Cyber Weekly Digest - 2022 Week #18

In this week’s Cyber Weekly Digest find out about the biggest cyber security news including a threat actor who has been convicted of stealing $23 million from the US Department of Defence through phishing attacks, and hacktivists who have been targeting Russian alcohol distributors. Keep reading to stay up to date with the latest cyber security news from across the world.

1. The US Department of Defence was tricked into paying $23.5 million to a phishing actor.

This week an individual has been convicted for multiple counts relating to a phishing operation that caused $23.5 million in damages to the US Department of Defence. The threat actor sent phishing emails to businesses that conduct business with the Federal Government register in order to steal credentials. Using stolen credentials the threat actor was able to divert a $23,453,350 contract payment for the provision of 10,080,000 gallons of jet fuel to his personal bank account.

2. Heroku forces password resets following unauthorized access to an internal customer database.

Salesforce-owned subsidiary Heroku revealed that a compromised token was abused to breach the database and exfiltrate passwords for users’ accounts. Salesforce has since said it is resetting all Heroku user passwords and ensuring that potentially affected credentials are refreshed.