9 December 2022

5 min read

Russian winter cyber offensive | Cyber Intelligence Briefing: 9 December

Cyber Brefing News


Top news stories this week

  1. Winter is coming. Microsoft warns of new winter Russian cyber offensive against Western targets.
  2. Rackspace hack. Ransomware attack at major cloud computing provider leads to service outages.
  3. Weaponising AI? OpenAI’s new GPT-3 chatbot demonstrates malicious capabilities.
  4. Incident reporting. Swiss government proposes duty to report attacks on critical infrastructure.
  5. Healthcare under fire. Hospitals in France and India crippled by separate cyber-attacks.
  6. Mind your macros. Hackers target cryptocurrency firms with malicious macro-embedded files.

Don't miss our deep dive on EvilProxy.

Watch S-RM experts discuss this new threat trend.

1. Russian winter cyber offensive?  

Microsoft has released a global warning to be prepared for an uptick in Russian cyber-attacks this winter following battlefield losses in Ukraine. Separately, the Netherlands’ National Coordinator for Security and Counterterrorism has urged its citizens to prepare survival kits in case critical infrastructure is compromised. NATO also held its annual Cyber Coalition exercise in Estonia this week to model attack scenarios.


Disaster management and recovery plans should consider scenarios where critical national infrastructure is impacted as a result of a cyber-attack. 


Cyber Security Insights Report

2. Exchange outage after cloud provider Rackspace hit by ransomware

Texas-based cloud computing provider Rackspace has confirmed that a ransomware attack last Friday (2 December) led to an extended outage of its Hosted Exchange email servers. The company has received backlash from customers on social media, with frustrations stemming from a lack of communication over the weekend and difficulties migrating to Microsoft 365, a solution offered by Rackspace to restore services.


The immediate aftermath of an incident is confusing, but there is a need for clear, direct, and timely communication with customers to avoid reputational fallout. Incident response should take public communications into account.

3. ChatGPT releases hints at potential impact of AI on cyber security

Researchers have been exploring the security implications of OpenAI’s powerful new artificial intelligence chatbot ChatGPT, which was launched last week. In one case, the tool was able to identify and exploit vulnerabilities in a piece of code. Additionally, the AI can be used to generate highly convincing phishing emails.


Artificial intelligence is set to revolutionise the way we work. It could be leveraged to enhance security, but it is a powerful dual use technology which can be weaponised by malware developers and other cyber criminals. 

4. Swiss government proposes mandatory duty to report cyber-attacks  

The Swiss government has proposed a mandatory requirement for critical infrastructure providers to report cyber-attacks to the National Cyber Security Centre. The proposed amendment to existing legislation is designed to provide more visibility on cyber crime.


 It is important to stay up to date with changes to legislative and regulatory frameworks that may impose obligations and constraints on the victims of cyber-attacks. 

5. Healthcare sector under fire

The Centre Hospitaller de Versailles on the outskirts of Paris was forced to cancel operations after a major cyber-attack. The hospital transferred critical patients to other facilities and services were suspended. Separately, India’s leading state hospital has recovered its systems following a two week disruption due to an intrusion from an unidentified threat actor.


Healthcare organisations make attractive targets due to chronic underinvestment in cyber security. They must remain vigilant and have robust security measures in place to protect their systems and the people they serve.

6. Hackers target cryptocurrency firms  

Cryptocurrency investors are being targeted with malicious Excel files being sent via Telegram chat groups. The hackers use social engineering to convince the user to accept macros. The Excel file then executes a malicious program that enables hackers to remotely access infected systems.


Enabling macros in Microsoft Office poses a considerable security risk as threat actors can use them to download malware from the internet. Macros should be disabled by default, and only enabled on a case-by-case basis.



The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.


Kyle Schwaeble
Kyle Schwaeble
Senior Associate, Cyber Security

Kyle Schwaeble is a senior associate on S-RM’s cyber security team, bringing expertise in incident response management and, particularly, the secure restoration and recovery from cyber incidents such as ransomware attacks and business email compromises. In addition to his incident response work, Kyle has also supported multinational clients with their security transformation programmes, advising on the development and implementation of new technological, procedural, and cultural security controls.  

Kyle joined S-RM in 2019, initially working as an analyst in the Corporate Intelligence team, where he supported various corporate and diligence investigations. He holds a BCom(LLB) from Stellenbosch University in South Africa and is GSEC certified. 

James Tytler
James Tytler
Associate, Cyber Security

James Tytler is a cyber security associate in S-RM’s incident response team. In addition to responding to a wide range of cyber security incidents, he also supports clients with cyber threat intelligence services.

Before joining S-RM’s cyber security team, James worked at a London-based corporate intelligence firm, where he specialised in Middle Eastern subjects.

James has a BA in Arabic and Persian from the University of Cambridge, and an MA in International Security from Sciences Po Paris. He speaks fluent French.

Kyle Schwaeble
Kyle Schwaeble

Senior Associate, Cyber Security

James Tytler
James Tytler

Associate, Cyber Security

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.