1-15 February 2023 Cyber Attacks Timeline

Last modified: February 27, 2023

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Attack Distribution February H1 2023

Attack Techniques February H1 2023

Follow @paulsparrows

Connect on Linkedin

The first cyber attacks timeline of February 2023 is out setting a new maximum. In the first half of the month I collected 182 events (12.13 events/day.) This is the new maximum for the last 12 months and corresponds to nearly a 20% increase compared to the previous timeline.

Ransomware-driven events were up to 25.8% (47 out of 182 events), up from 22.8%, whilst 14 events were characterized by the exploitation of vulnerabilities (corresponding to 7.7%), thanks primarily to the massive exploitation of CVE-2021-21974 targeting VMware ESXi servers.

Malvertising events taking advantage of SEO poisoning continued to play an important role with 5 events characterized by this technique.

16-30 September 2023 Cyber Attacks Timeline

The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat actors.

In the fintech space, Webaverse suffered the theft of $4 million worth of assets, while crypto investors continued to be the targets of multiple campaigns.

And the mega breaches continued to characterize the threat landscape: AT&T, Verizon, and USCellular suffered the leak of customer records, threat actors stole a database with 20 million records from PeopleConnect, the Heritage Provider Network suffered a ransomware attack exposing the data of 3.3 million patients, and finally Weee! suffered a breach exposing the information of 1.1 million customers.

The Cyber Espionage space was quite crowded as usual, with Ukraine being the center of multiple campaigns by Russian threat actors such as: UAC-0050, UAC-0114 and UAC-0056 (AKA Nodaria). Other threat actors particularly active include Seaborgium (AKA Cold River and Calisto), APT29, APT34 (AKA OilRig), APT37, the Lazarus Group and Mustang Panda.

But state-sponsored threat actors continued to back their countries with multiple campaigns in the cyber space with inevitable connections with the Ukrainian situation, such as a campaign targeting Ukrainian refugees abroad, and also fake bomb alerts aimed to destabilize Moldova. Other unearthed operations included an attack launched by the Chernovite group against a dozen of U.S. electric and gas facilities, and Spamouflage, a campaign where Chinese state-aligned actors used AI-generated broadcasters to distribute content that promotes the interests of the Chinese Communist Party.

And last but not least, and once again unsurprisingly, the hacktivist front was always hot, fueled by the campaigns of pro-Russian threat actors such as Killnet.

In this fortnight in particular, the list is really too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map February H1 2023

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/02/2023	28/01/2023	28/01/2023	Killnet	Several hospital websites in the Netherlands and Europe	Dutch cyber authorities say that several hospital websites in the Netherlands and Europe were targeted by the pro-Kremlin hacking group Killnet with DDoS attacks because of their countries’ support for Ukraine.	DDoS	Human health and social work	H	NL		Killnet
2	01/02/2023	'Recently'	'Recently'	ShaZhuPan	Individuals on Facebook and Tinder	Researchers at Sophos discover CryptoRom, a campaign where scammers target victims on Facebook or Tinder and convince them to download a fraudulent apps and "invest" large amounts of money into assets purported to be real.	'pig-butchering' scam	Individual	CC	>1		Sophos, Cryptorom, ShaZhuPan, Facebook, Tinder
3	01/02/2023	Since at least September 2022	During September 2022	?	Online gaming and gambling companies	Researchers at Security Joe discover that unknown attackers have been targeting online gaming and gambling companies with what appears to be a previously unseen backdoor that researchers have named IceBreaker.	Malware	Arts entertainment, recreation	CC	N/A		Security Joe, IceBreaker
4	01/02/2023	Since early September 2021	-	HeadCrab	Multiple organizations	Researchers at Aqua Security discover HeadCrab, a new stealthy malware designed to target vulnerable Redis servers, and infecting over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency.	Malware	Multiple Industries	CC	>1		Aqua Security, HeadCrab, Redis, Monero
5	01/02/2023	'Recently'	'Recently'	Multiple threat actors	Multiple organizations	Researchers from Deep Instinct discover multiple campaigns using Microsoft Visual Studio Tools for Office (VSTO) as method to achieve persistence and execute code on a target machine via malicious Office add-ins.	Malware	Multiple Industries	CC	>1		Deep Instinct, Microsoft Visual Studio Tools for Office, VSTO, Office add-ins
6	01/02/2023	01/12/2022	08/12/2022	?	Heritage Provider Network	Multiple medical groups in the Heritage Provider Network in California suffer a ransomware attack, exposing sensitive patient information to cybercriminals.	Malware	Human health and social work	CC	US		Heritage Provider Network, ransomware, Regal Medical Group, Lakeside Medical Organization, A Medical Group, ADOC Acquisition Co ,A Medical Group Inc. & Greater Covina Medical Group
7	01/02/2023	Late 2022	Late 2022	Chinese state-aligned actors	Individuals worldwide	Researchers from Graphika reveal that the details of Spamouflage, a campaign where in a series of videos posted on Twitter, Facebook and YouTube, Chinese state-aligned actors used AI-generated broadcasters to distribute content that promotes the interests of the Chinese Communist Party.	Coordinated Inauthentic Behavior	Individual	CW	>1		Graphika, Spamouflage, Twitter, Facebook, YouTube, China
8	01/02/2023	Since December 2022	During December 2022	Multiple threat actors	Multiple organizations	Researchers from Proofpoint identify multiple campaigns using OneNote documents to deliver malware via email.	Malware	Multiple Industries	CC	>1		Proofpoint, OneNote
9	01/02/2023	Since at least 08/08/2022	-	?	Multiple organizations	Researchers at Check Point identify a campaign carried out via two malicious PyPi packages, Python-drgn and Bloxflip.	Malware	Multiple Industries	CC	>1		Check Point, PyPi, Python-drgn, Bloxflip
10	01/02/2023	Since April 2021	-	Firebrick Ostrich	Multiple organizations	Researchers from Abnormal Security expose Firebrick Ostrich, a group behind 350 BEC campaigns impersonating 151 different organizations using 212 different maliciously registered domains.	Account Takeover	Multiple Industries	CC	>1		Abnormal Security, Firebrick Ostrich
11	01/02/2023	Between 01/12/2022 and 02/12/2022	05/12/2022	?	Arizona Health Advantage	Arizona Health Advantage, also known as Arizona Priority Care (APC) and AZPC Clinics notifies several health plans of a recent data breach that impacted nearly 11,000 individuals in total.	Malware	Human health and social work	CC	US		Arizona Health Advantage, Arizona Priority Care, APC, AZPC Clinics
12	01/02/2023	01/02/2023	01/02/2023	?	Black and White Cabs	Black and White Cabs, a digital ride-booking service, shuts down the company's phone and online booking system after a cyber attack.	Unknown	Transportation and storage	CC	AU		Black and White Cabs
13	01/02/2023	-	01/02/2023	LockBit 3.0	Pharma Gestao	Pharma Gestao is added to the LockBit ransomware leak site.	Malware	Professional, scientific and technical	CC	BR		Pharma Gestao, LockBit, ransomware
14	01/02/2023	-	01/02/2023	Vice Society	Società Italiana Brevetti	Società Italiana Brevetti, an intellectual property consulting firm, is hit with a Vice Society ransomware attack.	Malware	Professional, scientific and technical	CC	IT		Società Italiana Brevetti, Vice Society, ransomware
15	01/02/2023	-	-	?	Coster	Coster, a company producing systems for the automation and energy efficiency in buildings, suffers 16,000 records leaked on Breach Forums.	Unknown	Manufacturing	CC	IT		Coster
16	02/02/2023	Between August and November 2022	During Q4 2022	Lazarus Group	Organizations in medical research, healthcare, chemical engineering, energy, defense, and a leading research university	Researchers at WithSecure reveal the details of "NoPineallple!", a new cyber espionage campaign attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction.	Targeted Attack	Multiple Industries	CE	>1		WithSecure, NoPineapple!, Lazarus group, North Korea
17	02/02/2023	'Recently'	'Recently'	?	Multiple organizations	Researchers from Sentinel One reveal the details of an ongoing Google ads malvertising campaign spreading Malvirt, malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer.	Malvertising	Multiple Industries	CC	>1		Sentinel One, Google ads, malvertising, Malvirt, KoiVM, Formbook
18	02/02/2023	22/11/2022	24/01/2023	?	Xavier University of Louisiana (XULA)	Xavier University of Louisiana (XULA) says it suffered a cyberattack compromising Social Security numbers and other personal information from more than 44,000 students and vendors.	Unknown	Education	CC	US		Xavier University of Louisiana, XULA
19	02/02/2023	-	-	?	Crypto users	Researchers from Recorded Future discover a cybercrime group offering a ready-to-use phishing page, purporting to mint nonfungible tokens (NFTs) but instead deploying a crypto drainer that empties an unsuspecting victim connected virtual currency wallet.	Malware	Fintech	CC	>1		Recorded Future, Crypto Drainer
20	02/02/2023	-	-	?	Users of the Dingo Token	Researchers from Check Point reveal that the originator of the Dingo Token, a cryptocurrency with a purported market capitalization of $11 million, has included a backdoor in the code to charge each transaction a fee of up to 99% of the worth of the token.	Backdoor	Fintech	CC	>1		Check Point, Dingo Token
21	02/02/2023	-	-	?	Individuals in Italy	Researchers from Avanan discover a phishing campaign using the legitimate ClickFunnels service to bypass security services and redirect users to malicious links.	Account Takeover	Individual	CC	IT		Avanan, ClickFunnels
22	02/02/2023	During December 2022	Since at least December 2022	APT34 AKA OilRig	Organizations in Middle East	Researchers at Trend Micro discover a new campaign by the APT34 group targeting organizations in the Middle East with a new backdoor malware named MrPerfectInstaller.	Targeted Attack	Multiple Industries	CE	>1		Trend Micro, APT34, MrPerfectInstaller, OilRig
23	02/02/2023	18/12/2022	28/12/2022	?	Motto Mortgage	Motto Mortgage files notice of a data breach after learning that an unauthorized party was able to access confidential consumer information stored on the company’s computer system.	Unknown	Finance and insurance	CC	US		Motto Mortgage
24	02/02/2023	01/12/2022	01/12/2022	?	Teijin Automotive Technologies	Teijin Automotive Technologies files notice of a data breach after learning that a ransomware attack compromised confidential information belonging to certain employees.	Malware	Manufacturing	CC	US		Teijin Automotive Technologies, ransomware
25	02/02/2023	02/02/2023	02/02/2023	BlackBasta	Acea	Acea, the energy utility of the City of Rome, is hit with a BlackBasta ransomware attack.	Malware	Water supply, waste mgmt, remediation	CC	IT		Acea, BlackBasta, ransomware
26	02/02/2023	Since 26/02/2023	30/01/2023	Trexon	Multiple organizations	Researchers from Fortinet discover a new attack in a PyPI package (Python Package Index) called “web3-essential”.	Malware	Multiple Industries	CC	>1		Fortinet, PyPI, Python Package Index, web3-essential, Trexon
27	02/02/2023	'Over the last few months'	-	?	Multiple organizations	Researchers from Sucuri discover a campaign targeting WordPress sites and concealing the malware into images.	Malware	Multiple Industries	CC	>1		Sucuri, WordPress
28	02/02/2023	Since at least April 2022	During September 2022	Water Dybbuk	Multiple organizations	Researchers from Trend Micro reveal the details of a new phishing campaign targeting large companies around the world which we believe has been running since April 2022.	Account Takeover	Multiple Industries	CC	>1		Trend Micro, Water Dybbuk
29	02/02/2023	Since November 2022	-	Mustang Panda	Multiple organizations	Researchers from EcleticIQ discover a new campaign by the Mustang Panda APT Group, using European Commission-themed lure to deliver the PlugX malware.	Targeted Attack	Multiple Industries	CE	>1		EcleticIQ, Mustang Panda, European Commission, PlugX
30	02/02/2023	During January 2023	During January 2023	Scattered Spider AKA Roasted 0ktapus	Technology sector companies specializing in gaming or financial software	Researchers from Crowdstrike reveal that the Scattered Spider group is still targeting several tech and video game companies.	Account Takeover	Professional, scientific and technical	CC	>1		Crowdstrike, Scattered Spider, Roasted 0ktapus
31	02/02/2023	-	02/02/2023	Royal	Casa Ley	Casa Ley is added to the Royal ransomware leak site.	Malware	Wholesale and retail	CC	MX		Casa Ley, Royal, ransomware
32	02/02/2023	01/02/2023	-	LockBit 3.0	Sistema Integrado de Emergencias y Seguridad- SIES-M	The Sistema Integrado de Emergencias y Seguridad- SIES-M is hit with a LockBit ransomware attack.	Malware	Public admin and defence, social security	CC	CO		Sistema Integrado de Emergencias y Seguridad- SIES-M, LockBit, ransomware
33	02/02/2023	02/02/2023	-	LockBit 3.0	Avante Textil	The textile distributor “Avante Textil” is added to the LockBit3.0 ransomware leak page.	Malware	Wholesale and retail	CC	MX		Avante Textil, LockBit3.0, ransomware
34	03/02/2023	02/02/2023	02/02/2023	?	Tallahassee Memorial HealthCare (TMH)	Tallahassee Memorial HealthCare (TMH) takes its IT systems offline and suspends non-emergency procedures following a suspected ransomware attack.	Malware	Human health and social work	CC	US		Tallahassee Memorial HealthCare, TMH, ransomware
35	03/02/2023	03/02/2023	03/02/2023	ESXiArgs	Vulnerable ESXi servers	Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers are actively targeting VMware ESXi servers unpatched against CVE-2021-21974, a two-year-old remote code execution vulnerability to deploy a new ESXiArgs ransomware.	CVE-2021-21974 Vulnerability	Multiple Industries	CC	>1		French Computer Emergency Response Team, CERT-FR, VMware ESXi, CVE-2021-21974, ESXiArgs, ransomware
36	03/02/2023	-	21/02/2023	?	PeopleConnect	PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirm they suffered a data breach after hackers leaked a 2019 backup database containing the info of 20 millions of customers.	Inadvertent leak	Professional, scientific and technical	CC	US		PeopleConnect, TruthFinder, Instant Checkmate
37	03/02/2023			Dutch Police	Exclu	The Dutch police announces that they dismantled the Exclu encrypted communications platform after hacking into the service to monitor the activities of criminal organizations.	Unknown	Other service activities	N/A	N/A		Exclu
38	03/02/2023	-	03/02/2023	Medusa	Multiple organizations	Researchers from Cyble discover a new version of the Medusa DDoS (distributed denial of service) botnet, based on Mirai code, featuring a ransomware module and a Telnet brute-forcer.	Malware	Multiple Industries	CC	>1		Cyble, Medusa, Mirai
39	03/02/2023	03/02/2023	03/02/2023	?	University of Zurich	The University of Zurich, Switzerland’s largest university, announces it was the target of a “serious cyberattack.”	Unknown	Education	CC	CH		University of Zurich
40	03/02/2023	03/02/2023	03/02/2023	Neptunium AKA Emennet Pasargad	Charlie Hebdo	Microsoft’s Digital Threat Analysis Center says the Neptunium hacking group within the Iranian government is behind a cyber operation that targeted French satirical magazine Charlie Hebdo.	Unknown	Arts entertainment, recreation	H	FR		Microsoft, Digital Threat Analysis Center, Neptunium, Emennet Pasargad, Charlie Hebdo
41	03/02/2023	03/02/2023	03/02/2023	?	Berkeley County Schools	Berkeley County Schools says it is experiencing an internet and phone outage for issues related to a cyberattack.	Unknown	Education	CC	US		Berkeley County Schools
42	03/02/2023	01/12/2022	01/12/2022	?	Intrado	The FBI reveals that a cyber attack to Intrado, the company that provides telecommunications services for the 988 Lifeline helpline, caused an outage of the helpline.	Unknown	Information and communication	CC	US		FBI, Intrado, 988 Lifeline
43	03/02/2023	Between the end of 2022 and the beginning of 2023	-	PixPirate	Financial institutions in Brazil	Researchers at Cleafy discover a new Android banking Trojan dubbed "PixPirate" targeting financial institutions in Brazil.	Malware	Finance and insurance	CC	BR		Cleafy, Android, PixPirate
44	03/02/2023	-	05/12/2022	?	Cardiovascular Associates (CVA)	Cardiovascular Associates (CVA) files a notice of data breach after the company learned that certain systems within its network were subject to unauthorized access.	Unknown	Human health and social work	CC	US		Cardiovascular Associates, CVA
45	03/02/2023	-	06/12/2022	?	Southeast Colorado Hospital District (SECHD)	Southeast Colorado Hospital District (SECHD) files notice of a data breach after learning that an employee’s email account containing confidential patient information became compromised.	Account Takeover	Human health and social work	CC	US		Southeast Colorado Hospital District, SECHD
46	03/02/2023	14/11/2022	-	?	Rise Interactive Media & Analytics	Rise Interactive Media & Analytics files notice of a data breach after learning that an unauthorized party was able to access confidential consumer information stored on the company’s computer network.	Unknown	Professional, scientific and technical	CC	US		Rise Interactive Media & Analytics
47	03/02/2023	Since July 2022	-	?	Android mobile users in Taiwan, Thailand, and Indonesia	Researchers from Trend Micro reveal the details of TgToxic, a campaign targeting Android mobile users in Taiwan, Thailand, and Indonesia.	Malware	Individual	CC	ID TH TW		Trend Micro, TgToxic, Android
48	03/02/2023	10/01/2023	-	?	LG Uplus	LG Uplus reveals that a breach in January affected a total of 290,000 users, about 110,000 more than initially suspected.	Unknown	Information and communication	CC	KR		LG Uplus
49	03/02/2023	-	17/01/2023 and 18/01/2023	?	Nonstop Health	Nonstop Health has its source code and some data leaked in a hacking forum.	Unknown	Finance and insurance	CC	US		Nonstop Health
50	03/02/2023	-	28/12/2022	Vice Society	Seguros Equinoccial	Data from Seguros Equinoccial appear in the Vice Society ransomware leak site.	Malware	Finance and insurance	CC	EC		Seguros Equinoccial, Vice Society, ransomware
51	03/02/2023	-	-	LockBit 3.0	Luaces Asesores	The LockBit ransomware gang claims to have attacked Luaces Asesores.	Malware	Professional, scientific and technical	CC	ES		LockBit, ransomware, Luaces Asesores
52	03/02/2023	-	-	8 individuals	Mobile banking users	Eight people are arrested for withdrawing hundreds of thousands of rupees by hacking bank accounts using an app called ‘Nepali Keti’.	Malware	Finance and insurance	CC	NP		Nepali Keti
53	03/02/2023	During 2022	During 2022	Djvu	Organizations in India	The Indian Computer Emergency Response Team highlights the Djvu ransomware as the most common threat for Indian organizations.	Malware	Multiple Industries	CC	IN		Indian Computer Emergency Response Team, Djvu, ransomware
54	04/02/2023	Over the last six months	Over the last six months	?	Multiple organizations	Researchers from Zscaler reveal that over the past six months, the operators behind the AveMaria infostealer have been making significant additions to the execution stages to infect more users.	Malware	Multiple Industries	CC	>1		AveMaria, Zscaler
55	04/02/2023	-	03/02/2023	LockBit 3.0	Jackson & Joyce Family Dentistry	Jackson & Joyce Family Dentistry is added to the LockBit ransomware leak site.	Malware	Human health and social work	CC	US		Jackson & Joyce Family Dentistry, LockBit, ransomware
56	04/02/2023	-	04/02/2023	LockBit 3.0	Tonoli	Tonoli, an Italian transportation company, is hit by a LockBit ransomware attack.	Malware	Transportation and storage	CC	IT		Tonoli, LockBit, ransomware
57	05/02/2023	-	-	Royal	Multiple organizations	Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines.	Malware	Multiple Industries	CC	>1		Royal, ransomware, Linux, VMware ESXi
58	05/02/2023	07/12/2022	07/12/2022	?	UT Specialty Dental Services (AKA Aspire Surgical)	UT Specialty Dental Services (AKA Aspire Surgical) announces that it is notifying individuals whose information was involved in a recent cybersecurity incident.	Unknown	Human health and social work	CC	US		UT Specialty Dental Services, Aspire Surgical
59	05/02/2023	05/02/2023	05/02/2023	?	Nathaniel Fick Twitter account	US top cybersecurity diplomat and the head of the US State Department’s Bureau for Cyberspace and Digital Policy, Nathaniel Fick, has his Twitter account hacked.	Account Takeover	Individual	CC	US		US State Department’s Bureau for Cyberspace and Digital Policy, Nathaniel Fick, Twitter
60	05/02/2023	-	-	Avos Locker	Thomas J. Schandy	Thomas J. Schandy is listed on the leak site of the AvosLocker ransomware gang, which claims to have stolen 100 GB of information.	Malware	Finance and insurance	CC	UY		Thomas J. Schandy, AvosLocker, ransomware
61	06/02/2023	'Recently'	'Recently'	UAC-0050	Ukrainian government agencies	The Ukraine’s computer emergency response team (CERT-UA) reveals that in a recent phishing campaign against Ukrainian government agencies, attackers attempted to install the Remcos surveillance software on victims’ computers.	Targeted Attack	Public admin and defence, social security	CE	UA		UAC-0050, Ukraine, CERT-UA, Remcos
62	06/02/2023	Since 02/02/2023	02/02/2023	BlackBasta	At least a dozen organizations in Italy	The Italian cybersecurity agency reveals that at least a dozen hacks against vulnerable VMware ESXi servers in the country are likely tied to the BlackBasta ransomware group.	Malware	Multiple Industries	CC	IT		BlackBasta, VMware
63	06/02/2023	'Recently'	'Recently'	?	Multiple organizations	Researchers at Ahnlab discover a new campaign exploiting Sunlogin (a remote-control software) CNVD-2022-10270 and CNVD-2022-03672 vulnerabilities to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software.	CNVD-2022-10270 and CNVD-2022-03672 vulnerabilities	Multiple Industries	CC	>1		Ahnlab, Sunlogin, CNVD-2022-1027, CNVD-2022-03672, Sliver, Windows, Bring Your Own Vulnerable Driver, BYOVD
64	06/02/2023	Since at least 03/02/2022	06/02/2023	Multiple threat actors	Multiple organizations	A zero-day vulnerability affecting Internet-exposed GoAnywhere MFT administrator consoles is exploited in the wild.	CVE-2023-0669 Vulnerability	Multiple Industries	CC	>1		GoAnywhere MFT, CVE-2023-0669
65	06/02/2023	Since at least 31/01/2023	31/01/2023	QBot	Multiple organizations	Researchers from Sophos discover a new QBot malware campaign dubbed "QakNote", using malicious Microsoft OneNote' .one' attachments to infect systems with the banking trojan.	Malware	Finance and insurance	CC	>1		Sophos, QBot, QakNote, Microsoft OneNote
66	06/02/2023	06/02/2023	06/02/2023	?	Vesuvius Plc	Engineering company Vesuvius Plc, which produces ceramics used by steelmakers, reports that it is “currently managing a cyber incident.”	Unknown	Manufacturing	CC	UK		Vesuvius Plc
67	06/02/2023	06/02/2023	06/02/2023	ALPHV AKA BlackCat	Munster Technological University (MTU)	Munster Technological University (MTU) in Ireland announces that its campuses in Cork would be closed following a “significant IT breach and telephone outage.” The ALPHV ransomware gang claims responsibility for the attack.	Malware	Education	CC	IE		Munster Technological University, MTU, ransomware, ALPHV, BlackCat
68	06/02/2023	12/01/2023	12/01/2023	?	Sharp HealthCare	Sharp HealthCare, San Diego’s largest health provider, announces that it has begun notifying 62,777 of its patients that some of their personal information was compromised during a hacking attack on the computers that run its website, sharp.com.	Unknown	Human health and social work	CC	US		Sharp HealthCare
69	06/02/2023	-	-	IntelBroker	Undisclosed third-party vendor	U.S. wireless telecom UScellular says a data breach at a third-party vendor resulted in a leak of 52,000 names and email addresses.	Unknown	Professional, scientific and technical	CC	US		UScellular, IntelBroker
70	06/02/2023	Between 13/12/2022 and 15/12/2022	15/12/2022	?	Highmark Health	Highmark Health files a notice of data breach after learning that an employee’s email account had been compromised following a phishing attack.	Account Takeover	Human health and social work	CC	US		Highmark Health
71	06/02/2023	03/02/2023	03/02/2023	?	MKS Instruments	MKS Instruments says it is investigating a ransomware attack that affected the semiconductor equipment maker's production-related systems.	Malware	Manufacturing	CC	US		MKS Instruments, ransomware
72	06/02/2023	-	-	?	Multiple organizations	The Hong Kong police and Interpol take down the local operation of an international phishing syndicate that used 563 bogus mobile applications to spy on phones globally and steal information.	Account Takeover	Multiple Industries	CC	HK		Hong Kong, Interpol
73	06/02/2023	04/02/2023	04/02/2023	?	Hidalgo County Adult Probation Office	The Hidalgo County Adult Probation Office is hit with a ransomware attack.	Malware	Public admin and defence, social security	CC	US		Hidalgo County Adult Probation Office
74	06/02/2023	03/02/2023	03/02/2023	?	Tehama County	Tehama County officials issued a warning after some employees fall victim of an attempted phishing attack.	Account Takeover	Public admin and defence, social security	CC	US		Tehama County
75	06/02/2023	-	08/12/2022	?	Vitra Health	Vitra Health notifies 1,618 patients that some of their protected health information has been exposed and potentially stolen after an employee email account had been accessed by an unauthorized individual.	Account Takeover	Human health and social work	CC	US		Vitra Health
76	07/02/2023	Since at least July 2022	During July 2022	Russia?	Moldova	Moldovan Prime Minister Natalia Gavrilița accuses Russia of trying to destabilize the country by sponsoring protests and carrying out cyberattacks via fake emails warning of bomb threats at more than 50 facilities across the country.	Malicious Spam	Individual	CW	MD		Moldova, Natalia Gavrilița, Russia
77	07/02/2023	Since at least July 2022	-	?	Tor Network	Tor Project's Executive Director Isabela Dias Fernandes reveals that a wave of distributed denial-of-service (DDoS) attacks has been targeting the Tor network since at least July 2022.	DDoS	Information and communication	CC	N/A		Tor, Isabela Dias Fernandes, Tor
78	07/02/2023	During the last previous days	During the last previous days	?	I2P (Invisible Internet Project)	Also the I2P network is hit by a wave of DDoS attacks.	DDoS	Information and communication	CC	N/A		I2P, Invisible Internet Project
79	07/02/2023	23/01/2023	23/01/2023	Play	A10 Networks	The California-based networking hardware manufacturer A10 Networks confirms that the Play ransomware gang briefly gained access to its IT infrastructure and compromised data.	Malware	Professional, scientific and technical	CC	US		A10 Networks, Play, Ransomware
80	07/02/2023	Since at least 26/12/2022	26/12/2022	Clop (AKA Cl0p)	Multiple organizations	Researchers from Sentinel One discover the first Clop ransomware variant targeting Linux systems (with a flawed encryptor).	Malware	Multiple Industries	CC	>1		Sentinel One, Clop, Cl0p, ransomware, Linux
81	07/02/2023	-	-	?	Dorben Group	Dorben Group, a luxury brands retailer in Latin America, allegedly suffers a data breach as information belonging to 790,000 customers ended up on a hacker forum.	Unknown	Wholesale and retail	CC	PA		Dorben Group
82	07/02/2023	During 2022	During 2022	?	Webaverse	The co-founder of Web3 metaverse game engine “Webaverse” reveals they were victims of a $4 million crypto hack after meeting with scammers posing as investors in a hotel lobby in Rome.	Unknown	Fintech	CC	N/A		Webaverse
83	07/02/2023	05/02/2023	05/02/2023	?	Ross Memorial Hospital	A suspected ransomware attack hits Ross Memorial Hospital disabling some important diagnostic systems and access to medical files.	Malware	Human health and social work	CC	CA		Ross Memorial Hospital, ransomware
84	07/02/2023	-	07/02/2023	LockBit 3.0	Cantina Tollo	Cantina Tollo, an Italian winery, is hit with a LockBit ransomware attack.	Malware	Accommodation and food service	CC	IT		Cantina Tollo, ransomware, LockBit
85	08/02/2023	Early February 2023	Early February 2023	UAC-0114 aka Winter Vivern	Ukrainian and Polish government computer systems	Attackers attempt to infect Ukrainian and Polish government computer systems with malware hosted on fake websites posing as Ukraine’s Ministry of Foreign Affairs and Poland’s Central Cybercrime Bureau. One of the distributed malware samples is Aperetif.	Targeted Attack	Public admin and defence, social security	CE	PL UA		Ukraine, Poland, Ukraine’s Ministry of Foreign Affairs, Poland’s Central Cybercrime Bureau, Aperetif, UAC-0114, Winter Vivern
86	08/02/2023	Since at least October 2022 through mid-January 2023.	-	Nodaria (AKA UAC-0056 and TA471)	Organizations in Ukraine	Researchers from Symantec/Broadcom reveal that the Russian hacking group known as 'Nodaria' (UAC-0056) is using a new information-stealing malware called 'Graphiron' to steal data from Ukrainian organizations.	Targeted Attack	Multiple Industries	CE	UA		Symantec/Broadcom, Russia, Ukraine, Nodaria, Nodaria, UAC-0056, Graphiron, TA471
87	08/02/2023	During May 2022	08/02/2023	Lorenz	AmerisourceBergen	Pharmaceutical distributor AmerisourceBergen confirms that attackers compromised the IT system of one of its subsidiaries after threat actors from the Lorenz ransomware group began leaking allegedly stolen data.	Malware	Human health and social work	CC	US		AmerisourceBergen, Lorenz, ransomware
88	08/02/2023		-	-	Dota 2 players	Researchers from Avast discover four malicious Dota 2 game modes used by a threat actor to backdoor the players' systems.	CVE-2021-38003 Vulnerability	Arts entertainment, recreation	CC	>1		CVE-2021-38003, Dota 2, Avast
89	08/02/2023	During February 2023	06/02/2023	IntelBroker	Weee!	The Weee! Asian and Hispanic food delivery service suffers a data breach exposing the personal information of 1.1 million customers.	Unknown	Accommodation and food service	CC	US		Weee!
90	08/02/2023	Since at least 08/02/2023	08/02/2023	ESXiArgs	Vulnerable ESXi servers	A new ESXiArgs ransomware variant is encrypting more extensive amounts of data, making it much harder, if not impossible, to recover encrypted VMware ESXi virtual machines.	CVE-2021-21974 Vulnerability	Multiple Industries	CC	>1		VMware ESXi, CVE-2021-21974, ESXiArgs, ransomware
91	08/02/2023	Since October 2022	During October 2022	TA866	Organizations in the United States and Germany	Researchers from Proofpoint discover a new threat actor tracked as TA866 targeting organizations in the United States and Germany with new custom malware to perform surveillance and data theft on infected systems.	Malware	Multiple Industries	CC	DE US		Proofpoint, TA866
92	08/02/2023	08/02/2023	08/02/2023	?	Indigo Books & Music	Indigo Books & Music, the largest bookstore chain in Canada, is struck by a cyberattack, causing the company to make the website unavailable to customers and to only accept cash payments.	Unknown	Wholesale and retail	CC	CA		Indigo Books & Music
93	08/02/2023	Between 27/01/2023 and 29/01/2023	-	Core1337	Multiple organizations	Researchers at Fortinet discover five malicious packages on the Python Package Index (PyPI) containing the W4SP Stealer, stealing passwords, Discord authentication cookies, and cryptocurrency wallets from unsuspecting developers.	Malware	Multiple Industries	CC	>1		Fortinet, Python Package Index, PyPI, W4SP Stealer, Core1337
94	08/02/2023	-	-	APT29 AKA Nobelium, The Dukes, Cozy Bear, CozyDuke	Undisclosed organization	Researchers from Microsoft reveal the details of a sophisticated authentication bypass for Active Directory Federated Services (AD FS), named MagicWeb, pioneered by the Russia-linked Nobelium group.	Targeted Attack	Unknown	CE	N/A		Microsoft, APT29, Nobelium, The Dukes, Cozy Bear, CozyDuke, MagicWeb
95	08/02/2023	-	13/01/2023	Seaborgium AKA Cold River and Calisto	Stewart McDonald's Email	Stewart McDonald from the Scottish National Party (SNP), a British Member of Parliament (MP) reveals his personal email account was hacked by suspected Russian threat actors.	Account Takeover	Individual	CE	UK		Stewart McDonald, Scottish National Party, SNP, Russia, Seaborgium, Cold River, Calisto
96	08/02/2023	Between 18/02/2022 and 08/12/2022	-	?	Care Dimensions	Care Dimensions, a provider of hospice, palliative, and home primary care services, reports a data breach that has affected up to 1,713 patients, when the donation page of its website had been altered, and malicious code was added to capture the payment card details of donors.	Malicious Script injection	Human health and social work	CC	US		Care Dimensions
97	08/02/2023	Since at least 27/01/2023	28/01/2023	Magniber	Multiple organizations in South Korea	Researchers from Ahnlab discover a new campaign distributing the Magniber ransomware in South Korea.	Malware	Multiple Industries	CC	KR		Ahnlab, Magniber, ransomware
98	08/02/2023	'Recently'	'Recently'	?	Organizations in South Korea	Researchers from Ahnlab discover campaign distributing the Quasar RAT through the private Home Trading System (HTS).	Malware	Multiple Industries	CC	KR		Ahnlab, Quasar RAT, Home Trading System
99	08/02/2023	Early February 2023	Early February 2023	?	Multiple organizations	Researchers from Sonatype discover four different rogue packages in the Python Package Index (PyPI) able to to carry out a number of malicious actions, including dropping malware, deleting the netstat utility, and manipulating the SSH authorized_keys file.	Malware	Multiple Industries	CC	>1		Sonatype, Python Package Index, PyPI, aptx, bingchilling2, httops, tkint3rs
100	08/02/2023	Since 2020	During 2022	Earth Zhulong	Multiple organizations in Vietnam	Researchers from Trend Micro reveal the details about an APT group, named Earth Zhulong, targeting Vietnamese organizations. Active since 2020, the group is believed to be linked to the China-based hacking group 1937CN.	Targeted Attack	Multiple Industries	CE	VN		Trend Micro, Earth Zhulong, China, 1937CN
101	08/02/2023	-	-	Multiple threat actors	Individuals	Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria: stealing donations by abusing legitimate platforms like PayPal and Twitter.	Account Takeover	Individual	CC	>1		Turkey, Syria, PayPal, Twitter
102	08/02/2023	-	-	?	90 Degree Benefits	90 Degree Benefits reports a data breach that involved the protected health information of 175,000 individuals.	Unknown	Human health and social work	CC	US		90 Degree Benefits
103	09/02/2023	30/01/2023 and 31/01/2023	30/01/2023	?	Multiple organizations	Researchers from Sentinel One discover a new phishing campaign targeting Amazon Web Services (AWS) logins and abusing Google ads to inject phishing sites into Google Search.	Malvertising	Multiple Industries	CC	>1		Sentinel One, Amazon Web Services, AWS, Google ads, Google Search
104	09/02/2023	'Recently'	'Recently'	Russian threat actors	Eastern Europeans working in the cryptocurrency industry	Researchers from Trend Micro discover a campaign operated by Russian threat actors using fake job offers to target Eastern Europeans working in the cryptocurrency industry, aiming to infect them with a modified version of the Stealerium malware named 'Enigma.'	Malware	Fintech	CC	>1		Trend Micro, Stealerium, Enigma
105	09/02/2023	05/02/2023	05/02/2023	?	Reddit	Reddit suffers a a phishing attack, allowing hackers to access internal business systems and steal internal documents and source code.	Account Takeover	Professional, scientific and technical	CC	US		Reddit
106	09/02/2023	-	-	North Korean ransomware operators	Public health and other critical infrastructure sectors in the U.S.	A new cybersecurity advisory from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) describes recently observed tactics, techniques, and procedures (TTPs) observed with North Korean ransomware operations against public health and other critical infrastructure sectors.	Malware	Human health and social work	CC	US		U.S. Cybersecurity & Infrastructure Security Agency, CISA, ransomware, North Korea, NSA, FBI, U.S. HHS, Republic of Korea National Intelligence Service and Defense Security Agency
107	09/02/2023	08/02/2023	08/02/2023	?	City of Oakland	The City of Oakland is hit by a ransomware attack that forces it to take all systems offline until the network is secured and affected services are brought back online.	Malware	Public admin and defence, social security	CC	US		City of Oakland, ransomware
108	09/02/2023	-	-	?	Multiple organizations	Researchers from ReversingLabs discover aabquerys, a malicious npm package that downloads second and third stage malware payloads and uses the new Havoc C2 framework.	Malware	Multiple Industries	CC	>1		ReversingLabs, aabquerys, npm, Havoc
109	09/02/2023	Since June 2022	-	NewsPenguin	Organizations in Pakistan	Researchers at BlackBerry reveal the details of NewsPenguin, a previously unknown threat actor targeting organizations in Pakistan using a complex payload delivery mechanism, and abusing the upcoming Pakistan International Maritime Expo & Conference (PIMEC-2023) as a lure to trick their victims.	Targeted Attack	Public admin and defence, social security	CE	PK		BlackBerry, NewsPenguin, Pakistan, Pakistan International Maritime Expo & Conference, PIMEC-2023
110	09/02/2023	-	-	?	Ukrainian refugees abroad	Ukrainian refugees abroad are the target of a new campaign aimed at stealing their personal data via fake letters circulating on social media asking hosts of Ukrainian refugees to share personal information about their guests. The letters are allegedly signed by the British, Polish or Lithuanian governments with official logos and government headings.	Account Takeover	Individual	CE	UA		Ukraine, Great Britain, Lithuania, Poland
111	09/02/2023	Mid January 2023	Mid January 2023	?	Individuals	Researchers from Avanan discover a phishing campaign where hackers redirect users via Geotargetly, a geo-targeting platform, and provide them with customized, localized phishing pages.	Account Takeover	Individual	CC	>1		Avanan, Geotargetly, geo-targeting
112	09/02/2023	20/12/2022	20/12/2022	Vice Society	Mount Saint Mary College	Mount Saint Mary College – a liberal arts college in New York – confirms it experienced a ransomware attack in December after the Vice Society group publicly shares details about the incident.	Malware	Education	CC	US		Mount Saint Mary College, ransomware, Vice Society
113	09/02/2023	Since November 2022	During January 2023	?	Multiple organizations	Researchers from Sucuri discover a new cluster of activity from an active campaign compromising nearly 11,000 websites (2600+ in 2023 alone) with a backdoor that redirects visitors to sites that rack up fraudulent views of ads provided by Google Adsense.	Malvertising	Multiple Industries	CC	>1		Sucuri, Google Adsense
114	09/02/2023	-	-	LockBit 3.0	Arc of Essex County	The Arc of Essex County, an organization for children with intellectual and developmental disabilities (IDD), appears on LockBit ransomware leak site.	Malware	Human health and social work	CC	US		Arc of Essex County, LockBit, Ransomware
115	09/02/2023	09/02/2023	09/02/2023	?	City of Modesto	The city of Modesto is hit by a ransomware attack.	Malware	Public admin and defence, social security	CC	US		City of Modesto, ransomware
116	09/02/2023	'Recently'	'Recently'	Russian threat actors	Eastern Europeans in the cryptocurrency industry	Researchers from Trend Micro discover an active campaign that uses a fake employment pretext targeting Eastern Europeans in the cryptocurrency industry to install the Enigma information stealer.	Malware	Fintech	CC	>1		Trend Micro, Enigma, Russia
117	09/02/2023	-	During December 2021	?	Institute of Bankers	A data leak affects more than 13,000 members and about 100,000 non-members of the Institute of Bankers following a ransomware incident.	Malware	Finance and insurance	CC	HK		Institute of Bankers, ransomware
118	09/02/2023	-	30/01/2023	?	Tesorería General de la República (TGR)	Access to Tesorería General de la República, the General Treasury of the Republic of Chile (TGR) may be up for sale on a popular hacking forum.	Unknown	Public admin and defence, social security	H	CL		Tesorería General de la República, TGR
119	09/02/2023	-	18/01/2023	LeakBase	Penang government	Over 600,000 “rows of private data” from the Penang government’s official website are allegedly stolen and uploaded onto the internet.	Unknown	Public admin and defence, social security	CC	MY		Penang government, Leakbase
120	09/02/2023	09/02/2023	09/02/2023	?	Troutman Pepper	A cyber attack takes down the network of the law firm Troutman Pepper.	Unknown	Professional, scientific and technical	CC	US		Troutman Pepper
121	10/02/2023	Since at least 06/02/2023	-	TA505 (Clop ransomware gang)	Over 130 organizations worldwide	The Clop ransomware gang claims to be behind recent attacks that exploited the CVE-2023-0669 zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organizations.	CVE-2023-0669 Vulnerability	Multiple Industries	CC	>1		Clop, Cl0p, ransomware, CVE-2023-0669, GoAnywhere, TA505
122	10/02/2023	Since November 2022	09/02/2023	?	Crypto users	Researchers from Phylum discover more than 450 malicious PyPI python packages installing malicious browser extensions to hijack cryptocurrency transactions made through browser-based crypto wallets and websites.	Malware	Fintech	CC	>1		Phylum, PyPI, python
123	10/02/2023	10/02/2023	10/02/2023	?	Philadelphia Orchestra and the Kimmel Center	The websites for the Philadelphia Orchestra and its home venue, the Kimmel Center, are down days after they posted a notice saying they were dealing with a cyberattack.	Unknown	Arts entertainment, recreation	CC	US		Philadelphia Orchestra, Kimmel Center
124	10/02/2023	-	-	Russian threat actors	ChatGPT	Researchers from Check Point reveal that Russian threat actors are trying to break through the geo-regional restrictions put in place around ChatGPT.	Unknown	Professional, scientific and technical	CC	US		Check Point, Russia, ChatGPT
125	10/02/2023	During January 2023	During January 2023	?	Multiple organizations	Researchers from Sonatype discover 691 malicious npm packages and 49 malicious PyPI components containing crypto-miners, remote access Trojans (RATs) and more.	Malware	Multiple Industries	CC	>1		Sonatype, PyPI, npm
126	10/02/2023	-	15/12/2022	?	Reventics	Reventics files notice of a data breach after discovering that a hacker accessed and stole confidential consumer information from the company’s computer network.	Unknown	Professional, scientific and technical	CC	US		Reventics
127	10/02/2023	-	30/08/2022	?	Meriplex Communications	Meriplex Communications files notice of a data breach after discovering that confidential consumer data stored on the company’s computer network was subject to unauthorized access.	Unknown	Professional, scientific and technical	CC	US		Meriplex Communications
128	10/02/2023	12/12/2022	12/12/2022	?	Wentworth Health Partners Garrison Women’s Health (GWH)	Wentworth Health Partners Garrison Women’s Health (GWH) informs patients that a third-party data breach impacted its IT infrastructure, making some patient information inaccessible and unrecoverable.	Unknown	Human health and social work	CC	US		Wentworth Health Partners Garrison Women’s Health, GWH
129	10/02/2023	Between 10/11/2022 and 15/11/2022	14/11/2022	?	Intelligent Business Solutions (IBS)	Intelligent Business Solutions (IBS) starts sending notifications to cardio-thoracic patients of Riverside Health System to inform them that some of their personal and protected health information has potentially been accessed or stolen after a malware attack.	Malware	Professional, scientific and technical	CC	US		Intelligent Business Solutions, IBS
130	10/02/2023	-	05/01/2023	Clop (AKA Cl0p)	CGM LLC	CGM LLC, a U.S. SaaS provider is hit by the Clop ransomware gang.	Malware	Professional, scientific and technical	CC	US		CGM LLC, Clop, Cl0p, ransomware
131	10/02/2023	-	06/01/2023	IntelBroker	AT&T	A threat actor named IntelBroker claims to have found a third-party vendor’s unsecured cloud storage containing 37 million AT&T client records. The threat actor shares a sample of 5 million records.	Misconfiguration	Information and communication	CC	US		IntelBroker, AT&T
132	10/02/2023	-	27/01/2023	IntelBroker	Verizon	IntelBroker leaks a database, allegedly from Verizon, for free, containing 7.5 million clients’ records, only first names, device types (Apple or Android), and service plans. Verizon verified that the data leak was legitimate and originated from a vendor which creates videos to assist clients.	Unknown	Information and communication	CC	US		IntelBroker, Verizon
133	10/02/2023	-	-	?	Individuals in California	Multiple individuals in California report that scammers drained their inflation relief debit cards before they could use the money.	Account Takeover	Individual	CC	US		Inflation relief
134	10/02/2023	Since March 2022	-	Dark Caracal	Organizations in Central and Latin America.	The Dark Caracal APT group resurfaces with a new campaign that focuses on infecting computers in Central and Latin America with a new version of the Bandook spyware.	Targeted Attack	Multiple Industries	CE	>1		Dark Caracal
135	10/02/2023	Between 10/12/2022 and 12/12/2022	-	?	Bridgewater-Raritan Regional School District	The Bridgewater-Raritan Regional School District suffers a breach	Unknown	Education	CC	US		Bridgewater-Raritan Regional School District
136	10/02/2023	Between 16/01/2022 and 31/01/2022	-	?	Edmonds School District	The Edmonds School District reveals that an “unauthorized actor” was able to get into the school’s network and view personal information.	Unknown	Education	CC	US		Edmonds School District
137	10/02/2023	10/02/2023	10/02/2023	?	Taxpayers in Italy	While the website of the Italian revenue service (Agenzia delle Entrate) is down, multiple phishing campaigns with spoofed sites hit the Italian taxpayers.	Account Takeover	Individual	CC	IT		Italian Revenue Service, Agenzia delle Entrate
138	10/02/2023	'Recently'	'Recently'	?	Evergreen Treatment Services (ETS)	Evergreen Treatment Services (ETS) files notice of a data breach after learning that a recent cyberattack resulted in confidential patient information being leaked.	Unknown	Human health and social work	CC	US
139	11/02/2023	Since December 2021	-	Nine Madrid-based individuals	Individuals and North American companies	Spain's National Police and the U.S. Secret Service dismantle a Madrid-based international cybercrime ring comprised of nine members who stole over €5,000,000 from individuals and North American companies.	Account Takeover	Multiple Industries	CC	US		Spain's National Police, U.S. Secret Service, Madrid
140	11/02/2023	11/02/2023	11/02/2023	Ali’s Justice (Edalat-e Ali)	Iranian state-run TV and radio station	The Ali’s Justice (Edalat-e Ali) hacker group claims responsibility for hacking the live transmission of an Iranian state-run TV and radio station to disrupt the speech of Iranian president Ebrahim Raisi during the Revolution Day ceremonies.	Unknown	Information and communication	H	IR		Ali’s Justice, Edalat-e Ali, Iranian state-run TV and radio, Iran, Ebrahim Raisi, Revolution Day
141	11/02/2023	-	-	Multiple threat actors	Multiple organizations in the U.S.	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds actively exploited flaws in Fortra MFT, Intel driver, and TerraMaster NAS to its Known Exploited Vulnerabilities Catalog.	CVE-2023-0669, CVE-2015-2291, and CVE-2022-24990 Vulnerabilities	Multiple Industries	N/A	US		U.S. Cybersecurity and Infrastructure Security Agency, CISA, Fortra, MFT Anywhere, Intel driver, TerraMaster NAS, CVE-2023-0669, CVE-2015-2291, and CVE-2022-24990
142	11/02/2023	-	11/02/2023	Play	Microgame	Microgame, an Italian network of gambling companies, is hit with a Play ransomware attack. 5gb of data is leaked.	Malware	Arts entertainment, recreation	CC	IT		Microgame, Play, ransomware
143	11/02/2023	11/02/2023	11/02/2023	?	Taxpayers in Italy	A new campaign spoofing the Italian Revenue Service (Agenzia delle Entrate) and distributing the Ursnif malware, hits the Italian taxpayers.	Malware	Individual	CC	IT		Italian Revenue Service, Agenzia delle Entrate, Ursnif
144	12/02/2023	12/02/2023	12/02/2023	Killnet	NATO's Special Operations Headquarters and Strategic Airlift Capability	The Pro-Russia Killnet collective claims responsibility for a DDoS attack against NATO's Special Operations Headquarters and Strategic Airlift Capability.	DDoS	Extraterritorial orgs and bodies	H	N/A		Killnet, Russia, NATO's Special Operations Headquarters and Strategic Airlift Capability
145	12/02/2023	Since 25/11/2022	12/02/2023	?	Namecheap	Domain registrar Namecheap has their email account breached, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients' personal information and cryptocurrency wallets.	Unknown	Information and communication	CC	US		Namecheap, MetaMask, DHL
146	12/02/2023	12/02/2023	12/02/2023	DarkBit	Technion - Israel Institute of Technology	A new ransomware group going by the name 'DarkBit' has hit Technion - Israel Institute of Technology, one of Israel's leading research universities.	Malware	Education	CC	IL		Ransomware, DarkBit, Technion, Israel Institute of Technology
147	12/02/2023	04/02/2023	12/02/2023	Daixin Team	B&G Foods	B&G Foods is hit by a Daixin Team ransomware attack.	Malware	Accommodation and food service	CC	US		B&G Foods, Daixin Team, ransomware
148	13/02/2023	23/12/2022	18/12/2022	?	Pepsi Bottling Ventures	Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems.	Unknown	Accommodation and food service	CC	US		Pepsi Bottling Ventures
149	13/02/2023	-	-	Multiple threat actors	Multiple organizations	Apple releases emergency security updates to address CVE-2023-23529, a new zero-day vulnerability used in attacks against iPhones, iPads, and Macs.	CVE-2023-23529 Vulnerability	Unknown	N/A	N/A		Apple, CVE-2023-23529, iPhones, iPads, Macs
150	13/02/2023	12/02/2023	12/02/2023	?	Multiple organizations	Cloudflare detects and mitigates dozens of hyper-volumetric DDoS attacks, the majority of which peaking in the range of 50-70 million requests per second (rps) with the largest exceeding 71 million rps.	DDoS	Unknown	CC	N/A		Cloudflare
151	13/02/2023	-	Early February 2023	Beep	Multiple organizations	Researchers from Minerva Labs discover 'Beep', a new stealthy malware featuring many features to evade analysis and detection by security software.	Malware	Multiple Industries	CC	>1		Minerva Labs, Beep
152	13/02/2023	-	-	?	Community Health Systems	Community Health Systems estimates that 1 million patients have been impacted by the GoAnywhere breach.	CVE-2023-0669 Vulnerability	Human health and social work	CC	US		Community Health Systems, GoAnywhere, CVE-2023-0669
153	13/02/2023	13/02/2023	13/02/2023	Medusa	Tonga Communications Corporation (TCC)	Tonga Communications Corporation (TCC) reveals to have been hit with a ransomware attack. The Medusa ransomware group takes credit for the attack.	Malware	Information and communication	CC	TO		Tonga Communications Corporation, TCC, Medusa, ransomware
154	13/02/2023	-	-	DEV-0147	Diplomatic targets in South America	Researchers from Microsoft reveal that the threat group DEV-0147 is deploying the ShadowPad RAT to hit diplomatic targets in South America.	Targeted Attack	Public admin and defence, social security	CE	>1		Microsoft, DEV-0147, ShadowPad RAT
155	13/02/2023	Since 2021	During June 2022	Tonto Team, AKA Karma Panda, CactusPete, Bronze Huntley, Earth Akhlut and HeartBeat	Group-IB	Cybersecurity company Group-IB claims it was repeatedly targeted in the past years by a threat actor believed to be linked to the Chinese government.	Targeted Attack	Professional, scientific and technical	CE	SG		Tonto Team, Karma Panda, CactusPete, Bronze Huntley, Earth Akhlut, HeartBeat, Group-IB
156	13/02/2023	Since at least December 2022	During December 2022	?	Organizations in the healthcare and finance sectors	Researchers from Cybereason discover a new campaign using new deployment methods to distribute the GootLoader malware loader, search engine optimization (SEO) poisoning tactics, and the deployment of additional C2 frameworks such as Cobalt Strike and SystemBC, impacting the healthcare and finance sectors.	Malware	Human health and social work	CC	>1		Cybereason, GootLoader, SEO poisoning, Cobalt Strike, SystemBC
157	13/02/2023	Since at least December 2022	During December 2022	?	Organizations in the healthcare and finance sectors	Researchers from Cybereason discover a new campaign using new deployment methods to distribute the GootLoader malware loader, search engine optimization (SEO) poisoning tactics, and the deployment of additional C2 frameworks such as Cobalt Strike and SystemBC, impacting the healthcare and finance sectors.	Malware	Finance and insurance	CC	>1		Cybereason, GootLoader, SEO poisoning, Cobalt Strike, SystemBC
158	13/02/2023	'Recently'	'Recently'	Hong Kong-based ring	Individuals	Researchers from Sophos discover a new "pig-butchering" campaign leveraging the MetaTrader 4 application, a legitimate trading application from a Russian software company, to run a fake gold-trading marketplace.	'pig-butchering' scam	Individual	CC	>1		pig-butchering, MetaTrader 4, Hong Kong
159	13/02/2023	Since 06/12/2023	-	?	Individuals	Researchers from Cyble discover various domains and IP addresses hosting websites that claim to be collecting funds to aid those affected by the earthquake in Turkey and Syria.	Scam	Individual	CC	>1		Cyble, Turkey, Syria
160	13/02/2023	'Recently'	'Recently'	?	Fans of The Last of Us	Researchers from Kaspersky discover two separate campaigns, a scam designed to inject PCs with malware and a phishing ploy designed to steal banking information and other financial data, targeting fans of The Last of Us.	Malware	Arts entertainment, recreation	CC	>1		Kaspersky, The Last of Us
161	13/02/2023	-	-	LockBit 3.0	Cassa Nazionale di Previdenza ed Assistenza Ragionieri e Periti Commerciali (CNPR)	The LockBit 3.0 ransomware gang hits the Cassa Nazionale di Previdenza ed Assistenza Ragionieri e Periti Commerciali (CNPR)	Malware	Administration and support service	CC	iT		LockBit 3.0, Cassa Nazionale di Previdenza ed Assistenza Ragionieri e Periti Commerciali, CNPR
162	14/02/2023	Since January 2023	Since January 2023	Gamaredon AKA Primitive Bear, Winterflouder, BlueAlpha, BlueOtso, IronTiden, SectorC08, Callisto, Shuckworm and Armageddon	Organizations in Ukraine	A new campaign by the Gamaredon group targets Ukrainian organizations by deploying Hoaxshell, a heavily obfuscated backdoor written in PowerShell.	Targeted Attack	Multiple Industries	CE	UA		Gamaredon, Primitive Bear, Winterflouder, BlueAlpha, BlueOtso, IronTiden, SectorC08, Callisto, Shuckworm, Armageddon, Hoaxshell, Powershell
163	14/02/2023	Since December 2022	During December 2022	?	Multiple organizations	Researchers from Cisco Talos discover an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.	Malware	Multiple Industries	CC	>1		Cisco Talos, MortalKombat, ransomware, Laplas Clipper
164	14/02/2023	17/01/2023	17/01/2023	trendava	Multiple organizations	Researchers from Check Point detect a set of 16 malicious NPM packages, pretending to be internet speed testers but being, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the threat actors.	Malware	Multiple Industries	CC	>1		Check Point, NPM, trendava
165	14/02/2023	Since January 2023	During January 2023	APT37 AKA 'RedEyes' or 'ScarCruft'	Multiple organizations	Researchers from AhnLab discover a new campaign by the North Korean APT37 threat group using a new evasive 'M2RAT' malware and steganography to target individuals for intelligence collection, exploiting the CVE-2017-8291 Hangul word processor vulnerability.	Targeted Attack	Multiple Industries	CE	N/A		APT37, RedEyes, ScarCruft, North Korea, AhnLab, M2RAT, CVE-2017-8291 Hangul
166	14/02/2023	Early January 2023	Early January 2023	?	Undisclosed government organization	Researchers from Zscaler discover a campaign targeting a Government organization in which the threat actors utilized the new Command & Control (C2) framework Havoc.	Targeted Attack	Public admin and defence, social security	CE	N/A		Zscaler, Havoc
167	14/02/2023	14/02/2023	14/02/2023	?	Burton Snowboards	Burton Snowboards, a leading snowboard manufacturing company, cancels all online orders following what it describes as a "cyber incident."	Unknown	Manufacturing	CC	US		Burton Snowboards
168	14/02/2023	-	-	Multiple threat actors	Multiple organizations in the U.S.	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four security vulnerabilities exploited in attacks as zero-day to its list of bugs known to be abused in the wild.	CVE-2023-21823, CVE-2023-23376, CVE-2023-21715, CVE-2023-23529 Vulnerabilities	Multiple Industries	N/A	US		CVE-2023-21823, CVE-2023-23376, CVE-2023-21715, CVE-2023-23529, U.S. Cybersecurity and Infrastructure Security Agency, CISA
169	14/02/2023	14/02/2023	14/02/2023	Al-Toufan, or “The Flood”	Bahrain’s international airport and state news agency	Attackers from Al-Toufan, or “The Flood” say they had taken down the websites of Bahrain’s international airport and state news agency to mark the 12-year anniversary of an Arab Spring uprising in the small Gulf country.	DDoS	Public admin and defence, social security	H	BH		Al-Toufan, The Flood, Bahrain’s international airport, Bahrain state news agency
170	14/02/2023	-	During July 2022	?	CompSource Mutual Insurance Company	CompSource Mutual Insurance Company files a notice of data breach after determining that an unauthorized party accessed confidential consumer information stored on the company’s computer system.	Unknown	Finance and insurance	CC	US		CompSource Mutual Insurance Company
171	14/02/2023	Between 21/11/2022 30/11/2022	-	?	Minuteman Senior Services	Minuteman Senior Services confirms that an unauthorized individual gained access to the email account of an employee.	Account Takeover	Human health and social work	CC	US		Minuteman Senior Services
172	14/02/2023	-	-	?	Supersonic Studios LTD	Attackers share the data (a dataset of nearly 600 MB) allegedly taken from the creators of Escalators, a game from Supersonic Studios LTD	Unknown	Arts entertainment, recreation	CC	IL		Escalators, Supersonic Studios LTD
173	14/02/2023	11/02/2023	11/02/2023	LockBit 3.0	Gruppo Beltrame	Gruppo Beltrame, a steel manufacturing company is hit with a LockBit ransomware attack.	Malware	Manufacturing	CC	IT		Gruppo Beltrame, LockBit, ransomware
174	14/02/2023	End of February 2022	-	Chernovite	A dozen U.S. electric and gas facilities	The security company Dragos reveals that attackers linked to Russia got very close to being able to take a dozen U.S. electric and gas facilities offline in the first weeks of the war in Ukraine,	Malware	Electricity, gas steam, air conditioning	CW	US		Dragos, Russia, Ukraine, Chernovite
175	14/02/2023	Between November 2022 and January 2023	-	8220	Multiple organizations	Researchers from Sysdig reveal the details of the latest campaigns by the 8220 group exploiting Oracle Weblogic and Apache vulnerabilities to perform cryptojacking.	Multiple vulnerabilities	Multiple Industries	CC	>1		Sysdig, 8220, Oracle Weblogic, Apache
176	14/02/2023	-	-	?	Crypto investors	Researchers from WithSecure discover a massive network of fake YouTube videos being used by attackers to launch crypto scams.	Crypto Scam	Fintech	CC	>1		WithSecure
177	14/02/2023	-	-	LockBit 3.0	Montibello	Skin and hair products firm Montibello is added by the LockBit3.0 ransomware gang to their leaks page.	Malware	Manufacturing	CC	ES		Montibello, LockBit3.0, ransomware
178	14/02/2023	17/11/2022	-	?	1st Franklin Financial Corporation (FCC)	1st Franklin Financial Corporation (1FFC) files notice of a data breach after confirming that a recent data security incident compromised consumer data stored on the company’s computer network.	Unknown	Finance and insurance	CC	US		1st Franklin Financial Corporation, FCC
179	15/02/2023	'Recently'	'Recently'	?	Multiple organizations	The security company Emsisoft reveals that a threat actor is using fake code-signing certificates impersonating the firm Emsisoft to target customers using its security products, hoping to bypass their defenses.	Malware	Multiple Industries	CC	>1		Emsisoft
180	15/02/2023	14/02/2023	14/02/2023	Anonymous Sudan	Scandinavian Airlines (SAS)	A cyberattack on Scandinavian Airlines (SAS) knocks its website offline and exposed some customer data	DDoS	Transportation and storage	H	SE		Anonymous Sudan, Scandinavian Airlines, SAS
181	15/02/2023	'Recently'	'Recently'	ProxyShellMiner	Multiple organizations	Researchers from Morphisec discover a new malware dubbed 'ProxyShellMiner' exploiting the Microsoft Exchange ProxyShell vulnerabilities (CVE-2021-34473 and CVE-2021-34523) to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers.	CVE-2021-34473 and CVE-2021-34523 Vulnerabilities	Multiple Industries	CC	>1		Morphisec, ProxyShellMiner, ProxyShell, CVE-2021-34473, CVE-2021-34523
182	15/02/2023	Between July 2022 and December 2022	-	V3G4	Multiple organizations	Researchers at Palo Alto Networks discover a new Mirai botnet variant tracked as ‘V3G4’ targeting 13 vulnerabilities in Linux-based servers and IoT devices to use in DDoS (distributed denial of service) attacks.	Multiple vulnerabilities	Multiple Industries	CC	>1		Palo Alto Networks, Mirai, V3G4
183	15/02/2023	'Recently'	'Recently'	Multiple state-sponsored threat actors	Business and governments in the European Union	The EU Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team of the European Union (CERT-EU) reveal that government hacking groups have been seen “recently conducting malicious cyber activities against business and governments in the Union.”	Targeted Attack	Multiple Industries	CE	>1		EU Agency for Cybersecurity, ENISA, Computer Emergency Response Team of the European Union, CERT-EU
184	15/02/2023	Between June 2021 and November 2021	-	SideWinder (aka Rattlesnake or T-APT4)	61 government, military, law enforcement and other targets in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka	Researchers from Group-IB reveal the details of a previously unknown series of phishing operations from the Pakistani threat group SideWinder, which targeted organizations in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka.	Account Takeover	Public admin and defence, social security	CC	AF BT MM NP LK		SideWinder, Rattlesnake, T-APT4
185	15/02/2023	-	-	?	Multiple ecommerce websites	Researchers from Akamai discover a new sophisticated Magecart web skimming campaign on several ecommerce websites, impersonating a legitimate third-party vendor, like Google Tag Manager, and hiding the malicious code through Base64 encoding.	Malicious Script injection	Wholesale and retail	CC	>1		Akamai, Magecart, Google Tag Manager
186	15/02/2023	-	-	Avos Locker	California Northstate University	The California Northstate University suffers a leak from the Avos Locker ransomware gang.	Malware	Education	CC	US		California Northstate University, Avos Locker, ransomware
187	15/02/2023	During September 2022	During December 2022	?	Boulder County	Boulder County is able to recover the almost $238,000 it mistakenly sent to a fraudulent account after a phishing scam in September.	Account Takeover	Public admin and defence, social security	CC	US		Boulder County
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
TCP Split Handshake Attack Explained
Update May 12: TCP Split Handshake: Why Cisco ASA is not susceptible Update May 11: The Never Ending Story Update April 21: Other Considerations on TCP Split Handshake Few days ago, independent security research and testing NSS Labs, issued a comparative report among six network security ...
Q1 2023 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published in the first three months of 2023. In total...
September 2023 Cyber Attacks Statistics
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
2020 Cyber Attacks Statistics
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.