Cyber Security Today, Sept. 25, 2023 – Hackers from India say they are targeting Canadian web sites

Share post:

Hackers from India say they are targeting Canadian websites.

Welcome to Cyber Security Today. It’s Monday, September 25th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


Hackers from India may be going after vulnerable Canadian websites. It’s in retaliation for Canada alleging the government of India may have been involved in assassinating a Canadian citizen advocating an independent Sikh state. India denies the allegation. A group calling itself the Indian Cyber Force posted a threatening message last week on the X messaging platform. It says, “Get ready to feel the power of IndianCyberForce attacks will be launching on Canada cyber space in the coming 3 days. It’s for the mess your started.” A website that appears to belong to a Canadian dental clinic has been defaced with a message, “Hacked by Indian Cyber Force.” However, the real website, whose address begins with ‘www,’ isn’t affected. The defaced website has a similar name and could be a phony spoof. Or the dental clinic’s site was defaced and it quickly set up a new one.

The Royal ransomware gang that attacked the city of Dallas, Texas earlier this year was in the municipality’s IT environment undetected for almost a month. That’s according to an after-action report released by the city. The personal data of just over 30,000 individuals was stolen. The city has set aside US$8.5 million to recover and restore systems from the attack. The gang initially got into the IT system by using a service account. The report doesn’t say if this was with stolen or brute-forced credentials.

Hinds County of Mississippi has approved more than US$600,000 to pay for recovery costs after this month’s ransomware attack. Since the September 7th attack residents have been unable to pay property taxes, complete many real estate transactions or buy car tags.

The AlphV ransomware gang claims to have hacked Clairon, a manufacturer of audio, video and navigation equipment for vehicles made by major manufacturers. According to the Security Affairs website, as proof of the hack the gang posted screenshots of what it claims are stolen documents.

It’s been almost four months since organizations began admitting they were directly or indirectly hacked through a vulnerability in Progress Software’s MOVEit file transfer software. The list keeps growing. It now includes the U.S. National Student Clearing House. It provides educational reporting and verification services to American educational institutions and employers. It’s notifying an unstated number of individuals their personal data was stolen from the clearing house’s MOVEit server. But while we don’t know how many people were affected, the company did tell California’s attorney general’s office that almost 900 of its customers, like American high schools and colleges, were involved.

Financial Institution Service Corporation, which processes data for southern U.S. banks and trust companies, is notifying just over 753,000 Americans their data was stolen from its MOVEit server.

Johnson Financial Group of Wisconsin is notifying just over 93,000 people that their personal data was stolen. It was taken from the MOVEit server of an unnamed partner company handling the data.

Threat actors have been exploiting holes in a number of file transfer applications such as Accellion FTA and GoAnywhere in the past two years. An Oregon healthcare support company called Kannact Inc. is now notifying almost 118,000 people of a data breach the company says came as the result of the hack of its file transfer software. The notice to Maine’s attorney general’s office last week didn’t name the software. Kannact announced this hack in June but it is still trying to get an accurate number of victims.

Finally, a Nigerian man will be sentenced by a U.S. judge in November after pleading guilty to conspiracy charges for his involvement with others in a business email scam. The scam used spoofed email messages convincing victims into sending money to bank accounts the gang controlled. The gang pulled in at least US$1 million in 2017. The man was extradited to the U.S. from Canada in April. He faces a maximum sentence of 20 years.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Sept. 25, 2023 – Hackers from India say they are targeting Canadian web sites first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Hashtag Trending Feb.27- Will AI enable a four-day week?; SpaceX under scrutiny for allegedly blocking satellite internet services in Taiwan; How much does it...

Prelude: Just a note out there. We’ve been having problems with some of our podcasts. Our hosting partner Libsyn says they are working on this. We hope it’s not inconveniencing you. But we’ll push to get this fixed.  If you are having issues, please write me at  Any data we can gather will be

Sidebar: The powerful Digital Safety Commission

A look at the powers of the proposed five-person body charged with overseeing the Online

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways