The Top Cyber Attacks of June 2023

Share :

Summer is here, and things are heating up in the cybersecurity sphere. June saw a third-party vulnerability spiral into the furthest-reaching cyber attack of the year thus far, while separate attacks cut into summer plans for gamers, vacationers, and commuters alike.  

June’s Biggest Cyber Attacks

MOVEit Data Is on the Move 

June’s biggest data breach is one that will continue to reverberate, as the MOVEit cyber attack is shaping up to be one of the most consequential in recent memory. MOVEit is a widely used file-transfer system designed to consolidate an organisation’s transfer activities into a single tool.

Starting on Memorial Day weekend, thieves exploited a zero-day vulnerability in the software to steal data from a dizzying range of organisations around the world in attacks that one security expert called the online equivalent of “smash-and-grab” thefts from vehicles. 

MOVEit parent company Progress Software reported the breach on 31 May and issued a patch for the exploit, but many companies did not install the fix quickly enough to avoid a breach. While it was clear from the start that the exploit was widespread, the scope continued to balloon throughout the month of June.

In the middle of the month, the Russian-speaking hacker group Clop began posting the names of dozens of organizations whose data was stolen in the attack. New victims were still being identified as June drew to a close, with no obvious end in sight.  

The list of victims so far includes governmental departments, major tech companies, educational institutions, and many more. Among the confirmed breaches are: 

  1. U.S. Department of Health and Human Services 
  2. U.S. Department of Energy 
  3. Oil company Shell  
  4. Payroll company Zellis 
  5. Province of Nova Scotia 
  6. Vancouver Transit Police 
  7. States of Illinois, Minnesota, and Missouri 
  8. University of California-Los Angeles 
  9. Cybersecurity company Gen/Norton 
  10. IT company Pricewaterhouse Coopers 
  11. Accounting firm Ernst & Young 
  12. Sony 
  13. Siemens Energy 
  14. Schneider Electric 
  15. Oregon Department of Motor Vehicles 
  16. Louisiana Department of Motor Vehicles
  17. New York Department of Education

With the Clop group still demanding ransom payoffs and more victims emerging by the day, this seems to be a situation that will impact the cybersecurity world for many months to come.

Records Exposed: Total scope is unknown, but includes personally identifiable information for customers and employees, as well as business and operational documents.

Type of Attack: Third-party security exploit

Industry: You name it, Clop breached it

Date of Attack: 27 May 2023 — Ongoing

Location: Worldwide, likely originating from a Russian-speaking region

Key takeaway: The MOVEit breach is one of the clearest illustrations of just how wide-reaching a single cybersecurity incident can be.

What initially appeared to be a fairly small-scale attack has now snowballed into a major data heist that touched organisations of all sizes, in all walks of business and government, and in nearly every corner of the globe. It’s also a reminder for organisations to act quickly when third-party providers issue patches and fixes to known security issues. MOVEit and Progress Software acted swiftly in sending out a patch, but many organisations did not take advantage of it in time to prevent a data theft. 

Hackers Cause Trouble at the Pumps for Canadian Drivers  

A cyber attack on Canadian energy giant SunCor left cashless motorists’ tanks empty in late June. Credit card readers at Petro-Canada stations went down across the country following a 24 June breach, leaving locations to operate on a cash-only basis. Customers were also locked out of the company’s apps and online accounts, denying them access to points and rewards programs. Some SunCor employees also reported difficulty accessing internal accounts.  

Although services were mostly restored within a few days, an outage during a busy summer travel weekend created headaches and chaos across Canadian roadways. Some customers who weren’t carrying cash reported running out of gas and having to be towed to another station. One cybersecurity expert even compared the potential impact of the attack to last year’s devastating Colonial Pipeline breach.

At the time of this writing, the full nature of the attack and any potential culprits had not been disclosed, but it bears many earmarks of a ransomware incident. 

Records Exposed: Unknown. Credit and debit card services disrupted, apps and rewards programs taken offline. 

Type of Attack: Possible ransomware 

Industry: Energy 

Date of Attack: June 24, 2023 

Location: Canada 

Key takeaway: Cybersecurity incidents that cause mostly internal damage are bad enough, but the fallout from a public-facing breach can be all the more impactful. In this case, SunCor found itself battling to not only rectify the cyber attack within its own systems, but also responding to confused and angry customers across the country. That kind of multi-pronged dilemma can be extremely costly from both a tech and a public relations standpoint.  

Blizzard Gamers Get Frozen Out By DDoS 

Some of the biggest titles in online gaming were out of commission over a busy summer weekend after a direct denial of service (DDos) attack on Blizzard Entertainment. Gamers eager to engage with massively popular games such as “World of Warcraft,” “Call of Duty,” and “Diablo IV” found themselves frozen out from signing in to their accounts for much of the day on 25 June.  

The Activision Blizzard servers that authenticate users were flooded with requests from unknown attackers, creating a logjam that essentially rendered many Blizzard titles unplayable. Blizzard acknowledged and apologized for the outage on social media, and notified gamers when the attacks eventually stopped.

As of this writing, no organisation has taken credit for the DDoS incident, although some industry observers have pointed to Activision Blizzard’s long record of corporate controversies as a possible motivation 

Records Exposed: N/A 

Type of Attack: Direct denial of service 

Industry: Gaming and entertainment 

Date of Attack: 25 June 2023 

Location: Santa Monica, California 

Key takeaway: While this service outage will probably be nothing but a blip for Activision Blizzard, the revenues lost from even a brief shutdown are substantial.

The gaming industry attracts a large number of tech-savvy users, which can create problems when those customers feel wronged or slighted. That makes vengeance-minded attacks — of which this may be one — a constant concern for companies like Blizzard. 

No matter your level of online activity, the odds are good that you dealt with a company or organisation that was impacted by one of June’s biggest cyber attacks. This should stand as a reminder that no business is immune to the pervasive reach of cybercrime, and that a proactive posture is more effective than reacting after the fact. 

Learn more about common attack vectors and how to keep your organisation safe. 

Explore the cybercrime ecosystem and understand how partnering with a security operations provider can stop attacks before they begin.  

Picture of Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents