Let’s kick off this infosec year with the first cyber attacks timeline for January 2023. In this fortnight I have collected 132 events, ten events more than the previous timeline, which bring the daily average to 8.8 events per day. If we look back at January 2021, back then we collected 93 events, meaning a 42% increase.
Events characterized by ransomware were stable around 30% (40 out of 132, it was 35% in the previous timeline) thanks primarily to the threat actor of Vice Society that leaked the data exfiltrated from eleven schools in the U.K., whilst 15 out of 132 events (corresponding to 11.36%) were characterized by the exploitation of vulnerabilities, an important increase compared to 5.9% of events (8 out of 122) of the previous fortnight.
In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July…
The fintech sector continues to be under pressure, with multiple campaigns targeting crypto companies and their users.
In the meantime, Twitter was the victim of yet another mega breach, with approximately 200 million profiles leaked and put on sale by a threat actor, and similarly an attack against an undisclosed marketing provider in Japan, caused the leak of nearly 2 million records belonging to Japanese customers of two large insurance companies.
The hacktivist front was always hot, fueled by the campaigns of pro-Russian threat actors such as NoName057(16), similarly to the cyber espionage, not so many operations, apparently, but hitting very high-profile targets: Cold River (AKA Calisto) hit three nuclear laboratories in the U.S., a new operation from the Turla Russian threat actor was unearthed, targeting organizations in Ukraine, and the list is completed by Strong Pity and Dark Pink, for which a new cluster of malicious activities were similarly discovered.
Even in this fortnight, the list is too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Expand for details
Geo Map January H1 2023
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/01/2023
-
26/12/2022
BlackCat AKA ALPHV
Undisclosed company in financial services
The BlackCat ransomware gang publish the data of a compromised a company in financial services, and create a replica of the victim's site to publish stolen data on it.
Malware
Finance and insurance
CC
N/A
BlackCat, ALPHV, Ransomware
2
01/01/2023
-
-
?
Toyota Kirloskar Motor
Toyota Kirloskar Motor reports a data breach.
Unknown
Manufacturing
CC
IN
Toyota Kirloskar Motor
3
02/01/2023
Early January 2023
Early January 2023
?
Infosec community members
A new phishing campaign is exploiting the increasing interest of security community members towards Flipper Zero to steal their personal information and cryptocurrency.
Account Takeover
Individual
CC
>1
Flipper Zero
4
02/01/2023
Since at least November 2022
05/11/2022
Evil Corp
Spanish and Portuguese financial and insurance institutions
Researchers from Security Joes reveal that threat actors are using a new version of the Raspberry Robin worm to target Spanish and Portuguese financial and insurance institutions.
Malware
Finance and insurance
CC
ES
PT
Security Joes, Raspberry Robin, Evil Corp
5
02/01/2023
Between 21/10/2022 and 03/11/2022
01/11/2022
?
The Kelberman Center
The Kelberman Center, a provider of services to individuals with autism, notifies 3,501 patients about a breach of employee email accounts.
Account Takeover
Human health and social work
CC
US
The Kelberman Center
6
02/01/2023
21/12/2022
-
Hive
Centro Médico Virgen De La Caridad
The Hive ransomware gang adds another medical entity to its leak site. This time, it’s Centro Médico Virgen De La Caridad health system in Cartagena, Spain.
Malware
Human health and social work
CC
ES
Hive, ransomware, Centro Médico Virgen De La Caridad
7
02/01/2023
02/01/2023
02/01/2023
Anonymous Cuba
University of Havana
Anonymous Cuba disables some pages of the University of Havana departments.
DDoS
Education
H
CU
Anonymous Cuba, University of Havana
8
03/01/2023
-
'Recently'
BitRAT
Multiple organizations
Researchers from Qualys reveal that the threat actors behind the BitRAT malware campaign have been using the stolen information of bank customers in Colombia as lures in phishing emails designed to infect targets.
Malware
Multiple Industries
CC
>1
Qualys, BitRAT
9
03/01/2023
23/12/2022
23/12/2022
?
Bristol Community College
Bristol Community College is hit with a ransomware attack.
Malware
Education
CC
US
Bristol Community College, ransomware
10
03/01/2023
-
-
?
Swansea Public Schools
The Swansea Public Schools institution is also hit with a ransomware attack.
Malware
Education
CC
US
Swansea Public Schools, ransomware
11
03/01/2023
During December 2022
During December 2022
?
Saint Gheorghe Recovery Hospital
The Saint Gheorghe Recovery Hospital in Botoşani, northeastern Romania, is hit by a ransomware attack that impacts its medical operations.
Malware
Human health and social work
CC
RO
Saint Gheorghe Recovery Hospital, Botoşani, ransomware
12
03/01/2023
06/09/2022
21/09/2022
?
Circles of Care
Circles of Care files notice of a data breach after confirming that an unauthorized party was able to access, and possibly steal, confidential patient information from the organization’s computer network.
Unknown
Human health and social work
CC
US
Circles of Care
13
03/01/2023
Between 10/08/2022 and 27/09/2022
-
?
Live Oak Surgery Center
Live Oak Surgery Center discloses that two employee email accounts were compromised by an unauthorized third party, which in turn potentially caused the information of 5,264 patients to be viewed or taken.
Account Takeover
Human health and social work
CC
US
Live Oak Surgery Center
14
03/01/2023
-
-
?
University of Miami Health System (UHealth)
University of Miami Health System (UHealth) announces that the protected health information of 973 patients has potentially been compromised as a result of an employee’s personal data breach.
Account Takeover
Human health and social work
CC
US
University of Miami Health System, UHealth
15
03/01/2023
03/01/2023
03/01/2023
?
Anonymous user of the decentralized GMX protocol
An anonymous DeFi user falls victim to a phishing attack and loses $3.4 million in GMX, the native token of decentralized trading protocol GMX.
Account Takeover
Fintech
CC
N/A
GMX
16
04/01/2023
-
'Recently'
Threat actors from China
Multiple organizations
Researchers from K7 Security Labs discover a new campaign where attackers from China are abusing the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load the Pupy RAT remote administration tool using a DLL sideloading technique.
Malware
Multiple Industries
CC
>1
K7 Security Labs, China, Windows Problem Reporting, WerFault.exe, Pupy RAT, DLL sideloading
17
04/01/2023
During 2021
During November 2022
StayMad
Twitter
A threat actor released a data set consisting of 200 million Twitter profiles for approximately $2.
API vulnerability
Information and communication
CC
US
StayMad, Twitter
18
04/01/2023
-
'Recently'
?
Linux Systems
Researchers from AhnLab discover a new Linux malware downloader created using SHC (Shell Script Compiler) infecting systems with Monero cryptocurrency miners and DDoS IRC bots.
Malware
Multiple Industries
CC
>1
AhnLab, Linux, SHC, Shell Script Compiler, Monero
19
04/01/2023
21/12/2023
04/01/2023
?
CircleCI
CircleCI, a software development service discloses a security incident and is urging users to rotate their secrets.
Malware
Professional, scientific and technical
CC
US
CircleCI
20
04/01/2023
Since at least 08/12/2022
04/01/2023
Multiple threat actors
Vulnerable SugarCRM servers
CVE-2023-22952, a recently discovered vulnerability targeting SugarCRM, is exploited to deliver malware.
CVE-2023-22952 Vulnerability
Multiple Industries
CC
>1
CVE-2023-22952, SugarCRM
21
04/01/2023
-
15/07/2022
?
OneAmerica Financial Partners
OneAmerica Financial Partners files notice of a data breach after discovering that an email phishing attack compromised the security of certain personal information in the company’s possession.
Account Takeover
Finance and insurance
CC
US
OneAmerica Financial Partners
22
04/01/2023
Since February 2019
-
Clop AKA Cl0p
Healthcare organizations in the U.S.
The Health Sector Cybersecurity Coordination Center (HC3) warns that the Clop (AKA Cl0p) ransomware group has reportedly been infecting files that look like medical documents and subsequently requesting medical appointments in hopes of getting victims to open the malicious files.
Malware
Human health and social work
CC
US
Health Sector Cybersecurity Coordination Center, HC3, Clop, Cl0p, ransomware
23
04/01/2023
03/01/2023
03/01/2023
?
Shibuya Ward
The website of Shibuya Ward (Municipality of Shibuya) is taken down by a DDoS attack.
DDoS
Public admin and defence, social security
CC
JP
Shibuya Ward
24
05/01/2023
Since at least 02/01/2023
02/01/2023
Russia?
Moldova's government institutions
Moldova’s government institutions are hit by a wave of phishing attacks after it pledged support for Ukraine in its defense against Russia.
Account Takeover
Public admin and defence, social security
CW
MD
Moldova, Russia, Ukraine
25
05/01/2023
From at least May 2022 to September 2022
-
Bluebottle
Banks in French-speaking Countries in Africa
Researchers from Broadcom/Symantec discover a new campaign by the Bluebottle threat actor using a signed Windows driver in attacks on banks in French-speaking countries.
Malware
Finance and insurance
CC
>1
Broadcom, Symantec, Bluebottle, OPERA1ER
26
05/01/2023
Since at least August 2019
-
Automated Libra
Multiple organizations
Researchers from Palo Alto Networks discover a new wave of attacks of the PurpleUrchin campaign from the Automated Libra threat actor, aimed to use cloud platform resources for cryptocurrency mining.
Freejacking
Multiple Industries
CC
>1
Palo Alto Networks, PurpleUrchin, Automated Libra
27
05/01/2023
During the last quarter of 2022
During the last quarter of 2022
SpyNote (AKA SpyMax)
Android users
Researchers from ThreatFabric reveal a sudden increase in SpyNote infections in the final quarter of 2022, attributed to a source code leak of one of its latest versions.
Malware
Individual
CC
>1
ThreatFabric, SpyNote, SpyMax, Android
28
05/01/2023
Since at least 22/12/2022
22/12/2022
PoweRAT
Python developers
Researchers from Phylum discover six malicious packages on PyPI, the Python Package Index, installing PoweRAT, an information-stealing and RAT malware, using Cloudflare Tunnel to bypass firewall restrictions for remote access.
Malware
Multiple Industries
CC
>1
Phylum, PyPI, Python, PoweRAT, Cloudflare
29
05/01/2023
-
-
Kinsing
Multiple organizations using Kubernetes clusters
Researchers from Microsoft reveal that the Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers.
Misconfiguration
Multiple Industries
CC
>1
Microsoft, Kinsing, Kubernetes, PostgreSQL
30
05/01/2023
-
-
Lorenz
Undisclosed organization
Researchers from S-RM reveal the details of a Lorenz ransomware attack where the threat actors used a 5-month-old web shell as a way into a victim’s network exploiting the CVE-2022-29499 Mitel critical vulnerability.
Malware
Unknown
CC
N/A
S-RM, Lorenz, ransomware, CVE-2022-29499, Mitel
31
05/01/2023
Between 21/08/2021 and 04/04/2022
04/04/2022
?
Maternal & Family Health Services (MFHS)
Maternal & Family Health Services discloses that social Security numbers and other sensitive data was stolen by cybercriminals in a ransomware attack.
Malware
Human health and social work
CC
US
Maternal & Family Health Services, MFHS, ransomware
32
05/01/2023
During September 2022
During September 2022
Turla (AKA UNC4210)
Organization in Ukraine
Researchers from Mandiant reveal the details of an attack against a Ukrainian organization, carried out by the Russian state-sponsored threat actor Turla, and leveraging a legacy Andromeda malware likely deployed by other hackers via an infected USB drive.
Malware
Unknown
CE
UA
Turla, UNC4210, Ukraine, Russia, Mandiant
33
05/01/2023
'Recently'
'Recently'
?
Zoom users worldwide
Researchers from Cyble uncover a phishing campaign targeting Zoom users to deliver the IcedID malware.
Malware
Multiple Industries
CC
>1
Cyble, Zoom, IcedID
34
05/01/2023
During Christmas 2022
During Christmas 2022
?
Guilty Gear Strive players
Threat actors have been targeting streamers playing Guilty Gear Strive, a popular fighting title, crashing their game mid-stream and forcing the players to stop the game process from the task manager in Windows.
DDoS
Arts entertainment, recreation
CC
>1
Guilty Gear Strive
35
05/01/2023
Mid November 2022
Mid November 2022
?
Canadian-based college
Researchers from eSentire detect a ransomware attack against a Canadian-based college exploiting the CVE-2022-40684 Fortinet vulnerability.
CVE-2022-40684 vulnerability
Education
CC
CA
eSentire, CVE-2022-40684, Fortinet
36
05/01/2023
Mid November 2022
Mid November 2022
?
Global investment firm
Researchers from eSentire detect a ransomware attack against a global investment firm exploiting the CVE-2022-40684 Fortinet vulnerability.
CVE-2022-40684 vulnerability
Finance and insurance
CC
N/A
eSentire, CVE-2022-40684, Fortinet
37
05/01/2023
'For the last few months''
-
APT-C-36 AKA Blind Eagle
Organizations in Ecuador
Researchers from Check Point discover a new campaign using new toolsets.
Malware
Multiple Industries
CC
EC
APT-C-36, Blind Eagle
38
05/01/2023
'For the last few months''
-
APT-C-36 AKA Blind Eagle
Organizations in Colombia
Researchers from Check Point discover a new campaign using a modified version of QuasarRAT against Colombia based organizations.
Malware
Multiple Industries
CC
CO
APT-C-36, Blind Eagle, QuasarRAT
39
05/01/2023
'Recently'
'Recently'
Monti
Multiple organizations
Researchers from Fortinet reveal the details of a new ransomware variant dubbed Monti.
Malware
Multiple Industries
CC
>1
Fortinet, Monti, ransomware
40
05/01/2023
'Recently'
'Recently'
BlackHunt
Multiple organizations
Researchers from Fortinet reveal the details of a new ransomware variant dubbed BlackHunt.
Malware
Multiple Industries
CC
>1
Fortinet, BlackHunt, ransomware
41
05/01/2023
05/01/2023
05/01/2023
?
Northern Ireland secretary Chris Heaton-Harris
Northern Ireland secretary Chris Heaton-Harris apologises after he said his Twitter account was hacked and "posted some deeply unpleasant stuff".
Account Takeover
Individual
CC
UK
Northern Ireland, Chris Heaton-Harris, Twitter
42
06/01/2023
-
-
?
Air France
Air France and KLM inform Flying Blue customers that some of their personal information was exposed after their accounts were breached.
Unknown
Transportation and storage
CC
FR
Air France, KLM
43
06/01/2023
Before Christmas 2022
-
?
Chick-fil-A
American fast-food restaurant chain Chick-fil-A investigates what it described as "suspicious activity" linked to some of its customers' accounts.
Credential Stuffing
Accommodation and food service
CC
US
Chick-fil-A
44
06/01/2023
Since December 2022
'Recently'
?
Multiple organizations
Researchers from AhnLab discover that threat actors are using a well-crafted Pokemon NFT card game website to distribute the NetSupport remote access tool and take control over victims' devices.
Malware
Multiple Industries
CC
>1
AhnLab, Pokemon, NFT, NetSupport
45
06/01/2023
Since early 2020
'Recently'
Vidar
Multiple organizations
Researchers from Sekoia discover a massive campaign using over 1,300 domains to impersonate the official AnyDesk site for pushing the Vidar and Raccoon information-stealing malware.
Malware
Multiple Industries
CC
>1
Sekoia, AnyDesk, Vidar, Raccoon
46
06/01/2023
During Summer 2022
-
Cold River (AKA Calisto)
Brookhaven Nuclear Laboratory (BNL)
The Russian group Cold River targeted the Brookhaven Nuclear Laboratory with a spear phishing campaign creating fake login pages.
Account Takeover
Electricity, gas steam, air conditioning
CE
US
Russia, Cold River, Calisto, Brookhaven Nuclear Laboratory, BNL
47
06/01/2023
During Summer 2022
-
Cold River (AKA Calisto)
Argonne Nuclear Laboratory (ANL)
The Russian group Cold River targeted the Argonne Nuclear Laboratory with a spear phishing campaign creating fake login pages.
Account Takeover
Electricity, gas steam, air conditioning
CE
US
Russia, Cold River, Calisto, Argonne Nuclear Laboratory, ANL
48
06/01/2023
During Summer 2022
-
Cold River (AKA Calisto)
Lawrence Livermore Nuclear Laboratory (LLNL)
The Russian group Cold River targeted the Lawrence Livermore Nuclear Laboratory with a spear phishing campaign creating fake login pages.
Account Takeover
Electricity, gas steam, air conditioning
CE
US
Russia, Cold River, Calisto, Lawrence Livermore Nuclear Laboratory, LLNL
49
06/01/2023
03/12/2022
-
Hive
Consulate Health Care
The Hive ransomware gang leaks 550 GB of data stolen from Consulate Health Care, including customer and employee PII data.
Malware
Human health and social work
CC
US
Hive, Ransomware. Consulate Health Care
50
06/01/2023
-
-
?
Fidelity Building Services Group
Fidelity Building Services Group files notice of a data breach following an incident in which an unauthorized party was able to access confidential information that had been entrusted to the company.
Unknown
Professional, scientific and technical
CC
US
Fidelity Building Services Group
51
06/01/2023
-
24/10/2022
?
SAIF Corporation
SAIF Corporation files notice of a data breach after the company experienced what it characterized as a “brief period of unauthorized access” to its computer network.
Unknown
Finance and insurance
CC
US
SAIF Corporation
52
06/01/2023
-
-
Vice Society
Carmel College
The Vice Society ransomware group leaks the data of 14 schools including the Carmel College.
Malware
Education
CC
UK
Vice Society, ransomware, Carmel College
53
06/01/2023
During 2021
During January 2022
Vice Society
Durham Johnston Comprehensive School
The Vice Society ransomware group leaks the data of 14 schools including the Durham Johnston Comprehensive School.
Malware
Education
CC
UK
Vice Society, ransomware, Durham Johnston Comprehensive School
54
06/01/2023
-
-
Vice Society
Frances King School of English
The Vice Society ransomware group leaks the data of 14 schools including the Frances King School of English.
Malware
Education
CC
UK
Vice Society, ransomware, Frances King School of English
55
06/01/2023
-
-
Vice Society
Gateway College
The Vice Society ransomware group leaks the data of 14 schools including the Gateway College.
Malware
Education
CC
UK
Vice Society, ransomware, Gateway College
56
06/01/2023
-
-
Vice Society
Holy Family RC + CE College
The Vice Society ransomware group leaks the data of 14 schools including the Holy Family RC + CE College.
Malware
Education
CC
UK
Vice Society, ransomware, Holy Family RC + CE College
57
06/01/2023
-
-
Vice Society
Lampton School
The Vice Society ransomware group leaks the data of 14 schools including the Lampton School.
Malware
Education
CC
UK
Vice Society, ransomware, Lampton School
58
06/01/2023
-
-
Vice Society
Mossbourne Federation
The Vice Society ransomware group leaks the data of 14 schools including the Mossbourne Federation.
Malware
Education
CC
UK
Vice Society, ransomware, Mossbourne Federation
59
06/01/2023
-
-
Vice Society
Pilton Community College
The Vice Society ransomware group leaks the data of 14 schools including the Pilton Community College.
Malware
Education
CC
UK
Vice Society, ransomware, Pilton Community College
60
06/01/2023
-
-
Vice Society
Samuel Ryder Academy
The Vice Society ransomware group leaks the data of 14 schools including the Samuel Ryder Academy.
Malware
Education
CC
UK
Vice Society, ransomware, Samuel Ryder Academy
61
06/01/2023
During September 2022
-
Vice Society
School of Oriental and African Studies
The Vice Society ransomware group leaks the data of 14 schools including the School of Oriental and African Studies.
Malware
Education
CC
UK
Vice Society, ransomware, School of Oriental and African Studies
62
06/01/2023
-
-
Vice Society
St Paul's Catholic College
The Vice Society ransomware group leaks the data of 14 schools including the St Paul's Catholic College.
Malware
Education
CC
UK
Vice Society, ransomware, St Paul's Catholic College
63
06/01/2023
-
-
Vice Society
Test Valley School
The Vice Society ransomware group leaks the data of 14 schools including the Test Valley School.
Malware
Education
CC
UK
Vice Society, ransomware, Test Valley School
64
06/01/2023
-
-
Vice Society
De Montfort School
The Vice Society ransomware group leaks the data of 14 schools including the De Montfort School.
Malware
Education
CC
UK
Vice Society, ransomware, De Montfort School,
65
06/01/2023
Since at least early December 2022
Early December 2022
?
Organizations in Italy
Researchers from Uptycs discover a new campaign targeting users in Italy, and delivering targeting phishing emails disguised as invoices, designed to deploy an information stealer on compromised Windows systems.
Malware
Multiple Industries
CC
IT
Uptycs
66
06/01/2023
-
-
ALPHV AKA BlackCat
Grupo Estrategas EMM
The ALPHV AKA BlackCat ransomware group, claims to have attacked Grupo Estrategas EMM.
Malware
Finance and insurance
CC
MX
ALPHV, BlackCat, ransomware, Grupo Estrategas EMM
67
06/01/2023
-
-
Clop AKA Cl0p
Universidad De La Salle
The Cl0p ransomware group adds Universidad De La Salle to its leak page
Malware
Education
CC
CO
Cl0p, Clop, ransomware, Universidad De La Salle
68
06/01/2023
-
-
BL00DY
Telas Palo Grande
The BL00DY Ransomware gang claims an attack on the Venezuelan textile company Telas Palo Grande.
Malware
Manufacturing
CC
VE
BL00DY, Ransomware, Telas Palo Grande
69
06/01/2023
Between 19/09/2022 and 13/12/2022
-
?
SB Tactical
SB Tactical, one of the most popular AR-15 pistol brace manufacturers, appears to have been hit with a data breach, where customer data, including names, addresses, and credit card information, was leaked online.
Unknown
Manufacturing
CC
US
SB Tactical
70
07/01/2023
07/01/2023
07/01/2023
?
Serbian Ministry of Internal Affairs
The Serbian government announces that the website and IT infrastructure of its Ministry of Internal Affairs has been hit by several “massive” distributed denial-of-service (DDoS) attacks.
DDoS
Public admin and defence, social security
H
RS
Serbian Ministry of Internal Affairs
71
08/01/2023
-
-
ALPHV AKA BlackCat
Fruttagel
Fruttagel, an Italian food company suffers a BlackCat ransomware attack and has 720 Gb of data leaked.
Malware
Accommodation and food service
CC
IT
ALPHV, BlackCat, ransomware, Fruttagel
72
09/01/2023
Since at least 03/01/2022
03/01/2023
?
Individuals in UK
Threat actors abuse an open redirect on the official website of the United Kingdom's Department for Environment, Food & Rural Affairs (DEFRA) to direct visitors to fake OnlyFans adult dating sites.
Account Takeover
Individual
CC
UK
United Kingdom's Department for Environment, Food & Rural Affairs, DEFRA, OnlyFans
73
09/01/2023
09/01/2023
09/01/2023
?
Des Moines Public Schools
Des Moines Public Schools, the largest school district in Iowa, cancels all classes after taking all networked systems offline in response to "unusual activity" detected on its network.
Unknown
Education
CC
US
Des Moines Public Schools
74
09/01/2023
Early December 2022
Early December 2022
Gootkit
Australian healthcare entities
Researchers from Trend Micro reveal that the Gootkit loader malware operators are running a new SEO poisoning campaign that abuses VLC Media Player to infect Australian healthcare entities with Cobalt Strike beacons.
Malvertising
Human health and social work
CC
AU
Trend Micro, Gootkit, SEO poisoning, VLC Media Player, Cobalt Strike
75
09/01/2023
Around 01/12/2022
12/12/2022
?
Gen Digital
Gen Digital, formerly Symantec Corporation and NortonLifeLock, sends data breach notifications to customers, informing them that threat actors have successfully breached Norton Password Manager accounts in credential-stuffing attacks.
Credential Stuffing
Professional, scientific and technical
CC
US
Gen Digital, Symantec Corporation, NortonLifeLock, Norton Password Manager
76
09/01/2023
07/01/2023
07/01/2023
?
DNV
About 1,000 vessels are affected by a ransomware attack against DNV, a major software supplier for ships.
Malware
Professional, scientific and technical
CC
NO
DNV, ransomware
77
09/01/2023
-
06/01/2023
Vice Society
San Francisco’s Bay Area Rapid Transit (BART) Police Department
San Francisco’s Bay Area Rapid Transit (BART) investigates an alleged ransomware attack after the Vice Society ransomware gang claimed to have attacked the agency.
Malware
Transportation and storage
CC
US
San Francisco’s Bay Area Rapid Transit, BART, ransomware, Vice Society, ransomware
78
09/01/2023
Since at least September 2022
During September 2022
?
Individuals
Researchers from Avanan discover an extensive credential-harvesting campaign leveraging Facebook copyright infringement notices to steal enterprise credentials.
Account Takeover
Individual
CC
>1
Avanan, Facebook
79
09/01/2023
-
-
mr.SNIFFA
Multiple organizations
Researchers from Malwarebytes discover a new crypto-theme skimmer dubbed mr.SNIFFA.
Malicious script injection
Wholesale and retail
CC
>1
Malwarebytes, mr.SNIFFA
80
09/01/2023
Between 22/09/2022 and 11/10/2022
11/10/2022
SchoolBoysGang
CyberOptics Corporation
CyberOptics Corporation hit by SchoolBoysGang ransomware group, exfiltrate 650 GB of data.
Researchers from ESET discover a new campaign by the StrongPity APT group, distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor.
Targeted Attack
Unknown
CE
N/A
ESET, StrongPity, Shagle, Telegram, Android
82
10/01/2023
Since at least December 2022
During December 2022
Scattered Spider
Multiple organizations
Researchers from Crowdstrike reveal that the financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products.
CVE-2015-2291 Vulnerability
Multiple Industries
CC
>1
Crowdstrike, Scattered Spider, Intel Ethernet, BYOVD, Bring Your Own Vulnerable Driver, EDR, Endpoint Detection and Response
83
10/01/2023
-
-
Multiple threat actors
Multiple organizations in the U.S:
The Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2023-21674, a recently revealed bug to its known exploited vulnerability after Microsoft confirmed it was being used in attacks.
CVE-2023-21674 Vulnerability
Multiple Industries
N/A
US
Cybersecurity and Infrastructure Security Agency, CISA, CVE-2023-21674
84
10/01/2023
-
09/01/2023
?
Undisclosed marketing provider in Japan
The Japanese customers of two large insurance companies, Aflac and Zurich, have their personal information leaked after the breach of a third-party service provider. it is unclear if the breaches are related and the service provider is the same.
Vulnerability in a file transfer server
Finance and insurance
CC
JP
Aflac, Zurich
85
10/01/2023
10/01/2023
10/01/2023
NoName057(16)
Denmark's central bank and seven private banks in the country
The pro-Russian group NoName057(16) launches a DDoS attack against the websites of Denmark's central bank and seven private banks in the country.
DDoS
Finance and insurance
H
DK
NoName057(16), Denmark's central bank
86
10/01/2023
-
-
?
Morgan Advanced Materials
The British company Morgan Advanced Materials, which produces ceramic and carbon parts used in semiconductor manufacturing, files a cyber security incident notice.
Unknown
Manufacturing
CC
UK
Morgan Advanced Materials
87
10/01/2023
15/08/2022
05/09/2022
?
Bay Bridge Administrators (BBA)
Third-party administrator of insurance products Bay Bridge Administrators (BBA) informs roughly 250,000 individuals that their personal information might have been compromised in a September 2022 data breach.
Unknown
Finance and insurance
CC
US
Bay Bridge Administrators, BBA
88
10/01/2023
Since at least 21/10/2022
21/10/2022
?
Multiple organizations
Researchers from Qihoo Netlab 360 report that unidentified threat actors are using a new backdoor, named xdr33, based on the US CIA’s Project Hive malware suite.
Malware
Multiple Industries
N/A
>1
Qihoo, Netlab 360, xdr33, Project Hive, CIA
89
10/01/2023
-
-
Multiple threat actors
Organizations in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two new vulnerabilities, CVE-2022-41080 and CVE-2022-41082 to its Known Exploited Vulnerabilities Catalog.
CVE-2022-41080 and CVE-2022-41082 vulnerabilities
Multiple Industries
N/A
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2022-41080, CVE-2022-41082
90
10/01/2023
During March 2022, and June 2022
05/07/2022
?
Community Psychiatry Management
Community Psychiatry Management, which does business under the name Mindpath Health, files notice of a data breach after discovering that an unauthorized party was able to gain access to two employee email accounts containing confidential patient information
Account Takeover
Human health and social work
CC
US
Community Psychiatry Management, Mindpath Health
91
10/01/2023
Between 24/11/2022 and 26/11/2022
26/11/2022
?
Quality Behavioral Health
Quality Behavioral Health reports a hacking incident that has affected 500 individuals.
Unknown
Human health and social work
CC
US
Quality Behavioral Health
92
10/01/2023
Between 26/05/2019 and 20/04/2022
During March 2021
?
Captify Health
Captify Health starts notifying users of its Your Patient Advisor online service that their sensitive information has been exposed and obtained by unauthorized individuals.
Unknown
Human health and social work
CC
US
Captify Health, Your Patient Advisor
93
10/01/2023
-
-
?
American Institute of Certified Public Accountants (AICPA).
Threat actors claim to have a database with over 140k email addresses and corresponding passwords from the American Institute of Certified Public Accountants (AICPA), however the organization denies the breach.
Unknown
Administration and support service
CC
US
American Institute of Certified Public Accountants, AICPA
94
10/01/2023
-
-
TA551
Unnamed organization
Researchers from Cybereason reveal the details of a recent IcedID malware attack where the threat actor compromised the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals.
Malware
Unknown
CC
N/A
Cybereason, TA551, IcedID, Active Directory, Conti
95
10/01/2023
-
10/01/2023
GhostSec
Brazilian Government Webmail
The GhostSec leaks 845 MB of data from the webmail of gov.br.
Unknown
Public admin and defence, social security
H
BR
GhostSec, gov.br
96
11/01/2023
-
-
GhostSec
Industrial control system (ICS) device in Belarus
In name of OpRussia, the Anonymous affiliate GhostSec claims to have carried out a ransomware attack against a remote terminal unit used in ICS environments.
Researchers from Group-IB discover a new series of campaign carried out by the Dark Pink APT group carried out with a custom malware toolkit.
Targeted Attack
Public admin and defence, social security
CE
BA
ID
KH
MY
PH
VN
Group-IB, Dark Pink, Saaiwc Group
98
11/01/2023
10/01/2023
10/01/2023
LockBit 3.0
Royal Mail
The Royal Mail stops its international shipping services due to "severe service disruption" caused by what it described as a "cyber incident."
Malware
Transportation and storage
CC
UK
Royal Mail
99
11/01/2023
-
-
Multiple threat actors
Multiple organizations
Cisco warn customers today of CVE-2023-20025 and CVE-2023-20026, two critical authentication bypass vulnerabilities with public exploit code affecting multiple end-of-life (EoL) VPN routers.
CVE-2023-20025 and CVE-2023-20026 vulnerabilities
Multiple Industries
N/A
N/A
Cisco, CVE-2023-20025, CVE-2023-20026
100
11/01/2023
-
-
Unknown threat actors
Government organizations and government-related targets
Fortinet says unknown attackers exploited CVE-2022-42475, a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets.
CVE-2022-42475 Vulnerability
Public admin and defence, social security
N/A
N/A
Fortinet, CVE-2022-42475, FortiOS
101
11/01/2023
During 2022
During 2022
Operators of the StrRAT and Ratty remote access trojans
Multiple organizations
Researchers from Deep Instinct reveal that operators of the StrRAT and Ratty remote access trojans (RAT) are running a new campaign using polyglot MSI/JAR and CAB/JAR files to evade detection from security tools.
Malware
Multiple Industries
CC
>1
Deep Instinct, StrRAT, Ratty, polyglot, MSI/JAR, CAB/JAR
102
11/01/2023
Since at least 11/01/2023
11/01/2023
?
Russian Telegram users
A phishing campaign takes advantage of Russian concerns about mobilization to steal credentials through malicious links.
Account Takeover
Individual
CC
RU
Russia, Ukraine
103
11/01/2023
Between 20/02/2022 and 21/02/2022
-
?
TruConnect
TruConnect files notice of a data breach after learning that an unauthorized party was able to access confidential consumer data stored on the company’s computer network.
Unknown
Information and communication
CC
US
TruConnect
104
11/01/2023
07/11/2022
07/11/2022
?
West Oaks Eyecare
West Oaks Eyecare discloses a ransomware incident.
Malware
Human health and social work
CC
US
West Oaks Eyecare, ransomware
105
11/01/2023
Since May 2022
-
?
Users of 20Speed VPN
Researchers from Bitdefender discover a new campaign delivering the surveillance spyware EyeSpy, targeting users of 20Speed VPN, an Iranian-based VPN service.
Malware
Individual
CE
IR
Bitdefender, EyeSpy, 20Speed VPN
106
11/01/2023
09/01/2023
09/01/2023
?
Okanagan College
Nearly 16,000 students and 1,200 staff at Okanagan College are unable to access campus network services after a cyber attack.
Unknown
Education
CC
CA
Okanagan College
107
11/01/2023
11/01/2023
11/01/2023
?
Sistema Integral De Control Alimentario (SICA)
The Sistema Integral De Control Alimentario (SICA) is hit with a cyber attack.
Unknown
Public admin and defence, social security
CC
VE
Sistema Integral De Control Alimentario, SICA, National Superintendence of AgriFood Management, SUNAGRO
108
11/01/2023
11/01/2023
11/01/2023
?
The Court of Justice of the State of Pará
The Court of Justice of the State of Pará suffers a cyberattack.
Unknown
Public admin and defence, social security
CC
BR
The Court of Justice of the State of Pará
109
11/01/2022
Early October 2022
Eartly October 2022
Everest
Rundle Eye Care
Rundle Eye Care notifies patients of data breach due to an Everest ransomware attack.
Malware
Human health and social work
CC
US
Rundle Eye Care
110
12/01/2023
11/01/2023
11/01/2023
NoName057(16)
Websites owned by multiple 2023 Czech presidential election candidates.
The pro-Russian group NoName057(16) launches a DDoS campaign against multiple websites owned by the 2023 Czech presidential election candidates.
DDoS
Public admin and defence, social security
H
CZ
Russia, NoName057(16), Czech Republic
111
12/01/2023
-
Since at least June 2022
Criminal organization in Europe
Individuals in Europe
Europol takes down multiple call centers across Europe controlled by a criminal organization involved in online investment fraud.
Crypto scam
Individual
CC
>1
Europol, Crypto
112
12/01/2023
-
-
?
Metamask users
Cryptocurrency wallet provider MetaMask warns users of a new scam called 'Address Poisoning' used to trick users into sending funds to a scammer rather than an intended recipient.
Crypto scam
Fintech
CC
>1
MetaMask, Address Poisoning
113
12/01/2023
-
-
Cuba
Multiple organizations
Microsoft says that Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against CVE-2022-41080 AKA OWASSRF, a critical server-side request forgery (SSRF) vulnerability also exploited in Play ransomware attacks.
Malware
Multiple Industries
CC
>1
Cuba, ransomware, Microsoft Exchange, CVE-2022-41080, OWASSRF, server-side request forgery, SSRF, Play
114
12/01/2023
-
-
?
Individuals
Daniel Milisic, a Canadian systems security consultant, discovers that the T95 Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware.
Malware
Individual
CC
>1
Daniel Milisic, T95, Android
115
12/01/2023
Since at least 06/01/2022
Since at least 06/01/2022
?
Vulnerable CentOS servers
Threat actors are actively exploiting CVE-2022-44877, a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly known as CentOS Web Panel.
CVE-2022-44877 Vulnerability
Multiple Industries
CC
>1
CVE-2022-44877, Control Web Panel, CWP, CentOS Web Panel
116
12/01/2023
Between 28/12/2022 and 04/01/2023 and between 05/01/2023 and 10/01/2023
11/01/2023
?
Liquor Control Board of Ontario (LCBO)
The Liquor Control Board of Ontario (LCBO), a Canadian government enterprise and the country's largest beverage alcohol retailer, reveals that unknown attackers had breached its website to inject malicious code designed to steal customer and credit card information at check-out.
Malicious script injection
Wholesale and retail
CC
CA
Liquor Control Board of Ontario, LCBO
117
12/01/2023
09/01/2023
09/01/2023
?
NFT Investments
NFT Investments, a British company that invests in companies developing non-fungible tokens (NFTs), announces that it lost $250,000 of assets in a cyberattack.
Account Takeover
Fintech
CC
UK
NFT Investments
118
12/01/2023
18/11/2022
29/11/2022
?
Hayward Sisters Hospital
Hayward Sisters Hospital, which operates under the name St. Rose Hospital, files notice of a data breach after learning that an unauthorized party accessed and removed files containing sensitive patient information from its computer network.
Unknown
Human health and social work
CC
US
Hayward Sisters Hospital, St. Rose Hospital
119
12/01/2023
'Recently'
'Recently'
Rhadamanthys Stealer
Multiple organizations
Researchers from Cyble discover a new infostealer, named Rhadamanthys Stealer, delivered via website redirects from Google Ads that pose as download sites for popular remote-workforce software, such as Zoom and AnyDesk.
Malware
Multiple Industries
CC
>1
Cyble, Rhadamanthys Stealer, Google Ads, Zoom AnyDesk
120
12/01/2023
07/01/2023
07/01/2023
?
City Council of Durango
The City Council of Durango reports to be “completely paralyzed” by a cyberattack.
Malware
Public admin and defence, social security
CC
ES
City Council of Durango, ransomware
121
12/01/2023
-
12/01/2023
?
Quintana Roo Attorney General’s Office
The Quintana Roo Attorney General’s Office appears to have suffered a data leak after a file with 7,910 complaints is published on a popular hacking forum.
Unknown
Public admin and defence, social security
CC
MX
Quintana Roo Attorney General’s Office
122
13/01/2023
-
11/01/2023
?
MailChimp
Email marketing firm MailChimp suffers another breach after hackers accessed an internal customer support and account administration tool, allowing the threat actors to access the data of 133 customers.
Account Takeover
Professional, scientific and technical
CC
US
MailChimp
123
13/01/2023
-
-
Kraken
Solaris
Solaris, a large darknet marketplace focused on drugs and illegal substances, is taken over by a smaller competitor named 'Kraken,' who claims to have hacked.
Undisclosed Vulnerabilities
Other service activities
CC
N/A
Solaris, Kraken
124
13/01/2023
-
13/01/2023
Enlace Hacktivist
Cellebrite
A hacktivist group named Enlace Hacktivist leaks 1.7TB of data of Cellebrite.
Unknown
Professional, scientific and technical
H
IL
Enlace Hacktivist, Cellebrite
125
13/01/2023
-
13/01/2023
Enlace Hacktivist
MSAB
The same hacktivist group Enlace Hacktivist leaks some data from the Swedish forensic firm MSAB.
Unknown
Professional, scientific and technical
H
SE
Enlace Hacktivist, MSAB
126
13/01/2023
Between 25/06/2022 and 29/06/2022
29/06/2022
?
Home Care Providers of Texas (HCPT)
Home Care Providers of Texas discloses a ransomware incident affecting more than 124,000 individuals.
Malware
Human health and social work
CC
US
Home Care Providers of Texas, ransomware, HCPT
127
13/01/2023
Clop AKA Cl0p
New York City Bar Association
The Clop AKA Cl0p ransomware gang adds the New York City Bar Association to their leak site today.
Malware
Other service activities
CC
US
Clop, Cl0p, ransomware, New York City Bar Association
128
13/01/2023
'Recently'
'Recently'
?
Jefferson County Health Center
Jefferson County Health Center d/b/a Jefferson County Health Department files notice of a data breach after learning that confidential patient information entrusted to the organization had been compromised in a recent cyberattack.
Unknown
Human health and social work
CC
US
Jefferson County Health Center, Jefferson County Health Department
129
13/01/2022
'Recently'
'Recently'
?
Organizations in South Korea
Researchers at Ahnlab discover a campaign distributing the Orcus RAT on file-sharing sites disguised as a cracked version of Hangul Word Processor.
Malware
Multiple Industries
CC
KR
Ahnlab, Orcus RAT, Hangul Word Processor.
130
14/01/2023
Between 07/01/2023 and 12/01/2023
-
Lolip0p
Python developers
Researchers from Fortinet reveal that a threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop the Wacatac info-stealing malware on developers' systems.
Malware
Multiple Industries
CC
>1
Fortinet, PyPI, Python Package Index, Wacatac
131
15/01/2023
-
-
?
Crypto users
Unknown threat actors set up fake websites for popular free and open-source software, such as VLC, 7-Zip, CCleaner, to promote malicious downloads through advertisements in Google search results.
Malware
Fintech
CC
>1
VLC, 7-Zip, CCleaner, SEO Poisoning
132
15/01/2023
Since at least 07/01/2023
07/01/2023
Multiple threat actors
Vulnerable Cacti instances
Threat actors are exploiting CVE-2022-46169, a critical bug in Cacti to install malware, open reverse shells.
CVE-2022-46169 vulnerability
Multiple Industries
CC
>1
CVE-2022-46169, Cacti
133
15/01/2023
15/01/2023
15/01/2023
?
24 Hours of Le Mans Virtual
Threat actors disrupt the 24 Hours of Le Mans Virtual esports event.
DDoS
Arts entertainment, recreation
CC
FR
24 Hours of Le Mans Virtual
134
15/01/2023
15/01/2023
15/01/2023
?
ODIN Intelligence
The website for ODIN Intelligence, a company that provides technology and tools for law enforcement and police departments, is defaced.
Defacement
Professional, scientific and technical
H
US
ODIN Intelligence
135
15/01/2023
14/01/2023
14/01/2023
?
NFT God
A non-fungible token (NFT) influencer who goes by ‘NFT God’ on Twitter loses all his digital assets after downloading a fake video streaming application laden with malware.
Malware
Fintech
CC
N/A
NFT God
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
It's time to publish the statistics derived from the cyber attacks timelines of August (Part I and Part II), a month particularly active from an Information Security perspective, despite the Summer time. As always, let’s start from the Daily Trend Chart, which shows obviously an ...
In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July...
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...