16-31 January 2023 Cyber Attacks Timeline

Last modified: February 13, 2023

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Attacks Distribution January H2 2023

Attacks Techniques January H2 2023

Follow @paulsparrows

Connect on Linkedin

The second cyber attacks timeline of January 2023 is out (first timeline here). In the second half of the month I collected 149 events (corresponding to 9.31 events/day), nearly a 10% increase compared to the previous timeline. This 2023 doesn’t look good from an infosec perspective.

After a few timelines stable around 30%, events characterized by ransomware drop to 22.8% (34 out of 149 events), on the other hand, 10 events were characterized by the exploitation of vulnerabilities (corresponding to 6.7%), an important decrease compared to the previous timeline where vulnerabilities were leveraged in 15 events.

However the most important aspect of this timeline is maybe the concerning frequency of attacks carried our via malvertising taking advantage of SEO poisoning: 7 events were characterized by this techinque, and even if this seems a small number, it’s an important novelty per se.

16-28 February 2023 Cyber Attacks Timeline

The second cyber attacks timeline of February 2023 is out and with 10.62 events/day confirms…

In the fintech space, FTX suffered another blow, with the claimed theft of $415M of cryptocurrency…

And the mega breaches continue to characterize the threat landscape: T-Mobile suffered another breach that led to the compromise of 37 million records due to an API vulnerability, JD Sports suffered the compromise of 10 million customer records, 2.6 million records were stolen from the language learning platorm DuoLingo, and finally a U.S. No Fly list with over 1.5 million records of banned flyers was shared publicly on a hacking forum, probably because of a cloud storage misconfiguration by CommuteAir.

In the Cyber Espionage space, Gamaredon was particularly active against targets in Ukraine, and Latvia, but it was not the only one. The timeline also reports campaigns carried out by APT29, APT15, and APT42.

And Ukraine was also hit by three attacks launched by the Sandworm group and carried out via destructive malware: SwiftSlicer, NikoWiper, and an additional sample against the Ukraine national news agency (Ukrinform). But Ukraine was not the only one… The SideWinder APT launched a cyber attack against the National Power Transmission Company of Pakistan (NTDC) leaving millions of people without power.

And last but not least, the hacktivist front was always hot, fueled by the campaigns of pro-Russian threat actors such as Killnet.

Even in this fortnight, the list is too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Expand for details

Geo Map January H2 2023

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	16/01/2023	During November 2022	During November 2022	Vice Society	University of Duisburg-Essen (UDE)	The Vice Society ransomware claims responsibility for a November 2022 cyberattack on the University of Duisburg-Essen (UDE) and also leaks files they claim to have stolen from the university during the breach, exposing potentially sensitive details about the university's operations, students, and personnel.	Malware	Education	CC	DE		Vice Society, ransomware, University of Duisburg-Essen, UDE
2	16/01/2023	-	21/06/2022	?	Undisclosed software development vendor	Nissan North America begins sending data breach notifications informing customers of a breach at a third-party service provider that exposed customer information.	Misconfiguration	Professional, scientific and technical	CC	N/A		Nissan North America
3	16/01/2023	16/01/2023	16/01/2023	?	Danish smartphone users	Numerous Danish smartphone users report suspicious SMS-type content originating from a questionable source, allegedly related to Danske Spil, a gambling site.	Malware	Individual	CC	DK		Danske Spil
4	17/01/2023	Early January 2023	Early January 2023	?	Individuals	Attackers setup up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results.	Malware	Individual	CC	>1		Google Search
5	17/01/2023	Since at least 17/01/2023	17/01/2023	Multiple threat actors	Multiple organizations	Researchers at Rapid7 reveal that a critical remote code execution (RCE) vulnerability affecting multiple Zoho ManageEngine products (CVE-2022-47966) is now being exploited in attacks.	CVE-2022-47966 Vulnerability	Multiple Industries	N/A	>1		Rapid7, Zoho ManageEngine, CVE-2022-47966
6	17/01/2023	-	-	?	Costa Rica Ministerio de Obras Públicas y Transportes (MOPT)	Costa Rica’s Ministry of Public Works and Transport (MOPT) says in a statement that it suffered a ransomware attack encrypting 12 of its servers.	Malware	Public admin and defence, social security	CC	CR		Costa Rica, Ministerio de Obras Públicas y Transportes, MOPT, Ministry of Public Works and Transport
7	17/01/2023	-	-	?	Mscripts	Mscripts files notice of a data breach after determining confidential consumer information entrusted to the company was accessible by an unauthorized party.	Unknown	Professional, scientific and technical	CC	US		Mscripts
8	17/01/2023	-	-	?	Diligent Corporation	The University of Colorado Hospital Authority (“UCHealth”) files notice of a data breach after learning about a cybersecurity incident at one of the organization’s vendors, Diligent Corporation.	Unknown	Professional, scientific and technical	CC	US		University of Colorado Hospital Authority, UCHealth, Diligent Corporation
9	17/01/2023	-	-	Earth Boogle	Organizations across the Middle East and North Africa	Researchers from Trend Micro discover an active campaign using Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) has been spotted infecting victims across the Middle East and North Africa.	Targeted Attack	Multiple Industries	CE	>1		Trend Micro, NjRAT, Bladabindi
10	17/01/2023	During December 2022	During December 2022	Multiple threat actors	Multiple organizations	Researchers at Sonatype reveal that during December 2022 they uncovered 422 malicious npm packages focused mainly on data exfiltration via typosquatting or “dependency confusion attacks.	Malware	Multiple Industries	CC	>1		Sonatype, NPM
11	17/01/2023	After 11/11/2022	After 11/11/2022	?	FTX	Embattled cryptocurrency exchange FTX claims that $415m worth of digital currency has been stolen by hackers.	Unknown	Fintech	CC	N/A		FTX
12	17/01/2023	During Q4 2022	During Q4 2022	?	Multiple organizations	Researchers from Trend Micro discover multiple campaigns distributing the Batloader malware.	Malware	Multiple Industries	CC	>1		Trend Micro, Batloader
13	17/01/2023	During November 2022	During November 2022	?	Undisclosed retailer	Researchers from IBM X-Force discover a PoS malware using Discord as the command and control infrastructure.	Malware	Wholesale and retail	CC	N/A		IBM X-Force, Discord
14	18/01/2023	-	17/01/2023	Genesis Day	Samsung	A group of Russian hacktivists going by the name “Genesis Day” claims it attacked Samsung’s offices in South Korea because of the country’s recent opening of a mission to the North Atlantic Treaty Organization (NATO). The group said it hacked the internal File Transfer Protocol service of the Samsung Group in South Korea as well as the internal employee system and the Samsung Group intranet.	Unknown	Manufacturing	H	KR		Russia, Genesis Day, Samsung, North Atlantic Treaty Organization, NATO, FTP
15	18/01/2023	17/01/2023	17/01/2023	Sandworm	Ukraine national news agency (Ukrinform)	The Computer Emergency Response Team of Ukraine (CERT-UA) links a destructive malware attack targeting the country's national news agency (Ukrinform) to Sandworm Russian military hackers.	Malware	Information and communication	CW	UA		Computer Emergency Response Team of Ukraine, CERT-UA, Ukrinform, Sandworm, Russia, Ukraine
16	18/01/2023	18/01/2023	18/01/2023	?	Yum! Brands	Yum! Brands, the fast food brand operator of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant chains, is targeted by a ransomware attack that forces the closure of 300 locations in the United Kingdom.	Malware	Accommodation and food service	CC	UK		Yum! Brands, KFC, Pizza Hut, Taco Bell, The Habit Burger Grill, ransomware
17	18/01/2023	Between 06/12/2022 annd 08/12/2022	21/12/2022	?	PayPal	PayPal sends out data breach notifications to approximately 35,000 users who had their accounts accessed through credential stuffing attacks that exposed some personal data.	Credential Stuffing	Wholesale and retail	CC	US		PayPal
18	18/01/2023	31/05/2022	31/05/2022	?	Farmers Investment Company (FICO)	Farmers Investment Company (FICO), doing business as Green Valley Pecan Company, files notice of a data breach after learning that an unauthorized party was able to access confidential consumer information stored on the company’s computer network.	Unknown	Accommodation and food service	CC	US		Farmers Investment Company, FICO, Green Valley Pecan Company
19	18/01/2023	Between July and December 2022	-	APT15 (AKA Playful Taurus, BackdoorDiplomacy, Vixen Panda, KeChang and NICKEL)	Iranian government	Researchers from Palo Alto Networks discover a new campaign by APT15 targeting the Iranian government.	Targeted Attack	Public admin and defence, social security	CE	IR		APT15, Playful Taurus, BackdoorDiplomacy, Vixen Panda, KeChang, NICKEL
20	18/01/2023	Early January 2023	Early January 2023	?	Individuals	Researchers from Zerofox discover an uptick in layoffs across industries has seen increased efforts by threat actors to target job seekers with employment scams.	Account Takeover	Individual	CC	>1		Zerofox
21	18/01/2023	-	17/01/2023	?	School District 42	The School District 42 has 19,126 records released in a breach when the documents appear to have been uploaded to a popular hacker forum.	Account Takeover	Education	CC	US		School District 42
22	18/01/2023	Since at least 16/01/2022	16/01/2023	Aurora	Multiple organizations	Researchers from Cyble discover a new campaign distributing the Aurora infostealer in disguise of legitimate applications.	Malware	Multiple Industries	CC	>1		Cyble, Aurora
23	18/01/2023	Early January 2023	Early January 2023	?	Lorenzi	Lorenzi, an Italian manufacturer of microfiber products for the shoes industry, is paralyzed by a ransomware attack.	Unknown	Manufacturing	CC	IT		Lorenzi, ransomware
24	19/01/2023	Since 25/11/2022	05/01/2023	?	T-Mobile	T-Mobile discloses a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming Interfaces (APIs).	API Vulnerability	Information and communication	CC	US		T-Mobile
25	19/01/2023	SInce at least 2020	-	Vastflux	Individuals	Researchers at HUMAN disclose a massive ad fraud operation dubbed 'Vastflux' that spoofed more than 1,700 applications from 120 publishers, mostly for iOS.	Malvertising	Individual	CC	>1		HUMAN, Vastflux, iOS
26	19/01/2022	-	-	?	Multiple organizations	Researchers at Avanan discover an unusual phishing technique, hiding empty SVG files inside HTML attachments pretending to be DocuSign documents.	Malware	Multiple Industries	CC	>1		Avanan, SVG, HTML, DocuSign
27	19/01/2023	Since at last September 2022	During September 2022	Roaming Mantis (AKA Shaoye)	Multiple organizations	Researchers from Kaspersky reveal that Roaming Mantis malware distribution campaign has updated Wroba.o/XLoader, its Android malware to include a DNS changer that modifies DNS settings on vulnerable WiFi routers to spread the infection to other devices.	Malware	Multiple Industries	CC	>1		Kaspersky, Roaming Mantis, Wroba.o/XLoader, Android
28	19/01/2023	-	-	?	Android users	Researchers at ThreatFabric discover Hook, a new Android malware sold by cybercriminals that can remotely take over mobile devices in real-time using VNC (virtual network computing).	Malware	Individual	CC	>1		ThreatFabric, Hook, Android, VNC
29	19/01/2023	19/01/2023	19/01/2023	Vice Society	Guildford County School	The Guildford County School is hit with a Vice Society ransomware attack.	Malware	Education	CC	UK		Guildford County School, Vice Society, ransomware
30	19/01/2023	15/01/2023	15/01/2023	?	Qulliq Energy Corporation	Qulliq Energy Corporation (QEC) in Canada’s Nunavut territory suffers a cyber attack that cripples the company’s administrative offices.	Unknown	Electricity, gas steam, air conditioning	CC	CA		Qulliq Energy Corporation, QEC, Canada, Nunavut
31	19/01/2023	-	17/01/2023	ALPHV AKA BlackCat	NextGen Healthcare	Hospital technology giant NextGen Healthcare said it is responding to a cyberattack after a the ALPHV AKA BlackCat ransomware group adds the company to its list of victims.	Malware	Professional, scientific and technical	CC	US		NextGen Healthcare, ALPHV, BlackCat, ransomware
32	19/01/2023	-	17/01/2023	ALPHV AKA BlackCat	Fresh Del Monte	Fresh Del Monte is added to the list of victims of the ALPHV AKA BlackCat ransomware group	Malware	Accommodation and food service	CC	US		Fresh Del Monte, ALPHV, BlackCat, ransomware
33	19/01/2023	-	17/01/2023	ALPHV AKA BlackCat	PharmaCare Services	PharmaCare Services is added to the list of victims of the ALPHV AKA BlackCat ransomware group	Malware	Human health and social work	CC	US		PharmaCare Services, ALPHV, BlackCat, ransomware
34	19/01/2023	Between 25/09/2022 and 26/10/2022	26/10/2022	?	Zendesk	Customer service solutions provider Zendesk suffers a data breach that resulted from employee account credentials getting phished by hackers.	Account Takeover	Professional, scientific and technical	CC	US		Zendesk
35	19/01/2023	During January 2022	During January 2022	Multiple threat actors	Multiple organizations	Researchers at Abnormal Security detect multiple campaigns in which threat actors use HR policy announcements and benefits updates to lure victims and steal employees credentials.	Account Takeover	Multiple Industries	CC	>1		Abnormal Security
36	19/01/2023	'Recently'	'Recently'	Multiple threat actors	Multiple organizations	Researchers from SentinelOne report an increase in malicious search engine advertisements (SEO Poisoning) in recent weeks.	Malvertising	Multiple Industries	CC	>1		SentinelOne, SEO Poisoning
37	19/01/2023	-	-	?	Vulnerable WordPress sites	Researchers from Sucuri discover a malicious campaign targeting vulnerable WordPress sites via a database injection with two different pieces of malware.	Malicious script injection	Multiple Industries	CC	>1		Sucuri, WordPress
38	19/01/2023	-	-	CrySIS/Dharma	Multiple organizations	Researchers from Fortinet discover a new variant of the CrySIS/Dharma ransomware.	Malware	Multiple Industries	CC	>1		Fortinet, CrySIS, Dharma, ransomware.
39	19/01/2023	-	-	Gigabud	Android users in Thailand, Peru, and the Philippines	Researchers from Cyble discover a new campaign where threat actors are distributing a new Android malware, named Gigabud, impersonating government agencies, financial institutions, and other organizations from Thailand, Peru, and the Philippines.	Malware	Individual	CC	PE PH TH		Cyble, Android, Gigabud
40	19/01/2023	Since 20/12/2022	'Recently'	Remcos	Multiple organizations	Researchers from Minerva discover a new version of the Remcos RAT being dropped via an NSIS installer file.	Malware	Multiple Industries	CC	>1		Remcos, Minerva
41	20/01/2023	Since at least October 2022	During December 2022	Chinese threat actors	European government	Researchers from Mandiant reveal that suspected Chinese hackers exploited CVE-2022-42475, a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government with a new custom 'BOLDMOVE' Linux and Windows malware.	CVE-2022-42475 Vulnerability	Public admin and defence, social security	CE	N/A		Mandiant, China, CVE-2022-42475, FortiOS, BOLDMOVE, Linux, Windows
42	20/01/2023	Since at least October 2022	During December 2022	Chinese threat actors	African MSP	Researchers from Mandiant reveal that suspected Chinese hackers exploited CVE-2022-42475, a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware.	CVE-2022-42475 Vulnerability	Public admin and defence, social security	CE	N/A		Mandiant, China, CVE-2022-42475, FortiOS, BOLDMOVE, Linux, Windows
43	20/01/2023	Mid-January 2023	Mid-January 2023	?	Riot Games	Riot Games, the video game developer and publisher behind League of Legends and Valorant, says it will delay game patches after its development environment was compromised	Unknown	Arts entertainment, recreation	CC	US		Riot Games
44	20/01/2023	-	19/02/2022	?	Livingston Memorial VNA Health Corporation	Livingston Memorial VNA Health Corporation files notice of a data breach after the company experienced what appears to have been a ransomware attack.	Malware	Human health and social work	CC	US		Livingston Memorial VNA Health Corporation, ransomware
45	20/01/2023	Between 08/09/2022 and 14/09/2022	15/09/2022	?	Bank of Eastern Oregon	The Bank of Eastern Oregon files notice of a data breach after learning that employee email accounts containing confidential customer information were accessed by an unauthorized party.	Account Takeover	Finance and insurance	CC	US		Bank of Eastern Oregon
46	20/01/2023	-	-	?	Members Trust of the Southwest Federal Credit Union	Members Trust of the Southwest Federal Credit Union files notice of a data breach after confirming that the confidential information of some bank customers was accessible by an unauthorized party.	Unknown	Finance and insurance	CC	US		Members Trust of the Southwest Federal Credit Union
47	20/01/2023	Since February 2022	Since February 2022	Gamaredon (AKA Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa)	Military and law enforcement sectors in Ukraine	Researchers from Blackberry discover new attacks by the Gamaredon group leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country.	Targeted Attack	Public admin and defence, social security	CE	UA		Blackberry, Gamaredon, Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, Trident Ursa
48	20/01/2023	'Recently'	'Recently'	Album stealer	Facebook users	Researchers from Zscaler discover Album stealer, targeting Facebook adult-only content seekers.	Malware	Individual	CC	>1		Zscaler, Album stealer
49	20/01/2023	-	-	TA542 (aka Gold Crestwood or Mummy Spider)	Multiple organizations	Researchers from Blackberry discover a new wave of Emotet spam emails using social engineering lures to convince the victims to open the attachments.	Malware	Multiple Industries	CC	>1		TA542, Gold Crestwood, Mummy Spider, Emotet, Blackberry
50	20/01/2023	-	-	LockBit 3.0	Politriz	Politriz, which sells cleaning, care and scented cleaning products, has been added to the LockBit 3.0 leak page.	Malware	Wholesale and retail	CC	BR		Politriz, LockBit 3.0
51	21/01/2023	-	-	?	Multiple organizations	A new campaign is using OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets.	Malware	Multiple Industries	CC	>1		OneNote
52	21/01/2023	-	-	?	Grand Theft Auto (GTA) Online players	Grand Theft Auto (GTA) Online players report losing game progress, in-game money being stolen, and being banned from game servers due to an alleged vulnerability in the game's PC version.	Vulnerability	Arts entertainment, recreation	CC	>1		Grand Theft Auto, GTA
53	21/01/2023	Since at least November 2022	21/01/2023	DEV-0569	Multiple organizations	The threat actor tracked as DEV-0569 is using Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords, and ultimately breach networks for ransomware attacks.	Malvertising	Multiple Industries	CC	>1		DEV-0569, Google Ads
54	21/01/2023	11/01/2023	11/01/2023	?	Prison of Draguignan	The French Prison of Draguignan is hit with a cyber attack.	Unknown	Public admin and defence, social security	CC	FR		Prison of Draguignan
55	21/01/2023	-	21/01/2023	ALPHV AKA BlackCat	Instituto Federal Do Pará (IFPA)	The Instituto Federal Do Pará (IFPA), a public education institution in Brazil, is added to the leaks site of the ALPHV (BlackCat) ransomware gang.	Malware	Education	CC	BR		Instituto Federal Do Pará, IFPA, ALPHV, BlackCat, ransomware
56	21/01/2023	Between 18/01/2023 and 19/01/2023	Between 18/01/2023 and 19/01/2023	?	Benetton Group	Renowned Italian clothing company the Benetton Group reportedly is hit with a cyberattack from an unknown threat group	Unknown	Wholesale and retail	CC	IT		Benetton
57	23/01/2023	Mid-January 2023	Mid-January 2023	Gamaredon (AKA Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa)	Latvia’s Ministry of Defense	Researchers from Sekoia discover a phishing attack on Latvia’s Ministry of Defense carried out by the Russian Gamaredon group, pretending to be Ukrainian government officials.	Targeted Attack	Public admin and defence, social security	CE	LV		Sekoia, Latvia, Ministry of Defense, Russia, Gamaredon, Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, Trident Ursa
58	23/01/2023	Mid-January 2023	Mid-January 2023	?	Individuals	A new campaign abuses Google Ads invites to deliver email messages promoting spam and sex websites.	Malvertising	Individual	CC	US		Google Ads
59	23/01/2023	During December 2022	During December 2022	?	Individuals in China	Researchers at Fortinet discover a phishing campaign using a variety of QR codes to target Chinese language users.	Account Takeover	Individual	CC	CN		Fortinet, QR code
60	23/01/2023	22/01/2023	22/01/2023	?	Audifarma	Audifarma, a Colombian pharmacy chain, announces that it had been the victim of a cyber attack.	Unknown	Wholesale and retail	CC	CO		Audifarma
61	23/01/2023	20/01/2023	20/01/2023	BlackCat	Wawasee Community School Corporation	The Wawasee Community School Corporation is hit with a ransomware attack.	Malware	Education	CC	US		Wawasee Community School Corporation
62	24/01/2023	'Recently'	'Recently'	DragonSpark	Organizations in East Asia	Researchers from SentinelOne discover a Chinese-speaking hacking group tracked as ‘DragonSpark’ employing SparkRAT and Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia.	Targeted Attack	Multiple Industries	CE	>1		SentinelOne, DragonSpark, SparkRAT, Golang
63	24/01/2023	In the second half of 2022	In the second half of 2022	Multiple threat actors	Multiple organizations	Researchers from Palo Alto Networks reveal that attackers have leveraged CVE-2021-35394, a critical remote code execution vulnerability in Realtek Jungle SDK to launch 134 million attacks trying to infect smart devices in the second half of 2022.	CVE-2021-35394 Vulnerability	Multiple Industries	CC	>1		Palo Alto Networks, CVE-2021-35394, Realtek Jungle SDK
64	24/01/2023	-	-	?	Bitwarden and other password manager users	Bitwarden and other password manager users are being targeted in Google ads phishing campaigns to steal users' password vault credentials.	Malvertising	Individual	CC	>1		Bitwarden, Google Ad
65	24/01/2023	Since at least 24/01/2023	24/01/2023	?	Crypto users	After Porsche cut its minting of a new NFT collection, threat actors fill the void by creating phishing sites that steal digital assets from cryptocurrency wallets.	Account Takeover	Fintech	CC	>1		Porsche, NFT
66	24/01/2023	-	24/01/2023	?	DuoLingo	Language learning platform DuoLingo says it is investigating a post on a hacking forum offering information on 2.6 million customer accounts for $1,500.	Misconfiguration	Education	CC	US		DuoLingo
67	24/01/2023	During January 2023	24/01/2023	?	Hilton Hotels?	A database of 3.7 million users belonging to the Hilton Hotels Honors is leaked in a forum. After analyzing the sample, the company confirms the leaks contains approximately 500,000 Hilton Honors accounts without passwords or financial data.	Unknown	Accommodation and food service	CC	US		Hilton Hotels, Hilton Honors
68	24/01/2023	Mid-January 2023	-	LockBit 3.0	Circleville Municipal Court	The Circleville Municipal Court is hit with a LockBit 3.0 ransomware attack.	Malware	Public admin and defence, social security	CC	US		Circleville Municipal Court, LockBit, Ransomware
69	24/01/2023	23/01/2023	23/01/2023	SideWinder APT	Pakistan National Transmission & Despatch Company (NTDC)	The National Power Transmission Company of Pakistan (NTDC) suffers a cyber attack allegedly carried out by the Indian SideWinder APT and as a result, the country suffers a nationwide blackout which leaves millions of people without power.	Targeted Attack	Electricity, gas steam, air conditioning	CW	PK		Pakistan, India, National Power Transmission Company of Pakistan, NTDC, SideWinder APT
70	24/01/2023	-	-	?	Planet Ice	The ice rink operator Planet Ice suffers a data breach, and approximately 200,000 people have their details stolen.	Unknown	Arts entertainment, recreation	CC	UK		Planet Ice
71	24/01/2023	Since 26/12/2022	Late December 2022	?	Vulnerable WordPress sites	Researchers from Sucuri discover a massive campaign infecting over 4,500 WordPress websites with the purpose to redirect the users to malicious websites.	Multiple vulnerabilities	Multiple Industries	CC	>1		WordPress, Sucuri
72	24/01/2023	Since at least November 2021	During November 2021	GuLoader	e-commerce industry located in South Korea and the United States	Researchers at Trellix discover a GuLoader campaign targeting e-commerce industries located in South Korea and the United States, and distributing the malware via NSIS files.	Malware	Wholesale and retail	CC	KR US		Trellix, GuLoader, NSIS
73	24/01/2023	Since at least November 2022	During November 2021	Multiple threat actors	Organizations in the U.S., Poland, Austria, Kuwait, and Turkey	Researchers from Bitdefender Labs notice an increase in attacks using ProxyNotShell/OWASSRF exploits chains to target on-premises Microsoft Exchange deployments.	CVE-2021-26855, CVE-2021-27065, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, CVE-2022-41080, CVE-2022-41082, OWASSRF Vulnerabilities	Multiple Industries	CC	AT KW PL US TR		Bitdefender, ProxyNotShell/OWASSRF, CVE-2021-26855, CVE-2021-27065, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, CVE-2022-41080, CVE-2022-41082, Microsoft Exchange
74	24/01/2023	-	-	_	Puma	Private data allegedly belonging to more than 230,000 Puma customers in Chile is found on a hacker forum.	Malware	Manufacturing	CC	CL		Puma
75	24/01/2023	-	23/01/2023		ePublic	The database of ePublic, an IT service provider offering services to multiple Italian municipalities, is leaked online.	Unknown	Professional, scientific and technical	CC	IT		ePublic
76	25/01/2023	25/01/2023	25/01/2023	Killnet	Germany's government, banking, and airport sites	After Berlin agreed to send its advanced Leopard 2 tanks to Ukraine, Russia-backed threat group Killnet retaliates with DDoS attacks aimed at Germany's government, banking, and airport sites.	DDoS	Public admin and defence, social security	H	DE		Killnet, Leopard 2, Russia, Ukraine
77	25/01/2023	Since August 2022	-	PY#RATION	Multiple organizations	Researchers from Securonix discover PY#RATION, a new Python-based malware featuring remote access trojan (RAT) capabilities.	Malware	Multiple Industries	CC	>1		Securonix, PY#RATION, Python
78	25/01/2023	During June 2022	During October 2022	?	Undisclosed federal civilian agency	The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Multi-State Information Sharing and Analysis Center (MS-ISAC) discover a refund scam campaign perpetrated through the use of remote monitoring and management (RMM) software like ScreenConnect and AnyDesk.	Account Takeover	Public admin and defence, social security	CC	US		Cybersecurity and Infrastructure Security Agency, CISA, National Security Agency, Multi-State Information Sharing and Analysis Center, MS-ISAC ScreenConnect, AnyDesk
79	25/01/2023	During September 2022	During October 2022	?	Undisclosed federal civilian agency	The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Multi-State Information Sharing and Analysis Center (MS-ISAC) discover a refund scam campaign perpetrated through the use of remote monitoring and management (RMM) software like ScreenConnect and AnyDesk.	Account Takeover	Public admin and defence, social security	CC	US		Cybersecurity and Infrastructure Security Agency, CISA, National Security Agency, Multi-State Information Sharing and Analysis Center, MS-ISAC ScreenConnect, AnyDesk
80	25/01/2023	During 2022	During 2022	TA444	Crypto users	Researchers from Proofpoint reveal the details of TA444, a North Korea state-sponsored threat actor focused on financially-motivated operations.	Account Takeover	Finance and insurance	CC	ES JP PL UK US		Proofpoint, TA444, North Korea
81	25/01/2023	Since at least 21/01/2023	21/01/2023	Multiple threat actors	Multiple organizations	Exploitation attempts targeting CVE-2022-21587, a critical-severity Oracle E-Business Suite vulnerability, are observed shortly after proof-of-concept (PoC) code was published.	CVE-2022-21587 Vulnerability	Multiple Industries	N/A	N/A		CVE-2022-21587, Oracle E-Business Suite
82	25/01/2023	-	-	?	South Dakota Gov. Kristi Noem	South Dakota Gov. Kristi Noem says that her personal cell phone number has been hacked and blamed it on the release of her Social Security number.	Unknown	Individual	CE	US		South Dakota, Kristi Noem
83	25/01/2023	Between 31/12/2021 and 27/01/2022	27/01/2022	?	Lutheran Social Services of Illinois (LSSI)	Lutheran Social Services of Illinois (LSSI) files notice of a data breach following a ransomware attack that compromised confidential patient information stored on the company’s computer network.	Malware	Human health and social work	CC	US		Lutheran Social Services of Illinois, LSSI, ransomware
84	25/01/2023	Late 2022	Late 2022	Kronos	Financial institutions in Mexico	Researchers at IBM Security Trusteer discover an increase in Kronos malware activity in Mexico, used to launch JavaScript web-injects on financial institutions with a malicious chrome extension.	Malware	Finance and insurance	CC	MX		IBM Security Trusteer, Kronos
85	25/01/2023	Since at least November 2022	During November 2022	Titan	Multiple organizations	Researchers at Cyble discover a new infostealer written in GO, named Titan.	Malware	Multiple Industries	CC	>1		Titan, Cyble, GO
86	26/01/2023	During 2022	During 2022	Dragonbridge AKA Spamouflage Dragon	Individuals worldwide	Google’s Threat Analysis Group terminates 100,960 accounts across its platforms, including YouTube, Blogger, and AdSense, linked to a group known as "Dragonbridge" or "Spamouflage Dragon" disseminating pro-Chinese disinformation across multiple online platforms.	Coordinated Inauthentic Behavior	Individual	CW	>1		Google, Threat Analysis Group, TAG, YouTube, Blogger, AdSense, Dragonbridge, Spamouflage Dragon
87	26/01/2023	During 2022	During 2022	SEABORGIUM AKA TA446	Organizations in the U.K.	The U.K. National Cyber Security Centre (NCSC) issued a warning of state-sponsored Russian attackers from SEABORGIUM increasingly targeting organizations and individuals.	Targeted Attack	Multiple Industries	CE	UK		SEABORGIUM, TA446, U.K. National Cyber Security Centre, NCSC, Russia
88	26/01/2023	During 2022	During 2022	APT42 AKA TA453	Organizations in the U.K.	The U.K. National Cyber Security Centre (NCSC) issued a warning of state-sponsored Iranian attackers from APT42 increasingly targeting organizations and individuals.	Targeted Attack	Multiple Industries	CE	UK		APT42, TA453, U.K. National Cyber Security Centre, NCSC, Iran
89	26/01/2023	Since at least June 2022	During June 2022	Mimic	Multiple organizations	Researchers from Trend Micro discover a new ransomware strain named Mimic that leverages the APIs of the 'Everything' file search tool for Windows to look for files targeted for encryption.	Malware	Multiple Industries	CC	>1		Trend Micro, ransomware, Mimic Everything, file search, Windows
90	26/01/2023	'Recently'	'Recently'	PlugX	Multiple organizations	Researchers from Palo Alto Networks discover a variant of the PlugX malware that can hide malicious files on removable USB devices and then infect the Windows hosts they connect to.	Malware	Multiple Industries	CC	>1		Palo Alto Networks, PlugX, USB
91	26/01/2023	Since at least November 2022	During November 2022	UNC2565	Multiple organizations	Researchers from Mandiant discover a new variant of the GOOTLOADER malware, named GOOTLOADER.POWERSHELL, implementing new obfuscation techniques.	Malware	Multiple Industries	CC	>1		UNC2565, Mandiant, GOOTLOADER, GOOTLOADER.POWERSHELL
92	26/01/2023	-	-	Abraham's Ax	Saudi Arabia government ministries	Abraham's Ax, an Iran-linked APT group affiliated to Moses Staff (AKA COBALT SAPLING) leaks data stolen from Saudi Arabia government ministries.	Unknown	Public admin and defence, social security	H	SA		Abraham's Ax, APT, Moses Staff, Saudi Arabia, COBALT SAPLING
93	26/01/2023	Between 13/01/2023 and 20/01/2023	Between 13/01/2023 and 20/01/2023	?	Individuals in Canada	Researchers from Bitdefender discover a new campaign delivering the AsyncRat credential-stealing Trojan via OneNote attachments impersonating Ultramar, a well-known Canadian gas and home fuel retailer.	Malware	Individual	CC	CA		Bitdefender, AsyncRat, OneNote, Ultramar
94	26/01/2023	26/08/2023	29/12/2023	Avos Locker?	Stratford University	Stratford University, discloses a ransomware attack, probably by the Avos Locker gang.	Malware	Education	CC	US		Stratford University, ransomware, Avos Locker
95	26/01/2023	01/03/2022	-	?	Matco Tools Corporation	Matco Tools Corporation files notice of a data breach following a cybersecurity incident that leaked confidential consumer information that was in the company’s possession.	Unknown	Wholesale and retail	CC	US		Matco Tools Corporation
96	26/01/2023	25/01/2023	25/01/2023	Cyber Security Team	A dozen university websites in South Korea	A Chinese group named Cyber Security Team defaces a dozen of university websites in North Korea.	Defacement	Education	H	KR		Cyber Security Team
97	26/01/2023	-	-	?	Several hundred individuals in West Africa	Researchers at Domaintools discover a malicious campaign impersonating American financial advisors targeting several hundred individuals in West Africa.	Account Takeover	Finance and insurance	CC	>1		Domaintools, Pig-butchering
98	26/01/2023	Since January 2023	During January 2023	Godfather	Mobile banking users in Europe	Researchers at EclectiqIQ discover a new campaign by the Godfather mobile banking trojan targeting European countries using approximately 400 different banking and cryptocurrency applications spread across 15 international banks, 94 cryptocurrency wallets, and 110 cryptocurrency exchange platforms.	Malware	Finance and insurance	CC	>1		EclectiqIQ, Godfather
99	26/01/2023		-	?	South East Regional Health Authority (SERHA)	The South East Regional Health Authority (SERHA) in Jamaica is hit with a ransomware attack.	Malware	Human health and social work	CC	JM		South East Regional Health Authority, SERHA
100	26/01/2023	Since January 2022	Since January 2022	?	Jobseekers	Researchers from Zscaler observe multiple suspicious job portals and surveys used by attackers to solicit information from job seekers under the guise of employment application forms.	Account Takeover	Individual	CC	>1		Zscaler
101	27/01/2023	25/01/2023	25/01/2023	Sandworm	Organization in Ukraine	Researchers from ESET discover a new data-wiping malware, named SwiftSlicer, deployed by the Russian group Sandworm, and used against an organization un Ukraine, and aiming to overwrite crucial files used by the Windows operating system.	Malware	Unknown	CW	UA		ESET, SwiftSlicer, Sandworm, Russia, Ukraine
102	27/01/2023	Between November 2021 and August 2022	28/12/2022	?	Zacks Investment Research (Zacks)	Zacks Investment Research (Zacks) discloses that threat actors breached Zacks Investment Research and gained access to personal and sensitive information belonging to 820,000 customers.	Unknown	Finance and insurance	CC	US		Zacks Investment Research, Zacks
103	27/01/2023	-	-	?	Android users	Researchers from Dr.Web discover a new category of malicious Android apps downloaded more than 20 million times, tracking the users' activity and forcing them to watch a large number of advertisements.	Malware	Individual	CC	>1		Dr.Web, Android
104	27/01/2023	-	26/01/2023	?	Undisclosed third-party vendor	Telecommunications company Charter Communications says one of its third-party vendors suffered from a security breach after data from the company showed up on a hacking forum.	Unknown	Information and communication	CC	US		Charter Communications
105	27/01/2023	-	-	ALPHV AKA BlackCat	Solar Industries India	The BlackCat Ransomware gang added Solar Industries India to the list of victims published on its Tor leak site.	Malware	Manufacturing	CC	IN		ALPHV, BlackCat, Ransomware, Solar Industries India
106	27/01/2023	-	-	?	Individuals in the U.S.	The Better Business Bureau warns that fraudsters are taking advantage of the US Social Security Administration’s increase in cost of living adjustment payments (COLA).	Account Takeover	Individual	CC	US		Better Business Bureau, US Social Security Administration, COLA
107	27/01/2023	-	-	?	Stroke Scan	Stroke Scan files notice of a data breach \after learning that confidential consumer information stored on the company’s computer network had been compromised.	Unknown	Human health and social work	CC	US		Stroke Scan
108	27/01/2023	Between 11/09/2022 and 11/10/2022	-	?	Morgan Hill Unified School District	Morgan Hill Unified School District in California discloses a breach that occurred when an employee’s email account was accessed without authorization.	Account Takeover	Education	CC	US		Morgan Hill Unified School District
109	27/01/2023	-	14/01/2023	ALPHV AKA BlackCat	Somacis	Somacis, a manufacturer of printed circuit boards, has 252 Gb of data leaked by the ALPHV (BlackCat) ransomware gang.	Malware	Manufacturing	CC	IT		Somacis, ALPHV, BlackCat, ransomware
110	27/01/2023	Between 31/10/2022 and 27/11/2022	Late November 2022	?	DotHouse Health	DotHouse Health files notice of a data breach after learning that an unauthorized party was able to access confidential information stored on the company’s computer systems.	Unknown	Human health and social work	CC	US		DotHouse Health
111	28/01/2023	'Recently'	'Recently'	?	Small Medium Businesses in Belgium	A group of threat actors mimicking the LockBit ransomware gang launches a campaigns against small medium businesses in Belgium, probably using a leaked version of the LockBit encryptor.	Malware	Multiple Industries	CC	BE		LockBit
112	28/01/2023	-	-	Vice Society	Seguros Equinoccial S.A.	Seguros Equinoccial S.A., an insurance firm, is added to Vice Society’s ransomware leak site.	Malware	Finance and insurance	CC	EC		Seguros Equinoccial S.A., Vice Society, ransomware
113	29/01/2023	-	29/01/2023	IT Army of Ukraine	Gazprom	The IT Army of Ukraine claims to have accessed a 1.5 GB archive of files belonging to the Russian state-controlled energy giant, Gazprom.	Unknown	Electricity, gas steam, air conditioning	H	RU		IT Army of Ukraine, Russia, Gazprom
114	29/01/2023	-	29/01/2023	?	Multiple organizations	Researchers from Phylum discover a malicious campaign consisting of 101 malicious NPM packages.	Malware	Multiple Industries	CC	>1		Phylum, NPM
115	30/01/2023	30/01/2023	30/01/2023	Killnet	Websites of dozens of U.S. hospitals	The websites of dozens of U.S. hospitals are taken down by a DDoS attack launched by the pro-Russian Killnet collective.	DDoS	Human health and social work	H	US		Killnet, Russia
116	30/01/2023	-	26/01/2023	?	CommuteAir	A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 'selectees' is shared publicly on a hacking forum.	Misconfiguration	Transportation and storage	CC	US		CommuteAir
117	30/01/2023	-	-	?	JD Sports	UK sports apparel chain JD Sports warns customers of a data breach after a server was hacked that contained online order information for 10 million customers.	Unknown	Wholesale and retail	CC	UK		JD Sports
118	30/01/2023	06/12/2022	07/12/2022	?	GitHub	GitHub says unknown attackers stole encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.	Account Takeover	Professional, scientific and technical	CC	US		GitHub
119	30/01/2023	27/01/2023	Since at least March 2022	Passion	Medical institutions in the USA, Portugal, Spain, Germany, Poland, Finland, Norway, Netherlands, and the United Kingdom	Researchers from Radware discover a new DDoS-as-a-Service platform named 'Passion' used in recent attacks by pro-Russian hacktivists against medical institutions in the United States and Europe.	DDoS	Human health and social work	H	ES FI NL NO PL PT UK US		Radware, Passion, Russia
120	30/01/2023	-	29/03/2022	?	Vice Media	Vice Media suffers a cyber attack and a breach leaking the sensitive information and financial data of more than 1,700 people.	Unknown	Information and communication	CC	US		Vice Media
121	30/01/2023	31/10/2022	23/11/2022	LockBit 3.0	PBS KVIE	The LockBit ransomware group claims responsibility for a ransomware attack on PBS KVIE, a public broadcasting affiliate in Sacramento, California.	Malware	Information and communication	CC	US		LockBit, ransomware, PBS KVIE, Sacramento, California
122	30/01/2023	Since at least October 2022	During October 2022	APT29 AKA Cozy Bear, the Dukes, Nobelium, Yttrium, and BlueBravo	Unknown embassy staff or an ambassador	Researchers from Recorded Future discover a new campaign carried out by the Russian APT29 group targeting embassy-related individuals with the GraphicalNeutrino malware.	Targeted Attack	Public admin and defence, social security	CE	N/A		Recorded Future, Russia, APT29, Cozy Bear, the Dukes, Nobelium, Yttrium, BlueBravo, GraphicalNeutrino
123	30/01/2023	-	30/01/2023	Electronic Quds Force	Israeli chemical companies operating in the occupied territories	Pro-Palestinian threat actors from the Electronic Quds Force, launch a massive hacking campaign aimed at Israeli chemical companies operating in the occupied territories. As a proof the group leaks images industrial Control Systems (ICSs) allegedly belonging to one of the chemical companies that are targets of the cyber attacks.	Unknown	Manufacturing	H	IL		Electronic Quds Force, Palestine, Israel
124	30/01/2023	30/01/2023	30/01/2023	?	Atlantic General Hospital	Atlantic General Hospital is hit with a ransomware attack.	Malware	Human health and social work	CC	US		Atlantic General Hospital, ransomware
125	30/01/2023	Since July 2016	-	TrickGate	Organizations in the manufacturing, education, healthcare, finance sector and business enterprises.	Researchers at Checkpoint reveal that the malicious software service TrickGate is still alive and used by threat actors for over six years to distribute multiple payloads such as Cerber, Trickbot, Maze, Emotet, REvil, Cobalt Strike, AZORult, Formbook, AgentTesla, and bypass endpoint detection and response (EDR) protection software.	Malware	Multiple Industries	CC	>1		Checkpoint, TrickGate, Cerber, Trickbot, Maze, Emotet, REvil, Cobalt Strike, AZORult, Formbook, AgentTesla
126	30/01/2023	30/01/2023	30/01/2023	?	Skyview Networks	An unauthorized person or group gains access to internal systems used by Skyview Networks, disrupting the delivery of the CBS World News Roundup and other programming to radio affiliates.	Unknown	Information and communication	CC	US		Skyview Networks
127	30/01/2023	-	-	LockBit 3.0	Luaces Asesores	The LockBit ransomware gang claims to have attacked Luaces Asesores, an accounting, tax, and labor advisor firm.	Malware	Professional, scientific and technical	CC	ES		LockBit, Luaces Asesores, ransomware
128	30/01/2023	-	-	LockBit 3.0	IT Servicios	Telecommunications firm IT Servicios is also added to LockBit3.0’s ransomware leak site.	Malware	Information and communication	CC	MX		IT Servicios, LockBit3.0, ransomware
129	31/01/2023	31/01/2023	31/01/2023	Anonymous Russia	Convex	In name of #OpRussia, the Anonymous leak 128GB of data stolen from Russian ISP Convex.	Unknown	Information and communication	H	RU		#OpRussia, Anonymous Russia, Convex
130	31/01/2023	During October 2022	During October 2022	Sandworm	Energy company in Ukraine	Researchers at ESET reveal that the Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine.	Malware	Electricity, gas steam, air conditioning	CW	UA		ESET, Russia, Ukraine, Sandworm, NikoWiper
131	31/01/2023	'Recently'	'Recently'	Gamaredon (AKA Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa)	Organizations in Ukraine	The State Cyber Protection Centre (SCPC) of Ukraine warns of a new wave of targeted attacks conducted by the Russia-linked APT group Gamaredon.	Targeted Attack	Multiple Industries	CE	UA		Gamaredon, Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, Trident Ursa, State Cyber Protection Centre, Ukraine
132	31/01/2023	30/01/2023	30/01/2023	Pro-Russian hacktivists	Denmark's Centre for Cyber Security	The Denmark's Centre for Cyber Security is taken down by a DDoS attack allegedly carried out by pro-Russian hacktivists, following an announcement raising its cyber risk alert level.	DDoS	Public admin and defence, social security	H	DK		Denmark, Russia
133	31/01/2023	Between 06/12/2024 and 27/12/2023	06/12/2022	?	Multiple organizations	Microsoft disables multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations' cloud environments to steal email.	Account Takeover	Multiple Industries	CC	>1		Microsoft, Proofpoint, OAuth
134	31/01/2023	-	-	Prilex	Multiple organizations	Researchers from Kaspersky discover new versions of the Prilex point-of-sale malware able to block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware.	Malware	Wholesale and retail	CC	>1		Kaspersky, Prilex
135	31/01/2023	Since at least 10/12/2022	10/12/2022	?	Multiple organizations	Researchers from Resecurity discover a relatively new ransomware operation known as Nevada with improved functionality targeting Windows and VMware ESXi systems.	Malware	Multiple Industries	CC	>1		Resecurity, Nevada with, Windows, VMware, ESXi
136	31/01/2023	31/01/2023	31/01/2023	LockBit 3.0	ION Group	The LockBit ransomware gang claims responsibility for the cyberattack on ION Group, a UK-based software company whose products are used by financial institutions, banks, and corporations for trading, investment management, and market analytics.	Malware	Professional, scientific and technical	CC	UK		LockBit, ransomware, ION Group
137	31/01/2023	30/01/2023	30/01/2023	Royal	Tucson Unified School District	The Tucson Unified School District is hit with a Royal ransomware attack.	Malware	Education	CC	US		Royal, ransomware, Tucson Unified School District
138	31/01/2023	During H1 January 2023	During H1 January 2023	?	Multiple organizations	Researchers from Armorblox discover a malicious DocuSign document in a campaign trying to steal credentials belonging to more than 10,000 people across several organizations.	Account Takeover	Multiple Industries	CC	>1		Armorblox, DocuSign
139	31/01/2023	Since at least 22/12/2022	31/01/2023	?	Nantucket Public Schools	Nantucket Public Schools are hit with a ransomware attack.	Malware	Education	CC	US		Nantucket Public Schools, ransomware
140	31/01/2023	11/01/2023	-	?	Mount Lilydale Mercy College	About 400 parents of students attending Mount Lilydale Mercy College, a Catholic high school near Melbourne, Australia, are informed of a cyberattack that exposed their credit card details.	Unknown	Education	CC	AU		Mount Lilydale Mercy College
141	31/01/2023	-	01/11/2022	?	Benefit Administrative Systems	Benefit Administrative Systems notifies certain individuals about the exposure of an electronic file that contained sensitive personally identifiable information and was accessed by unauthorized individuals,	Misconfiguration	Administration and support service	CC	US		Benefit Administrative Systems
142	31/01/2023	-	-	InTheBox	Android banking users	Researchers from Cyble discover a threat actor named inTheBox offering ready-to-sale web injects that are compatible with various Android banking malware.	Malware	Finance and insurance	CC	>1		Cyble, InTheBox, Android
143	31/01/2023	-	-	LockBit 3.0	Juva Skin & Laser Center	The LockBit ransomware group adds Juva Skin & Laser Center ito its dark web leak site.	Malware	Human health and social work	CC	US		LockBit, ransomware, Juva Skin & Laser Center
144	31/01/2023	-	-	LockBit 3.0	Arizona Liver Health	The LockBit ransomware group adds Arizona Liver Health ito its dark web leak site.	Malware	Human health and social work	CC	US		LockBit, ransomware, Arizona Liver Health
145	31/01/2023	'Recently'	'Recently'	?	Multiple organizations	Researchers at Fortinet discover a new campaign aimed to cryptojack systems to mine for Monero (XMR) cryptocurrency.	Malware	Multiple Industries	CC	>1		Fortinet, Monero, XMR
146	31/01/2023	'Recently'	'Recently'	?	1Password users	Researchers at Malwarebytes discover a malicious campaign using Google Ad to steal the passwords from the 1Password Password Manager users.	Malvertising	Individual	CC	>1		Malwarebytes, Google Ad, 1Password
147	31/01/2023	Since at least 16/01/2023	16/01/2023	?	Multiple organizations	Researchers at AhnLab discover a phishing campaign distributed with a changing icon to reflect the mail account service entered by the user.	Account Takeover	Multiple Industries	CC	>1		AhnLab
148	31/01/2023	31/01/2023	31/01/2023	?	Super Bock	The beverage company Super Bock is the target of a cyberattack that causes "disruptions in computer services, with constraints on regular operations, namely in terms of service."	Unknown	Accommodation and food service	CC	PT		Super Bock
149	31/01/2023	Since at least 25/01/2023	25/01/2023	Vidar	Multiple organizations	Researchers from Darktrace discover a campaign distributing the Vidar Info-stealer malware via malvertising on Google.	Malvertising	Multiple Industries	CC	>1		Darktrace, Vidar, Google
150	31/01/2023	-	-	?	Appui Santé Nord Finistère	The Appui Santé Nord Finistère is hit with a ransomware attack.	Malware	Human health and social work	CC	FR		Appui Santé Nord Finistère, ransomware
151	31/01/2023	-	-	?	Migliorshop	Miggliorshop, a service provider for e-commerce pharmacy sites, suffers a cyber attack, and as a consequence multiple retailer are impacted.	Multiple vulnerabilities	Professional, scientific and technical	CC	IT		Migliorshop
152	31/01/2023	Since March 2021	-	?	Unnamed education provider in Australia	Attacker break into at least 12 Australian companies using a sophisticated campaign that compromised an online education provider then impersonated it to gain access to other firms’ systems.	Account Takeover	Professional, scientific and technical	CC	AU
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

2022 Cyber Attacks Statistics
And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...
Leaky Buckets in 2022
Similarly to what I have done in 2021, I am now collecting the incidents due to cloud misconfigurations and leading to the exposure of data.
The Biggest Data Breaches of 2021
With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.
16-28 February 2023 Cyber Attacks Timeline
The second cyber attacks timeline of February 2023 is out and with 10.62 events/day confirms...
2020 Cyber Attacks Statistics
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.