14 April 2023

7 min read

Genesis Market taken down and notorious Spanish hacker arrested | Cyber Intelligence Briefing: 14 April

April 2023
Genesis Market taken down and notorious Spanish hacker arrested | Cyber Intelligence Briefing: 14 April placeholder thumbnail


Top news stories this week

  1. Against all odds. Genesis Market taken down and notorious Spanish hacker arrested.
  2. Wonder woman. GCHQ appoints Anne Keast-Butler as first ever female director.
  3. Big business. Major disruption as Capita, Lürssen, and Latitude Financial hit by ransomware attacks.
  4. Wiper attacks. Iranian state-backed groups conduct destructive attacks masquerading as ransomware.
  5. School’s out. Minnesota school district cancels classes after a cyber attack.
  6. King’s-pawned. New iPhone spyware using zero-click exploits uncovered.
  7. Patch hour. Windows and Apple release patches.


1. Major law enforcement actions against cyber criminals

An international law enforcement operation led by the FBI seized Genesis Market, a major platform for cyber fraud. The platform sold stolen credentials and illicit tools that attackers used to impersonate users and access their online accounts. 

Separately, Spanish authorities arrested a 19-year-old hacker who has been accused of conducting multiple high-profile cyber attacks, creating a search engine for selling stolen sensitive information, money laundering, and more.

So what?

These actions demonstrate the commitment of law enforcement agencies to identify and disrupt criminal networks. On top of protecting individuals and organisations, these operations also send a strong message to cyber criminals that their activities will not go unpunished if caught.



2. GCHQ appoints first ever female director 

Anne Keast-Butler has been appointed as the 17th and first female director of GCHQ, the UK’s intelligence and cyber security agency. Keast-Butler stated that her intention is to continue the agency’s mission to strengthen the security of the UK and address the ransomware threat to the country.


So what?

Representation and diversity in the intelligence and cyber security sector is vital for harnessing different perspectives, skillsets, and experiences.



3. Capita, Lürssen, and Latitude financial hit by major cyber attacks 

The UK’s leading supplier of business process outsourcing, Capita, has confirmed that a cyber attack caused the recent outage of its global IT systems, impacting staff and customers. The Russia-linked ransomware group Black Basta has claimed responsibility for the attack.

A ransomware attack over the Easter Weekend also brought German shipbuilder Lürssen to a standstill. Separately, Australian lender Latitude Financial has refused to pay a ransom after reportedly suffering the largest data breach to impact an Australian financial institution.

So what?

Dozens of companies are hit by ransomware every day. Ensuring your business has a well-tested ransomware resilience plan is important in mitigating the operational impacts of a cyber incident.




4. Iranian APT actors disguise wiper attacks as ransomware

Microsoft has warned that Iranian advanced persistent threat (APT) groups MuddyWater and iDEV-1084 are conducting wiper attacks disguised as ransomware. Wiper attacks involve the deletion of data, including entire server farms and storage accounts, and are designed to cause major disruption. The targets have reportedly been Middle Eastern-based organisations.

So what?

APT groups often possess additional resources and operate with political motives, rather than solely for financial gain. It is crucial for companies to consider the range of adversaries which might target their data and infrastructure.



Cyber Security Insights Report


5. Minnesota school district cancels classes for 27 schools

Rochester Public Schools in Minnesota shut down their network and core infrastructure in response to a cyber attack. The school district cancelled all classes for over 18,000 students across the 27 schools it operates. The education authority later confirmed that the unidentified threat actor accessed their data.

So what?

Organisations with a limited cyber security budget often struggle to protect their systems from an evolving threat landscape. Cost effective solutions such as strong password policies, regular patching, and multi-factor authentication remain vital.



6. iPhone spyware using zero-click exploit uncovered

Microsoft researchers have attributed a powerful iOS spyware known as KingsPawn to the Israeli firm QuaDream. The spyware has been used to target journalists and politicians from multiple countries and has the capabilities to record messages and conversations. The spyware is spread by sending invisible iCloud calendar invitations, meaning no interaction is required from the victim.

So what?

iPhone users who are at risk of commercial spyware should consider enabling ‘lockdown mode’, which can provide some additional protection.



7. Microsoft Patch Tuesday and emergency security update from Apple

Microsoft has addressed 97 bugs in this month’s Patch Tuesday, seven of which are classified as critical.

Separately, Apple recently released emergency security updates addressing two zero-day vulnerabilities in iPhones, iPads, and Macs. Both vulnerabilities could lead to corruption of data and arbitrary code execution.

So what?

Organisations should maintain a register of their software assets and install patches as they become available.



Cyber Intelligence Briefing

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.


Miles Arkwright
Miles Arkwright
Associate, Cyber Security
James Tytler
James Tytler
Associate, Cyber Security

James Tytler is a cyber security associate in S-RM’s incident response team. In addition to responding to a wide range of cyber security incidents, he also supports clients with cyber threat intelligence services.

Before joining S-RM’s cyber security team, James worked at a London-based corporate intelligence firm, where he specialised in Middle Eastern subjects.

James has a BA in Arabic and Persian from the University of Cambridge, and an MA in International Security from Sciences Po Paris. He speaks fluent French.

Miles Arkwright
Miles Arkwright

Associate, Cyber Security

James Tytler
James Tytler

Associate, Cyber Security

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.