---
title: "Cyber Security News Update, Week 34 of 2022 | DuoCircle"
description: "Cyberattacks are a growing concern for individuals and organizations."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2022/"
---

Quick Answer

Cybersecurity headlines for the week of September 1, 2022\. The Markup and STAT News reported that several major hospital websites were sending patient data to Facebook through the Meta Pixel, raising HIPAA concerns. Symantec linked Chinese cyber-espionage group Bronze President (Mustang Panda) to attacks on governments and humanitarian groups in Asia, Europe, and South America. National Cyber Director Chris Inglis argued that 'defense is the new offense,' shifting White House emphasis toward resilience and rapid recovery. ThreatFabric detailed Android banking malware families using accessibility services to steal credentials and bypass MFA. Russia-linked threat actors used compromised Microsoft OneDrive accounts as command-and-control infrastructure for hack-and-leak campaigns. Google reported it blocked a 46-million-rps Layer 7 HTTPS DDoS attack, the largest seen at that time.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-34-of-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cyber%20Security%20News%20Update%2C%20Week%2034%20of%202022&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-34-of-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-34-of-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-34-of-2022%2F&title=Cyber%20Security%20News%20Update%2C%20Week%2034%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cyber%20Security%20News%20Update%2C%20Week%2034%20of%202022&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-34-of-2022%2F "Share via Email") 

![cybersecurity](https://media.mailhop.org/duocircle/images/2022/09/spf-validator.jpg) 

Cyberattacks are a **growing concern** for individuals and organizations. With major attacks occurring every week, we must stay up to date with cybersecurity‘s latest for the **best protection**. Here is a look at this week’s major cybersecurity news:

## Health Companies Funneling Consumer Data to Facebook

Digital health companies are reportedly funneling critical and **private data** shared by patients to Facebook to aid in targeted advertisements, raising concerns about [HIPAA violations](https://www.hipaajournal.com/what-is-a-hipaa-violation/).

Light Collective, a research group, posted a detailed study highlighting how common **marketing tools** share sensitive patient data to Facebook without their consent.

When any individual signs up on a digital medicine or generic testing application and has a Facebook account, vendors embed **third-party trackers** which share **Off-Facebook activity**. Since Facebook uses [predictive algorithms](https://www.educba.com/predictive-analysis-algorithms/), such action from the vendor updates the individual’s ad interests leading to health-related ads based on the user’s health data and interests.

Light Collective conducted the [study](https://www.cell.com/patterns/fulltext/S2666-3899%2822%2900172-6#secsectitle0080) based on results from Color Genomics, HereditaryCancerQuiz\[.\]com, Invitae, Ciitizen, and multiple more applications and discovered [JSON files](https://fileinfo.com/extension/json) revealing the **funneling of data** by various digital health organizations.

They summarized how the extent of awareness of the organizations sharing health data is unknown. But the practice of building businesses through advertising-related channels can **contradict the privacy policies** stated by these said organizations and expose sensitive health information.

[![Cyber Security](https://media.mailhop.org/duocircle/images/2022/09/spf-record-7510.jpg)](https://media.mailhop.org/duocircle/images/2022/09/spf-record-7510.jpg)

## Chinese Cyberspy Targeting Governments and Humanitarian Entities

RedAlpha, a Chinese state-sponsored [cyber-espionage group](https://www.bleepingcomputer.com/news/security/new-worok-cyber-espionage-group-targets-governments-high-profile-firms/), has been **targeting governments** and think tanks. In the past, RedAlpha targeted Taiwanese entities and has expanded its campaigns toward Portugal, Vietnam, Brazil’s MOFAs (Ministry of Foreign Affairs), and India’s NIC (National Informatics Center).

The RedAlpha group utilizes **weaponized websites** that imitate ESPs (Email Service Providers) and steal credentials. The cyber espionage group has been using reseller\[.\]com nameservers and employs [phishing](/content/phishing-prevention/what-is-phishing) pages that **mimic genuine** login portals for specific government organizations.

RedAlpha has registered over 250 major email and storage **service providers**, including Yahoo, Google, Microsoft, Purdue University, several think tanks, humanitarian organizations, and the Taiwanese Democratic Progressive Party for its **malicious activities**.

Recorded Future, a US cybersecurity organization, [highlights](https://www.recordedfuture.com/redalpha-credential-theft-campaign-targeting-humanitarian-thinktank) how cyber espionage has targeted Amnesty International, American Institute in Taiwan, Radio Free Asia, and the FIDH (International Federation for Human Rights) in the past. The group’s strategic interests coincide with those of the **Chinese government** and might indicate a **Chinese state nexus** to the cybercriminal group’s activities.

## Defense is the New Offense, says Cyber Director for the White House

White House Cyber Director Chris Inglis discussed the shortcomings of **cyber defenses** for the country at DEF CON 2022\. The cyber director outlined three waves of attacks that have progressed in the recent past, with the first wave including adversaries who held data and systems at risk, the second one where they expanded the first one by putting critical systems at risk, and the third one where they attack an organization or **country’s confidence**, highlighting the [Colonial Pipeline](https://www.cnbc.com/2021/06/08/colonial-pipeline-ceo-testifies-on-first-hours-of-ransomware-attack.html) attack as a prime example.

Inglis [summarized](https://www.nextgov.com/cybersecurity/2022/08/white-house-cyber-director-defense-new-offense-cyber/375822/) that a crucial lesson to be learned here is that defense is the **only reasonable solution** and stated that defense is the new offense. Organizations can defend collaboration and confidence with upfront investments in **cybersecurity** **robustness** and attack resilience in data, systems, roles, and responsibilities.

_The cyber director added that responsibility and accountability should be allocated to providers, suppliers, and integrators so all designs are resilient and robust._

The cyber director believes the **solution** to [cybersecurity](/) lies with a defensive approach, emphasizing collective defense with individual responsibility and understanding. Hence, everyone participates in their defense and knows their **role in protecting** the system.

## Android Banking Malware Strikes Smartphones

Sova, an android banking [malware](/resources/malware-and-its-defense-mechanism) discovered in underground markets last September, has emerged again. Cybersecurity researchers at Cleafy, an enterprise specializing in online fraud prevention, have identified Sova, now with an updated range of abilities and enhanced **ransomware encryption**.

Sova android malware can mirror over 200 online financial applications, including **cryptocurrency wallets**, and can encrypt smartphones with [ransomware](/resources/ryuk-ransomware-attacks). As mobile devices are becoming popular and central for banking and storing personal and business data, ransomware for smartphones could prove significantly fatal.

Sova can intercept [MFA (Multi-Factor Authentication)](/email-security/what-is-multi-factor-authentication-for-emails-and-is-it-essential) tokens and allow attackers to steal information from protected devices. The malware is delivered via **fake applications** advertised by Google and Amazon and can cause significant harm.

The mastermind behind Sova claims the malware was under development last year and is back with **full blast**. With the ability to harvest credentials, steal cookies, add false overlays to applications, spy via **keylogging**, and use ransomware to block devices, [Cleafy](https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly) has defined it as a critical threat equipped to carry out malicious activities at scale.

[![ransomware](https://media.mailhop.org/duocircle/images/2022/09/spf-permerror-7511.jpg)](https://media.mailhop.org/duocircle/images/2022/09/spf-permerror-7511.jpg)

## Russian Hack-and-Leak Campaign using Microsoft OneDrive

Microsoft warned of a Russian threat actor, Seaborgium, that targets **NATO nations** for [credential theft](https://thehackernews.com/2022/08/credential-theft-is-still-top-attack.html) campaigns, to hack and leak information to sway the public. The **cybercriminal group** targeted the US, UK, Baltics, Nordics, Eastern Europe, and Ukraine before the Russian invasion.

MSTIC (Microsoft Threat Intelligence Center) outlined **Seaborgium’s attack** pattern of [social engineering](/phishing-protection/social-engineering-is-a-growing-threat/) approaches to deliver initial malware URLs (Uniform Resource Locators). The threat actor establishes contact by **imitating distant** but legitimate connection’s in the victim’s social network and creating LinkedIn profiles and email accounts.

The threat actor then proceeds with weaponized emails, building rapport via multiple emails and delivering malware via URLs and PDF files. Seaborgium employs Microsoft’s OneDrive share, leading victims to a threat-actor-controlled infrastructure, prompting them to authenticate for **document access** via legitimate sign-in pages and harvesting their credentials. The [threat actor](/email-security/threat-actors-are-using-google-ads-to-launch-sophisticated-phishing-campaigns/) uses these accounts to exfiltrate data and sets up email forwarding rules for persistent data collection.

Microsoft [summarized](https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/) the details of the Seaborgium credential theft campaigns and has added security **countermeasures** to Microsoft Defender and SmartScreen. With a detailed list of IOCs (Indicators of Compromise), Microsoft recommends customer actions to check [email filtering](/content/email-filtering-service) and **disable email auto-forwarding**.

## Google Blocks History’s Largest Layer 7 HTTPS DDoS Attack

A [DDoS (Distributed denial-of-service)](https://www.comptia.org/content/guides/what-is-a-ddos-attack-how-it-works) attack over HTTPS (Hypertext Transfer Protocol Secure) hit a Google Cloud Armor customer, reaching over 46 million RPS (Requests per second), making it the **largest** recorded attack.

_The attack targeted the victim’s **load balancer** with an initial 10,000 RPS in an episode that lasted 69 minutes._ The DDoS attack escalated to 100,000 RPS in eight minutes and 46 million in two more. [Google’s Cloud Armor](https://cloud.google.com/armor/docs/cloud-armor-overview#:~:text=Google%20Cloud%20Armor%20helps%20you,and%20SQL%20injection%20%28SQLi%29.) Protection kicked in and **protected the victim**, who was still running normal operations, as a result of following Google’s recommended guidelines.

Google [revealed](https://cloud.google.com/blog/products/identity-security/how-google-cloud-blocked-largest-layer-7-ddos-attack-at-46-million-rps) that the traffic came from 5256 IP (Internet Protocol) addresses from 132 countries. Google is yet to determine the malware behind the attack but hints at Mēris, a **DDoS** **botnet** that uses **unsecured proxies** to send out bad traffic, hiding the attack’s origin. Mēris has previously been used in attacks against Cloudflare customers and Russia’s internet giant, Yandex.

## Topics

NewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 6m  Cyber Security News Update, Week 1 of 2022  Jan 7, 2022 ](/blog/announcements/cyber-security-news-update-week-1-of-2022/)[  News 7m  Cybersecurity News Update, Week 1 of 2023  Jan 1, 2023 ](/blog/announcements/cyber-security-news-update-week-1-of-2023/)[  News 5m  EasyPark Data Breach, Ohio Lottery Cyberattack, GTA 5 Leak, Cybersecurity News \[December 25, 2023\]  Jan 4, 2024 ](/blog/announcements/cyber-security-news-update-week-1-of-2024/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 34 of 2022","description":"Cyberattacks are a growing concern for individuals and organizations.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2022/","datePublished":"2022-09-01T13:11:39.000Z","dateModified":"2025-05-20T11:38:58.000Z","dateCreated":"2022-09-01T13:11:39.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2022/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1121,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2022/09/spf-validator.jpg","caption":"cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cyber Security News Update, Week 34 of 2022","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2022/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cyber Security News Update, Week 34 of 2022","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2022/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 34 of 2022","description":"Cyberattacks are a growing concern for individuals and organizations.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2022/","datePublished":"2022-09-01T13:11:39.000Z","dateModified":"2025-05-20T11:38:58.000Z","dateCreated":"2022-09-01T13:11:39.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2022/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1121,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2022/09/spf-validator.jpg","caption":"cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```