Friday 13th January 2023

Cyber Threat Intelligence Weekly Update: 13th January 2023

Key Issue: Royal Mail compromised using LockBit ransomware, disrupting its operations

Cybercriminals: Continued exploitation of Python Package Index to deliver malware

Nation-State: Russian state-backed Callisto group targets US nuclear research labs

Hacktivists: Target organisations perceived to support either side in Ukrainian conflict


Royal Mail compromised using LockBit ransomware, disrupting its operations

This week we reported on the compromise of Royal Mail with LockBit ransomware. The compromise halted all international shipping services and caused ransom notes claiming to be from the LockBit RansomwareasaService group to be printed on printers used for custom dockets. While these details suggest that LockBit affiliates were responsible, the group’s public representative has stated that the group did not target Royal Mail and that the compromise was likely conducted by a threat actor using LockBit’s builder after it was leaked in 2022. It is possible that another threat actor used LockBit’s ransomware with no intention of negotiating with Royal Mail, making this a purely disruptive operation.


The compromise may be an attempt by another threat actor to damage the group’s reputation or another less sophisticated group taking advantage of LockBit’s leaked tooling. LockBit recently faced criticism after one of its affiliates compromised a children’s hospital in Toronto, prompting the group to provide the hospital with a decryptor and issue a public apology. As Royal Mail is such a highprofile target, LockBit’s involvement would likely draw further public scrutiny, therefore making operation less likely to be the group’s responsibility, particularly due to the lack of financial motive.


Subscribe below to receive the full version.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.