22 September 2023

10 min read

International Criminal Court impacted by cyber security incident | Cyber Intelligence Briefing: 22 September

September 2023
Cyber Security Insights


Top news stories this week

  1. The jury is out. International Criminal Court impacted by cyber security incident. 
  2. Security stumbles. T-Mobile and Microsoft inadvertently leak sensitive data. 
  3. Supplier beware. Colombian and Australian governments hit by third-party ransomware attacks.
  4. Cashing in. 2023 set to be the second most profitable year for ransomware groups. 
  5. Plug and play. Chinese-backed hackers continue to use USBs for malware distribution. 
  6. Doughn't delay. Pizza Hut Australia contacts 193,000 customers after breach. 

1. International criminal court hit by cyber attack

The International Criminal Court (ICC) at the Hague has confirmed it suffered a cyber attack, but declined to comment on reports that sensitive documents were accessed. The breach comes weeks after an announcement that the court will start prosecuting cyber attacks on civilian infrastructure as international war crimes. The court has continued to operate with some disruptions to digital services. 

So what?

It’s unclear whether this incident was related to the ICC’s announcement; however, organisations should assess whether their policies or public announcements might affect their cyber threat profile and adjust their cyber security strategies accordingly.

2. T-Mobile and Microsoft accidentally leak sensitive information

T-Mobile exposed sensitive customer data to unauthorised users, including full names, billing addresses, and credit card details. The incident, initially reported on social media sites, was the result of a system update error.  

Separately, Microsoft inadvertently exposed 38 terabytes worth of private data including private keys, passwords, and internal Teams messages, after employees shared an overly permissive URL on a GitHub repository.

So what?

Accidental data exposure can cause serious reputational damage. Cultivating a strong security culture and investing in robust security controls can reduce the risk of data breaches.

3. Colombian and Australian government agencies hit by cyber attacks

The Colombian government is considering legal action against US-headquartered internet service provider IFX Networks, after a ransomware attack last week which impacted various government agencies 

Separately, over 60 Australian government agencies and departments were affected by a cyber attack on HWL Ebsworth after the ALPHV/BlackCat ransomware group hacked the law firm in April.  

So what?

Organisations should conduct regular vendor assessments and ensure appropriate security controls for third-party access are implemented.

4. Ransomware groups extorted USD 449.1 million in the first half of 2023

According to US Department of Homeland Security’s 2024 Homeland Threat Assessment, ransomware groups extorted at least USD 449.1 million from victims around the world in the first half of 2023. This is attributed to both a renewed focus on large organisations as potential victims and the continued attacks on smaller firms. The true figure is likely far higher as many payments are not disclosed

So what?

Organisations should conduct regular ransomware readiness assessments to proactively identify weaknesses in their cyber security posture and mitigate the risk of a ransomware attack

5. Hackers still leveraging USB sticks to spy on multinational firms

Chinese state-linked hackers have allegedly been using USBs to spread malware within the African branches of US and European multinationals. The infected USBs deploy Sogu malware through systems to search for and remotely upload confidential data for espionage purposes. Multiple firms have been targeted, including organisations with divisions in Zimbabwe, Ghana, and Madagascar. 

So what?

Network segmentation can stop cyber incidents from spreading across your whole environment.

6. Pizza Hut Australia contacts data breach victims

Pizza Hut Australia has notified 193,000 customers that their personal data was exposed in a recent data breach. Impacted data included customers’ addresses and order histories, but more sensitive information like passwords and credit card data was reportedly encrypted. Earlier this month, the data extortion group ShinyHunters claimed to have stolen over 1 million Pizza Hut customers’ data after gaining access via Amazon Web Services. 

So what?

Organisations should act swiftly when faced with data breaches to identify and notify impacted customers.


Cyber Intelligence Briefing

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.


Kyle Schwaeble
Kyle Schwaeble
Senior Associate, Cyber Security

Kyle Schwaeble is a senior associate on S-RM’s cyber security team, bringing expertise in incident response management and, particularly, the secure restoration and recovery from cyber incidents such as ransomware attacks and business email compromises. In addition to his incident response work, Kyle has also supported multinational clients with their security transformation programmes, advising on the development and implementation of new technological, procedural, and cultural security controls.  

Kyle joined S-RM in 2019, initially working as an analyst in the Corporate Intelligence team, where he supported various corporate and diligence investigations. He holds a BCom(LLB) from Stellenbosch University in South Africa and is GSEC certified. 

James Tytler
James Tytler
Associate, Cyber Security

James Tytler is a cyber security associate in S-RM’s incident response team. In addition to responding to a wide range of cyber security incidents, he also supports clients with cyber threat intelligence services.

Before joining S-RM’s cyber security team, James worked at a London-based corporate intelligence firm, where he specialised in Middle Eastern subjects.

James has a BA in Arabic and Persian from the University of Cambridge, and an MA in International Security from Sciences Po Paris. He speaks fluent French.

Kyle Schwaeble
Kyle Schwaeble

Senior Associate, Cyber Security

James Tytler
James Tytler

Associate, Cyber Security

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.