherryBlos & FakeTrade malware threaten Androids
Two related malware campaigns target Android users interested in cryptocurrencies or online income opportunities. The first campaign uses phishing websites to trick users into downloading apps that contain the CherryBlos malware. This malware can steal your cryptocurrency wallet credentials and replace your withdrawal address with the attacker’s.
The second campaign uses fake money-earning apps that contain the FakeTrade malware. These apps promise you increased income, but they will not let you withdraw your funds. Both campaigns use fake posts on popular platforms like TikTok, X, and Telegram to lure