The first cyber attacks timeline of February 2023 is out setting a new maximum. In the first half of the month I collected 182 events (12.13 events/day.) This is the new maximum for the last 12 months and corresponds to nearly a 20% increase compared to the previous timeline.
Ransomware-driven events were up to 25.8% (47 out of 182 events), up from 22.8%, whilst 14 events were characterized by the exploitation of vulnerabilities (corresponding to 7.7%), thanks primarily to the massive exploitation of CVE-2021-21974 targeting VMware ESXi servers.
Malvertising events taking advantage of SEO poisoning continued to play an important role with 5 events characterized by this technique.
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat actors.
In the fintech space, Webaverse suffered the theft of $4 million worth of assets, while crypto investors continued to be the targets of multiple campaigns.
And the mega breaches continued to characterize the threat landscape: AT&T, Verizon, and USCellular suffered the leak of customer records, threat actors stole a database with 20 million records from PeopleConnect, the Heritage Provider Network suffered a ransomware attack exposing the data of 3.3 million patients, and finally Weee! suffered a breach exposing the information of 1.1 million customers.
The Cyber Espionage space was quite crowded as usual, with Ukraine being the center of multiple campaigns by Russian threat actors such as: UAC-0050, UAC-0114 and UAC-0056 (AKA Nodaria). Other threat actors particularly active include Seaborgium (AKA Cold River and Calisto), APT29, APT34 (AKA OilRig), APT37, the Lazarus Group and Mustang Panda.
But state-sponsored threat actors continued to back their countries with multiple campaigns in the cyber space with inevitable connections with the Ukrainian situation, such as a campaign targeting Ukrainian refugees abroad, and also fake bomb alerts aimed to destabilize Moldova. Other unearthed operations included an attack launched by the Chernovite group against a dozen of U.S. electric and gas facilities, and Spamouflage, a campaign where Chinese state-aligned actors used AI-generated broadcasters to distribute content that promotes the interests of the Chinese Communist Party.
And last but not least, and once again unsurprisingly, the hacktivist front was always hot, fueled by the campaigns of pro-Russian threat actors such as Killnet.
In this fortnight in particular, the list is really too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Geo Map February H1 2023
No Data Found
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/02/2023
28/01/2023
28/01/2023
Killnet
Several hospital websites in the Netherlands and Europe
Dutch cyber authorities say that several hospital websites in the Netherlands and Europe were targeted by the pro-Kremlin hacking group Killnet with DDoS attacks because of their countries’ support for Ukraine.
DDoS
Human health and social work
H
NL
Killnet
2
01/02/2023
'Recently'
'Recently'
ShaZhuPan
Individuals on Facebook and Tinder
Researchers at Sophos discover CryptoRom, a campaign where scammers target victims on Facebook or Tinder and convince them to download a fraudulent apps and "invest" large amounts of money into assets purported to be real.
'pig-butchering' scam
Individual
CC
>1
Sophos, Cryptorom, ShaZhuPan, Facebook, Tinder
3
01/02/2023
Since at least September 2022
During September 2022
?
Online gaming and gambling companies
Researchers at Security Joe discover that unknown attackers have been targeting online gaming and gambling companies with what appears to be a previously unseen backdoor that researchers have named IceBreaker.
Malware
Arts entertainment, recreation
CC
N/A
Security Joe, IceBreaker
4
01/02/2023
Since early September 2021
-
HeadCrab
Multiple organizations
Researchers at Aqua Security discover HeadCrab, a new stealthy malware designed to target vulnerable Redis servers, and infecting over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency.
Malware
Multiple Industries
CC
>1
Aqua Security, HeadCrab, Redis, Monero
5
01/02/2023
'Recently'
'Recently'
Multiple threat actors
Multiple organizations
Researchers from Deep Instinct discover multiple campaigns using Microsoft Visual Studio Tools for Office (VSTO) as method to achieve persistence and execute code on a target machine via malicious Office add-ins.
Malware
Multiple Industries
CC
>1
Deep Instinct, Microsoft Visual Studio Tools for Office, VSTO, Office add-ins
6
01/02/2023
01/12/2022
08/12/2022
?
Heritage Provider Network
Multiple medical groups in the Heritage Provider Network in California suffer a ransomware attack, exposing sensitive patient information to cybercriminals.
Malware
Human health and social work
CC
US
Heritage Provider Network, ransomware, Regal Medical Group, Lakeside Medical Organization, A Medical Group, ADOC Acquisition Co ,A Medical Group Inc. & Greater Covina Medical Group
7
01/02/2023
Late 2022
Late 2022
Chinese state-aligned actors
Individuals worldwide
Researchers from Graphika reveal that the details of Spamouflage, a campaign where in a series of videos posted on Twitter, Facebook and YouTube, Chinese state-aligned actors used AI-generated broadcasters to distribute content that promotes the interests of the Chinese Communist Party.
Coordinated Inauthentic Behavior
Individual
CW
>1
Graphika, Spamouflage, Twitter, Facebook, YouTube, China
8
01/02/2023
Since December 2022
During December 2022
Multiple threat actors
Multiple organizations
Researchers from Proofpoint identify multiple campaigns using OneNote documents to deliver malware via email.
Malware
Multiple Industries
CC
>1
Proofpoint, OneNote
9
01/02/2023
Since at least 08/08/2022
-
?
Multiple organizations
Researchers at Check Point identify a campaign carried out via two malicious PyPi packages, Python-drgn and Bloxflip.
Malware
Multiple Industries
CC
>1
Check Point, PyPi, Python-drgn, Bloxflip
10
01/02/2023
Since April 2021
-
Firebrick Ostrich
Multiple organizations
Researchers from Abnormal Security expose Firebrick Ostrich, a group behind 350 BEC campaigns impersonating 151 different organizations using 212 different maliciously registered domains.
Account Takeover
Multiple Industries
CC
>1
Abnormal Security, Firebrick Ostrich
11
01/02/2023
Between 01/12/2022 and 02/12/2022
05/12/2022
?
Arizona Health Advantage
Arizona Health Advantage, also known as Arizona Priority Care (APC) and AZPC Clinics notifies several health plans of a recent data breach that impacted nearly 11,000 individuals in total.
Malware
Human health and social work
CC
US
Arizona Health Advantage, Arizona Priority Care, APC, AZPC Clinics
12
01/02/2023
01/02/2023
01/02/2023
?
Black and White Cabs
Black and White Cabs, a digital ride-booking service, shuts down the company's phone and online booking system after a cyber attack.
Unknown
Transportation and storage
CC
AU
Black and White Cabs
13
01/02/2023
-
01/02/2023
LockBit 3.0
Pharma Gestao
Pharma Gestao is added to the LockBit ransomware leak site.
Malware
Professional, scientific and technical
CC
BR
Pharma Gestao, LockBit, ransomware
14
01/02/2023
-
01/02/2023
Vice Society
Società Italiana Brevetti
Società Italiana Brevetti, an intellectual property consulting firm, is hit with a Vice Society ransomware attack.
Malware
Professional, scientific and technical
CC
IT
Società Italiana Brevetti, Vice Society, ransomware
15
01/02/2023
-
-
?
Coster
Coster, a company producing systems for the automation and energy efficiency in buildings, suffers 16,000 records leaked on Breach Forums.
Unknown
Manufacturing
CC
IT
Coster
16
02/02/2023
Between August and November 2022
During Q4 2022
Lazarus Group
Organizations in medical research, healthcare, chemical engineering, energy, defense, and a leading research university
Researchers at WithSecure reveal the details of "NoPineallple!", a new cyber espionage campaign attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction.
Targeted Attack
Multiple Industries
CE
>1
WithSecure, NoPineapple!, Lazarus group, North Korea
17
02/02/2023
'Recently'
'Recently'
?
Multiple organizations
Researchers from Sentinel One reveal the details of an ongoing Google ads malvertising campaign spreading Malvirt, malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer.
Malvertising
Multiple Industries
CC
>1
Sentinel One, Google ads, malvertising, Malvirt, KoiVM, Formbook
18
02/02/2023
22/11/2022
24/01/2023
?
Xavier University of Louisiana (XULA)
Xavier University of Louisiana (XULA) says it suffered a cyberattack compromising Social Security numbers and other personal information from more than 44,000 students and vendors.
Unknown
Education
CC
US
Xavier University of Louisiana, XULA
19
02/02/2023
-
-
?
Crypto users
Researchers from Recorded Future discover a cybercrime group offering a ready-to-use phishing page, purporting to mint nonfungible tokens (NFTs) but instead deploying a crypto drainer that empties an unsuspecting victim connected virtual currency wallet.
Malware
Fintech
CC
>1
Recorded Future, Crypto Drainer
20
02/02/2023
-
-
?
Users of the Dingo Token
Researchers from Check Point reveal that the originator of the Dingo Token, a cryptocurrency with a purported market capitalization of $11 million, has included a backdoor in the code to charge each transaction a fee of up to 99% of the worth of the token.
Backdoor
Fintech
CC
>1
Check Point, Dingo Token
21
02/02/2023
-
-
?
Individuals in Italy
Researchers from Avanan discover a phishing campaign using the legitimate ClickFunnels service to bypass security services and redirect users to malicious links.
Account Takeover
Individual
CC
IT
Avanan, ClickFunnels
22
02/02/2023
During December 2022
Since at least December 2022
APT34 AKA OilRig
Organizations in Middle East
Researchers at Trend Micro discover a new campaign by the APT34 group targeting organizations in the Middle East with a new backdoor malware named MrPerfectInstaller.
Targeted Attack
Multiple Industries
CE
>1
Trend Micro, APT34, MrPerfectInstaller, OilRig
23
02/02/2023
18/12/2022
28/12/2022
?
Motto Mortgage
Motto Mortgage files notice of a data breach after learning that an unauthorized party was able to access confidential consumer information stored on the company’s computer system.
Unknown
Finance and insurance
CC
US
Motto Mortgage
24
02/02/2023
01/12/2022
01/12/2022
?
Teijin Automotive Technologies
Teijin Automotive Technologies files notice of a data breach after learning that a ransomware attack compromised confidential information belonging to certain employees.
Malware
Manufacturing
CC
US
Teijin Automotive Technologies, ransomware
25
02/02/2023
02/02/2023
02/02/2023
BlackBasta
Acea
Acea, the energy utility of the City of Rome, is hit with a BlackBasta ransomware attack.
Malware
Water supply, waste mgmt, remediation
CC
IT
Acea, BlackBasta, ransomware
26
02/02/2023
Since 26/02/2023
30/01/2023
Trexon
Multiple organizations
Researchers from Fortinet discover a new attack in a PyPI package (Python Package Index) called “web3-essential”.
Researchers from Sucuri discover a campaign targeting WordPress sites and concealing the malware into images.
Malware
Multiple Industries
CC
>1
Sucuri, WordPress
28
02/02/2023
Since at least April 2022
During September 2022
Water Dybbuk
Multiple organizations
Researchers from Trend Micro reveal the details of a new phishing campaign targeting large companies around the world which we believe has been running since April 2022.
Account Takeover
Multiple Industries
CC
>1
Trend Micro, Water Dybbuk
29
02/02/2023
Since November 2022
-
Mustang Panda
Multiple organizations
Researchers from EcleticIQ discover a new campaign by the Mustang Panda APT Group, using European Commission-themed lure to deliver the PlugX malware.
Targeted Attack
Multiple Industries
CE
>1
EcleticIQ, Mustang Panda, European Commission, PlugX
30
02/02/2023
During January 2023
During January 2023
Scattered Spider AKA Roasted 0ktapus
Technology sector companies specializing in gaming or financial software
Researchers from Crowdstrike reveal that the Scattered Spider group is still targeting several tech and video game companies.
Account Takeover
Professional, scientific and technical
CC
>1
Crowdstrike, Scattered Spider, Roasted 0ktapus
31
02/02/2023
-
02/02/2023
Royal
Casa Ley
Casa Ley is added to the Royal ransomware leak site.
Malware
Wholesale and retail
CC
MX
Casa Ley, Royal, ransomware
32
02/02/2023
01/02/2023
-
LockBit 3.0
Sistema Integrado de Emergencias y Seguridad- SIES-M
The Sistema Integrado de Emergencias y Seguridad- SIES-M is hit with a LockBit ransomware attack.
Malware
Public admin and defence, social security
CC
CO
Sistema Integrado de Emergencias y Seguridad- SIES-M, LockBit, ransomware
33
02/02/2023
02/02/2023
-
LockBit 3.0
Avante Textil
The textile distributor “Avante Textil” is added to the LockBit3.0 ransomware leak page.
Malware
Wholesale and retail
CC
MX
Avante Textil, LockBit3.0, ransomware
34
03/02/2023
02/02/2023
02/02/2023
?
Tallahassee Memorial HealthCare (TMH)
Tallahassee Memorial HealthCare (TMH) takes its IT systems offline and suspends non-emergency procedures following a suspected ransomware attack.
Malware
Human health and social work
CC
US
Tallahassee Memorial HealthCare, TMH, ransomware
35
03/02/2023
03/02/2023
03/02/2023
ESXiArgs
Vulnerable ESXi servers
Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers are actively targeting VMware ESXi servers unpatched against CVE-2021-21974, a two-year-old remote code execution vulnerability to deploy a new ESXiArgs ransomware.
PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirm they suffered a data breach after hackers leaked a 2019 backup database containing the info of 20 millions of customers.
Inadvertent leak
Professional, scientific and technical
CC
US
PeopleConnect, TruthFinder, Instant Checkmate
37
03/02/2023
Dutch Police
Exclu
The Dutch police announces that they dismantled the Exclu encrypted communications platform after hacking into the service to monitor the activities of criminal organizations.
Unknown
Other service activities
N/A
N/A
Exclu
38
03/02/2023
-
03/02/2023
Medusa
Multiple organizations
Researchers from Cyble discover a new version of the Medusa DDoS (distributed denial of service) botnet, based on Mirai code, featuring a ransomware module and a Telnet brute-forcer.
Malware
Multiple Industries
CC
>1
Cyble, Medusa, Mirai
39
03/02/2023
03/02/2023
03/02/2023
?
University of Zurich
The University of Zurich, Switzerland’s largest university, announces it was the target of a “serious cyberattack.”
Unknown
Education
CC
CH
University of Zurich
40
03/02/2023
03/02/2023
03/02/2023
Neptunium AKA Emennet Pasargad
Charlie Hebdo
Microsoft’s Digital Threat Analysis Center says the Neptunium hacking group within the Iranian government is behind a cyber operation that targeted French satirical magazine Charlie Hebdo.
Unknown
Arts entertainment, recreation
H
FR
Microsoft, Digital Threat Analysis Center, Neptunium, Emennet Pasargad, Charlie Hebdo
41
03/02/2023
03/02/2023
03/02/2023
?
Berkeley County Schools
Berkeley County Schools says it is experiencing an internet and phone outage for issues related to a cyberattack.
Unknown
Education
CC
US
Berkeley County Schools
42
03/02/2023
01/12/2022
01/12/2022
?
Intrado
The FBI reveals that a cyber attack to Intrado, the company that provides telecommunications services for the 988 Lifeline helpline, caused an outage of the helpline.
Unknown
Information and communication
CC
US
FBI, Intrado, 988 Lifeline
43
03/02/2023
Between the end of 2022 and the beginning of 2023
-
PixPirate
Financial institutions in Brazil
Researchers at Cleafy discover a new Android banking Trojan dubbed "PixPirate" targeting financial institutions in Brazil.
Malware
Finance and insurance
CC
BR
Cleafy, Android, PixPirate
44
03/02/2023
-
05/12/2022
?
Cardiovascular Associates (CVA)
Cardiovascular Associates (CVA) files a notice of data breach after the company learned that certain systems within its network were subject to unauthorized access.
Unknown
Human health and social work
CC
US
Cardiovascular Associates, CVA
45
03/02/2023
-
06/12/2022
?
Southeast Colorado Hospital District (SECHD)
Southeast Colorado Hospital District (SECHD) files notice of a data breach after learning that an employee’s email account containing confidential patient information became compromised.
Account Takeover
Human health and social work
CC
US
Southeast Colorado Hospital District, SECHD
46
03/02/2023
14/11/2022
-
?
Rise Interactive Media & Analytics
Rise Interactive Media & Analytics files notice of a data breach after learning that an unauthorized party was able to access confidential consumer information stored on the company’s computer network.
Unknown
Professional, scientific and technical
CC
US
Rise Interactive Media & Analytics
47
03/02/2023
Since July 2022
-
?
Android mobile users in Taiwan, Thailand, and Indonesia
Researchers from Trend Micro reveal the details of TgToxic, a campaign targeting Android mobile users in Taiwan, Thailand, and Indonesia.
Malware
Individual
CC
ID
TH
TW
Trend Micro, TgToxic, Android
48
03/02/2023
10/01/2023
-
?
LG Uplus
LG Uplus reveals that a breach in January affected a total of 290,000 users, about 110,000 more than initially suspected.
Unknown
Information and communication
CC
KR
LG Uplus
49
03/02/2023
-
17/01/2023 and 18/01/2023
?
Nonstop Health
Nonstop Health has its source code and some data leaked in a hacking forum.
Unknown
Finance and insurance
CC
US
Nonstop Health
50
03/02/2023
-
28/12/2022
Vice Society
Seguros Equinoccial
Data from Seguros Equinoccial appear in the Vice Society ransomware leak site.
Malware
Finance and insurance
CC
EC
Seguros Equinoccial, Vice Society, ransomware
51
03/02/2023
-
-
LockBit 3.0
Luaces Asesores
The LockBit ransomware gang claims to have attacked Luaces Asesores.
Malware
Professional, scientific and technical
CC
ES
LockBit, ransomware, Luaces Asesores
52
03/02/2023
-
-
8 individuals
Mobile banking users
Eight people are arrested for withdrawing hundreds of thousands of rupees by hacking bank accounts using an app called ‘Nepali Keti’.
Malware
Finance and insurance
CC
NP
Nepali Keti
53
03/02/2023
During 2022
During 2022
Djvu
Organizations in India
The Indian Computer Emergency Response Team highlights the Djvu ransomware as the most common threat for Indian organizations.
Malware
Multiple Industries
CC
IN
Indian Computer Emergency Response Team, Djvu, ransomware
54
04/02/2023
Over the last six months
Over the last six months
?
Multiple organizations
Researchers from Zscaler reveal that over the past six months, the operators behind the AveMaria infostealer have been making significant additions to the execution stages to infect more users.
Malware
Multiple Industries
CC
>1
AveMaria, Zscaler
55
04/02/2023
-
03/02/2023
LockBit 3.0
Jackson & Joyce Family Dentistry
Jackson & Joyce Family Dentistry is added to the LockBit ransomware leak site.
Malware
Human health and social work
CC
US
Jackson & Joyce Family Dentistry, LockBit, ransomware
56
04/02/2023
-
04/02/2023
LockBit 3.0
Tonoli
Tonoli, an Italian transportation company, is hit by a LockBit ransomware attack.
Malware
Transportation and storage
CC
IT
Tonoli, LockBit, ransomware
57
05/02/2023
-
-
Royal
Multiple organizations
Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines.
Malware
Multiple Industries
CC
>1
Royal, ransomware, Linux, VMware ESXi
58
05/02/2023
07/12/2022
07/12/2022
?
UT Specialty Dental Services (AKA Aspire Surgical)
UT Specialty Dental Services (AKA Aspire Surgical) announces that it is notifying individuals whose information was involved in a recent cybersecurity incident.
Unknown
Human health and social work
CC
US
UT Specialty Dental Services, Aspire Surgical
59
05/02/2023
05/02/2023
05/02/2023
?
Nathaniel Fick Twitter account
US top cybersecurity diplomat and the head of the US State Department’s Bureau for Cyberspace and Digital Policy, Nathaniel Fick, has his Twitter account hacked.
Account Takeover
Individual
CC
US
US State Department’s Bureau for Cyberspace and Digital Policy, Nathaniel Fick, Twitter
60
05/02/2023
-
-
Avos Locker
Thomas J. Schandy
Thomas J. Schandy is listed on the leak site of the AvosLocker ransomware gang, which claims to have stolen 100 GB of information.
Malware
Finance and insurance
CC
UY
Thomas J. Schandy, AvosLocker, ransomware
61
06/02/2023
'Recently'
'Recently'
UAC-0050
Ukrainian government agencies
The Ukraine’s computer emergency response team (CERT-UA) reveals that in a recent phishing campaign against Ukrainian government agencies, attackers attempted to install the Remcos surveillance software on victims’ computers.
Targeted Attack
Public admin and defence, social security
CE
UA
UAC-0050, Ukraine, CERT-UA, Remcos
62
06/02/2023
Since 02/02/2023
02/02/2023
BlackBasta
At least a dozen organizations in Italy
The Italian cybersecurity agency reveals that at least a dozen hacks against vulnerable VMware ESXi servers in the country are likely tied to the BlackBasta ransomware group.
Malware
Multiple Industries
CC
IT
BlackBasta, VMware
63
06/02/2023
'Recently'
'Recently'
?
Multiple organizations
Researchers at Ahnlab discover a new campaign exploiting Sunlogin (a remote-control software) CNVD-2022-10270 and CNVD-2022-03672 vulnerabilities to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software.
CNVD-2022-10270 and CNVD-2022-03672 vulnerabilities
Multiple Industries
CC
>1
Ahnlab, Sunlogin, CNVD-2022-1027, CNVD-2022-03672, Sliver, Windows, Bring Your Own Vulnerable Driver, BYOVD
64
06/02/2023
Since at least 03/02/2022
06/02/2023
Multiple threat actors
Multiple organizations
A zero-day vulnerability affecting Internet-exposed GoAnywhere MFT administrator consoles is exploited in the wild.
CVE-2023-0669 Vulnerability
Multiple Industries
CC
>1
GoAnywhere MFT, CVE-2023-0669
65
06/02/2023
Since at least 31/01/2023
31/01/2023
QBot
Multiple organizations
Researchers from Sophos discover a new QBot malware campaign dubbed "QakNote", using malicious Microsoft OneNote' .one' attachments to infect systems with the banking trojan.
Malware
Finance and insurance
CC
>1
Sophos, QBot, QakNote, Microsoft OneNote
66
06/02/2023
06/02/2023
06/02/2023
?
Vesuvius Plc
Engineering company Vesuvius Plc, which produces ceramics used by steelmakers, reports that it is “currently managing a cyber incident.”
Unknown
Manufacturing
CC
UK
Vesuvius Plc
67
06/02/2023
06/02/2023
06/02/2023
ALPHV AKA BlackCat
Munster Technological University (MTU)
Munster Technological University (MTU) in Ireland announces that its campuses in Cork would be closed following a “significant IT breach and telephone outage.” The ALPHV ransomware gang claims responsibility for the attack.
Sharp HealthCare, San Diego’s largest health provider, announces that it has begun notifying 62,777 of its patients that some of their personal information was compromised during a hacking attack on the computers that run its website, sharp.com.
Unknown
Human health and social work
CC
US
Sharp HealthCare
69
06/02/2023
-
-
IntelBroker
Undisclosed third-party vendor
U.S. wireless telecom UScellular says a data breach at a third-party vendor resulted in a leak of 52,000 names and email addresses.
Unknown
Professional, scientific and technical
CC
US
UScellular, IntelBroker
70
06/02/2023
Between 13/12/2022 and 15/12/2022
15/12/2022
?
Highmark Health
Highmark Health files a notice of data breach after learning that an employee’s email account had been compromised following a phishing attack.
Account Takeover
Human health and social work
CC
US
Highmark Health
71
06/02/2023
03/02/2023
03/02/2023
?
MKS Instruments
MKS Instruments says it is investigating a ransomware attack that affected the semiconductor equipment maker's production-related systems.
Malware
Manufacturing
CC
US
MKS Instruments, ransomware
72
06/02/2023
-
-
?
Multiple organizations
The Hong Kong police and Interpol take down the local operation of an international phishing syndicate that used 563 bogus mobile applications to spy on phones globally and steal information.
Account Takeover
Multiple Industries
CC
HK
Hong Kong, Interpol
73
06/02/2023
04/02/2023
04/02/2023
?
Hidalgo County Adult Probation Office
The Hidalgo County Adult Probation Office is hit with a ransomware attack.
Malware
Public admin and defence, social security
CC
US
Hidalgo County Adult Probation Office
74
06/02/2023
03/02/2023
03/02/2023
?
Tehama County
Tehama County officials issued a warning after some employees fall victim of an attempted phishing attack.
Account Takeover
Public admin and defence, social security
CC
US
Tehama County
75
06/02/2023
-
08/12/2022
?
Vitra Health
Vitra Health notifies 1,618 patients that some of their protected health information has been exposed and potentially stolen after an employee email account had been accessed by an unauthorized individual.
Account Takeover
Human health and social work
CC
US
Vitra Health
76
07/02/2023
Since at least July 2022
During July 2022
Russia?
Moldova
Moldovan Prime Minister Natalia Gavrilița accuses Russia of trying to destabilize the country by sponsoring protests and carrying out cyberattacks via fake emails warning of bomb threats at more than 50 facilities across the country.
Malicious Spam
Individual
CW
MD
Moldova, Natalia Gavrilița, Russia
77
07/02/2023
Since at least July 2022
-
?
Tor Network
Tor Project's Executive Director Isabela Dias Fernandes reveals that a wave of distributed denial-of-service (DDoS) attacks has been targeting the Tor network since at least July 2022.
DDoS
Information and communication
CC
N/A
Tor, Isabela Dias Fernandes, Tor
78
07/02/2023
During the last previous days
During the last previous days
?
I2P (Invisible Internet Project)
Also the I2P network is hit by a wave of DDoS attacks.
DDoS
Information and communication
CC
N/A
I2P, Invisible Internet Project
79
07/02/2023
23/01/2023
23/01/2023
Play
A10 Networks
The California-based networking hardware manufacturer A10 Networks confirms that the Play ransomware gang briefly gained access to its IT infrastructure and compromised data.
Malware
Professional, scientific and technical
CC
US
A10 Networks, Play, Ransomware
80
07/02/2023
Since at least 26/12/2022
26/12/2022
Clop (AKA Cl0p)
Multiple organizations
Researchers from Sentinel One discover the first Clop ransomware variant targeting Linux systems (with a flawed encryptor).
Malware
Multiple Industries
CC
>1
Sentinel One, Clop, Cl0p, ransomware, Linux
81
07/02/2023
-
-
?
Dorben Group
Dorben Group, a luxury brands retailer in Latin America, allegedly suffers a data breach as information belonging to 790,000 customers ended up on a hacker forum.
Unknown
Wholesale and retail
CC
PA
Dorben Group
82
07/02/2023
During 2022
During 2022
?
Webaverse
The co-founder of Web3 metaverse game engine “Webaverse” reveals they were victims of a $4 million crypto hack after meeting with scammers posing as investors in a hotel lobby in Rome.
Unknown
Fintech
CC
N/A
Webaverse
83
07/02/2023
05/02/2023
05/02/2023
?
Ross Memorial Hospital
A suspected ransomware attack hits Ross Memorial Hospital disabling some important diagnostic systems and access to medical files.
Malware
Human health and social work
CC
CA
Ross Memorial Hospital, ransomware
84
07/02/2023
-
07/02/2023
LockBit 3.0
Cantina Tollo
Cantina Tollo, an Italian winery, is hit with a LockBit ransomware attack.
Malware
Accommodation and food service
CC
IT
Cantina Tollo, ransomware, LockBit
85
08/02/2023
Early February 2023
Early February 2023
UAC-0114 aka Winter Vivern
Ukrainian and Polish government computer systems
Attackers attempt to infect Ukrainian and Polish government computer systems with malware hosted on fake websites posing as Ukraine’s Ministry of Foreign Affairs and Poland’s Central Cybercrime Bureau. One of the distributed malware samples is Aperetif.
Targeted Attack
Public admin and defence, social security
CE
PL
UA
Ukraine, Poland, Ukraine’s Ministry of Foreign Affairs, Poland’s Central Cybercrime Bureau, Aperetif, UAC-0114, Winter Vivern
86
08/02/2023
Since at least October 2022 through mid-January 2023.
-
Nodaria (AKA UAC-0056 and TA471)
Organizations in Ukraine
Researchers from Symantec/Broadcom reveal that the Russian hacking group known as 'Nodaria' (UAC-0056) is using a new information-stealing malware called 'Graphiron' to steal data from Ukrainian organizations.
Pharmaceutical distributor AmerisourceBergen confirms that attackers compromised the IT system of one of its subsidiaries after threat actors from the Lorenz ransomware group began leaking allegedly stolen data.
Malware
Human health and social work
CC
US
AmerisourceBergen, Lorenz, ransomware
88
08/02/2023
-
-
Dota 2 players
Researchers from Avast discover four malicious Dota 2 game modes used by a threat actor to backdoor the players' systems.
CVE-2021-38003 Vulnerability
Arts entertainment, recreation
CC
>1
CVE-2021-38003, Dota 2, Avast
89
08/02/2023
During February 2023
06/02/2023
IntelBroker
Weee!
The Weee! Asian and Hispanic food delivery service suffers a data breach exposing the personal information of 1.1 million customers.
Unknown
Accommodation and food service
CC
US
Weee!
90
08/02/2023
Since at least 08/02/2023
08/02/2023
ESXiArgs
Vulnerable ESXi servers
A new ESXiArgs ransomware variant is encrypting more extensive amounts of data, making it much harder, if not impossible, to recover encrypted VMware ESXi virtual machines.
CVE-2021-21974 Vulnerability
Multiple Industries
CC
>1
VMware ESXi, CVE-2021-21974, ESXiArgs, ransomware
91
08/02/2023
Since October 2022
During October 2022
TA866
Organizations in the United States and Germany
Researchers from Proofpoint discover a new threat actor tracked as TA866 targeting organizations in the United States and Germany with new custom malware to perform surveillance and data theft on infected systems.
Malware
Multiple Industries
CC
DE
US
Proofpoint, TA866
92
08/02/2023
08/02/2023
08/02/2023
?
Indigo Books & Music
Indigo Books & Music, the largest bookstore chain in Canada, is struck by a cyberattack, causing the company to make the website unavailable to customers and to only accept cash payments.
Unknown
Wholesale and retail
CC
CA
Indigo Books & Music
93
08/02/2023
Between 27/01/2023 and 29/01/2023
-
Core1337
Multiple organizations
Researchers at Fortinet discover five malicious packages on the Python Package Index (PyPI) containing the W4SP Stealer, stealing passwords, Discord authentication cookies, and cryptocurrency wallets from unsuspecting developers.
APT29 AKA Nobelium, The Dukes, Cozy Bear, CozyDuke
Undisclosed organization
Researchers from Microsoft reveal the details of a sophisticated authentication bypass for Active Directory Federated Services (AD FS), named MagicWeb, pioneered by the Russia-linked Nobelium group.
Targeted Attack
Unknown
CE
N/A
Microsoft, APT29, Nobelium, The Dukes, Cozy Bear, CozyDuke, MagicWeb
95
08/02/2023
-
13/01/2023
Seaborgium AKA Cold River and Calisto
Stewart McDonald's Email
Stewart McDonald from the Scottish National Party (SNP), a British Member of Parliament (MP) reveals his personal email account was hacked by suspected Russian threat actors.
Account Takeover
Individual
CE
UK
Stewart McDonald, Scottish National Party, SNP, Russia, Seaborgium, Cold River, Calisto
96
08/02/2023
Between 18/02/2022 and 08/12/2022
-
?
Care Dimensions
Care Dimensions, a provider of hospice, palliative, and home primary care services, reports a data breach that has affected up to 1,713 patients, when the donation page of its website had been altered, and malicious code was added to capture the payment card details of donors.
Malicious Script injection
Human health and social work
CC
US
Care Dimensions
97
08/02/2023
Since at least 27/01/2023
28/01/2023
Magniber
Multiple organizations in South Korea
Researchers from Ahnlab discover a new campaign distributing the Magniber ransomware in South Korea.
Malware
Multiple Industries
CC
KR
Ahnlab, Magniber, ransomware
98
08/02/2023
'Recently'
'Recently'
?
Organizations in South Korea
Researchers from Ahnlab discover campaign distributing the Quasar RAT through the private Home Trading System (HTS).
Malware
Multiple Industries
CC
KR
Ahnlab, Quasar RAT, Home Trading System
99
08/02/2023
Early February 2023
Early February 2023
?
Multiple organizations
Researchers from Sonatype discover four different rogue packages in the Python Package Index (PyPI) able to to carry out a number of malicious actions, including dropping malware, deleting the netstat utility, and manipulating the SSH authorized_keys file.
Researchers from Trend Micro reveal the details about an APT group, named Earth Zhulong, targeting Vietnamese organizations. Active since 2020, the group is believed to be linked to the China-based hacking group 1937CN.
Targeted Attack
Multiple Industries
CE
VN
Trend Micro, Earth Zhulong, China, 1937CN
101
08/02/2023
-
-
Multiple threat actors
Individuals
Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria: stealing donations by abusing legitimate platforms like PayPal and Twitter.
Account Takeover
Individual
CC
>1
Turkey, Syria, PayPal, Twitter
102
08/02/2023
-
-
?
90 Degree Benefits
90 Degree Benefits reports a data breach that involved the protected health information of 175,000 individuals.
Unknown
Human health and social work
CC
US
90 Degree Benefits
103
09/02/2023
30/01/2023 and 31/01/2023
30/01/2023
?
Multiple organizations
Researchers from Sentinel One discover a new phishing campaign targeting Amazon Web Services (AWS) logins and abusing Google ads to inject phishing sites into Google Search.
Malvertising
Multiple Industries
CC
>1
Sentinel One, Amazon Web Services, AWS, Google ads, Google Search
104
09/02/2023
'Recently'
'Recently'
Russian threat actors
Eastern Europeans working in the cryptocurrency industry
Researchers from Trend Micro discover a campaign operated by Russian threat actors using fake job offers to target Eastern Europeans working in the cryptocurrency industry, aiming to infect them with a modified version of the Stealerium malware named 'Enigma.'
Malware
Fintech
CC
>1
Trend Micro, Stealerium, Enigma
105
09/02/2023
05/02/2023
05/02/2023
?
Reddit
Reddit suffers a a phishing attack, allowing hackers to access internal business systems and steal internal documents and source code.
Account Takeover
Professional, scientific and technical
CC
US
Reddit
106
09/02/2023
-
-
North Korean ransomware operators
Public health and other critical infrastructure sectors in the U.S.
A new cybersecurity advisory from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) describes recently observed tactics, techniques, and procedures (TTPs) observed with North Korean ransomware operations against public health and other critical infrastructure sectors.
Malware
Human health and social work
CC
US
U.S. Cybersecurity & Infrastructure Security Agency, CISA, ransomware, North Korea, NSA, FBI, U.S. HHS, Republic of Korea National Intelligence Service and Defense Security Agency
107
09/02/2023
08/02/2023
08/02/2023
?
City of Oakland
The City of Oakland is hit by a ransomware attack that forces it to take all systems offline until the network is secured and affected services are brought back online.
Malware
Public admin and defence, social security
CC
US
City of Oakland, ransomware
108
09/02/2023
-
-
?
Multiple organizations
Researchers from ReversingLabs discover aabquerys, a malicious npm package that downloads second and third stage malware payloads and uses the new Havoc C2 framework.
Malware
Multiple Industries
CC
>1
ReversingLabs, aabquerys, npm, Havoc
109
09/02/2023
Since June 2022
-
NewsPenguin
Organizations in Pakistan
Researchers at BlackBerry reveal the details of NewsPenguin, a previously unknown threat actor targeting organizations in Pakistan using a complex payload delivery mechanism, and abusing the upcoming Pakistan International Maritime Expo & Conference (PIMEC-2023) as a lure to trick their victims.
Targeted Attack
Public admin and defence, social security
CE
PK
BlackBerry, NewsPenguin, Pakistan, Pakistan International Maritime Expo & Conference, PIMEC-2023
110
09/02/2023
-
-
?
Ukrainian refugees abroad
Ukrainian refugees abroad are the target of a new campaign aimed at stealing their personal data via fake letters circulating on social media asking hosts of Ukrainian refugees to share personal information about their guests. The letters are allegedly signed by the British, Polish or Lithuanian governments with official logos and government headings.
Account Takeover
Individual
CE
UA
Ukraine, Great Britain, Lithuania, Poland
111
09/02/2023
Mid January 2023
Mid January 2023
?
Individuals
Researchers from Avanan discover a phishing campaign where hackers redirect users via Geotargetly, a geo-targeting platform, and provide them with customized, localized phishing pages.
Account Takeover
Individual
CC
>1
Avanan, Geotargetly, geo-targeting
112
09/02/2023
20/12/2022
20/12/2022
Vice Society
Mount Saint Mary College
Mount Saint Mary College – a liberal arts college in New York – confirms it experienced a ransomware attack in December after the Vice Society group publicly shares details about the incident.
Malware
Education
CC
US
Mount Saint Mary College, ransomware, Vice Society
113
09/02/2023
Since November 2022
During January 2023
?
Multiple organizations
Researchers from Sucuri discover a new cluster of activity from an active campaign compromising nearly 11,000 websites (2600+ in 2023 alone) with a backdoor that redirects visitors to sites that rack up fraudulent views of ads provided by Google Adsense.
Malvertising
Multiple Industries
CC
>1
Sucuri, Google Adsense
114
09/02/2023
-
-
LockBit 3.0
Arc of Essex County
The Arc of Essex County, an organization for children with intellectual and developmental disabilities (IDD), appears on LockBit ransomware leak site.
Malware
Human health and social work
CC
US
Arc of Essex County, LockBit, Ransomware
115
09/02/2023
09/02/2023
09/02/2023
?
City of Modesto
The city of Modesto is hit by a ransomware attack.
Malware
Public admin and defence, social security
CC
US
City of Modesto, ransomware
116
09/02/2023
'Recently'
'Recently'
Russian threat actors
Eastern Europeans in the cryptocurrency industry
Researchers from Trend Micro discover an active campaign that uses a fake employment pretext targeting Eastern Europeans in the cryptocurrency industry to install the Enigma information stealer.
Malware
Fintech
CC
>1
Trend Micro, Enigma, Russia
117
09/02/2023
-
During December 2021
?
Institute of Bankers
A data leak affects more than 13,000 members and about 100,000 non-members of the Institute of Bankers following a ransomware incident.
Malware
Finance and insurance
CC
HK
Institute of Bankers, ransomware
118
09/02/2023
-
30/01/2023
?
Tesorería General de la República (TGR)
Access to Tesorería General de la República, the General Treasury of the Republic of Chile (TGR) may be up for sale on a popular hacking forum.
Unknown
Public admin and defence, social security
H
CL
Tesorería General de la República, TGR
119
09/02/2023
-
18/01/2023
LeakBase
Penang government
Over 600,000 “rows of private data” from the Penang government’s official website are allegedly stolen and uploaded onto the internet.
Unknown
Public admin and defence, social security
CC
MY
Penang government, Leakbase
120
09/02/2023
09/02/2023
09/02/2023
?
Troutman Pepper
A cyber attack takes down the network of the law firm Troutman Pepper.
Unknown
Professional, scientific and technical
CC
US
Troutman Pepper
121
10/02/2023
Since at least 06/02/2023
-
TA505 (Clop ransomware gang)
Over 130 organizations worldwide
The Clop ransomware gang claims to be behind recent attacks that exploited the CVE-2023-0669 zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organizations.
Researchers from Phylum discover more than 450 malicious PyPI python packages installing malicious browser extensions to hijack cryptocurrency transactions made through browser-based crypto wallets and websites.
Malware
Fintech
CC
>1
Phylum, PyPI, python
123
10/02/2023
10/02/2023
10/02/2023
?
Philadelphia Orchestra and the Kimmel Center
The websites for the Philadelphia Orchestra and its home venue, the Kimmel Center, are down days after they posted a notice saying they were dealing with a cyberattack.
Unknown
Arts entertainment, recreation
CC
US
Philadelphia Orchestra, Kimmel Center
124
10/02/2023
-
-
Russian threat actors
ChatGPT
Researchers from Check Point reveal that Russian threat actors are trying to break through the geo-regional restrictions put in place around ChatGPT.
Unknown
Professional, scientific and technical
CC
US
Check Point, Russia, ChatGPT
125
10/02/2023
During January 2023
During January 2023
?
Multiple organizations
Researchers from Sonatype discover 691 malicious npm packages and 49 malicious PyPI components containing crypto-miners, remote access Trojans (RATs) and more.
Malware
Multiple Industries
CC
>1
Sonatype, PyPI, npm
126
10/02/2023
-
15/12/2022
?
Reventics
Reventics files notice of a data breach after discovering that a hacker accessed and stole confidential consumer information from the company’s computer network.
Unknown
Professional, scientific and technical
CC
US
Reventics
127
10/02/2023
-
30/08/2022
?
Meriplex Communications
Meriplex Communications files notice of a data breach after discovering that confidential consumer data stored on the company’s computer network was subject to unauthorized access.
Unknown
Professional, scientific and technical
CC
US
Meriplex Communications
128
10/02/2023
12/12/2022
12/12/2022
?
Wentworth Health Partners Garrison Women’s Health (GWH)
Wentworth Health Partners Garrison Women’s Health (GWH) informs patients that a third-party data breach impacted its IT infrastructure, making some patient information inaccessible and unrecoverable.
Unknown
Human health and social work
CC
US
Wentworth Health Partners Garrison Women’s Health, GWH
129
10/02/2023
Between 10/11/2022 and 15/11/2022
14/11/2022
?
Intelligent Business Solutions (IBS)
Intelligent Business Solutions (IBS) starts sending notifications to cardio-thoracic patients of Riverside Health System to inform them that some of their personal and protected health information has potentially been accessed or stolen after a malware attack.
Malware
Professional, scientific and technical
CC
US
Intelligent Business Solutions, IBS
130
10/02/2023
-
05/01/2023
Clop (AKA Cl0p)
CGM LLC
CGM LLC, a U.S. SaaS provider is hit by the Clop ransomware gang.
Malware
Professional, scientific and technical
CC
US
CGM LLC, Clop, Cl0p, ransomware
131
10/02/2023
-
06/01/2023
IntelBroker
AT&T
A threat actor named IntelBroker claims to have found a third-party vendor’s unsecured cloud storage containing 37 million AT&T client records. The threat actor shares a sample of 5 million records.
Misconfiguration
Information and communication
CC
US
IntelBroker, AT&T
132
10/02/2023
-
27/01/2023
IntelBroker
Verizon
IntelBroker leaks a database, allegedly from Verizon, for free, containing 7.5 million clients’ records, only first names, device types (Apple or Android), and service plans. Verizon verified that the data leak was legitimate and originated from a vendor which creates videos to assist clients.
Unknown
Information and communication
CC
US
IntelBroker, Verizon
133
10/02/2023
-
-
?
Individuals in California
Multiple individuals in California report that scammers drained their inflation relief debit cards before they could use the money.
Account Takeover
Individual
CC
US
Inflation relief
134
10/02/2023
Since March 2022
-
Dark Caracal
Organizations in Central and Latin America.
The Dark Caracal APT group resurfaces with a new campaign that focuses on infecting computers in Central and Latin America with a new version of the Bandook spyware.
Targeted Attack
Multiple Industries
CE
>1
Dark Caracal
135
10/02/2023
Between 10/12/2022 and 12/12/2022
-
?
Bridgewater-Raritan Regional School District
The Bridgewater-Raritan Regional School District suffers a breach
Unknown
Education
CC
US
Bridgewater-Raritan Regional School District
136
10/02/2023
Between 16/01/2022 and 31/01/2022
-
?
Edmonds School District
The Edmonds School District reveals that an “unauthorized actor” was able to get into the school’s network and view personal information.
Unknown
Education
CC
US
Edmonds School District
137
10/02/2023
10/02/2023
10/02/2023
?
Taxpayers in Italy
While the website of the Italian revenue service (Agenzia delle Entrate) is down, multiple phishing campaigns with spoofed sites hit the Italian taxpayers.
Account Takeover
Individual
CC
IT
Italian Revenue Service, Agenzia delle Entrate
138
10/02/2023
'Recently'
'Recently'
?
Evergreen Treatment Services (ETS)
Evergreen Treatment Services (ETS) files notice of a data breach after learning that a recent cyberattack resulted in confidential patient information being leaked.
Unknown
Human health and social work
CC
US
139
11/02/2023
Since December 2021
-
Nine Madrid-based individuals
Individuals and North American companies
Spain's National Police and the U.S. Secret Service dismantle a Madrid-based international cybercrime ring comprised of nine members who stole over €5,000,000 from individuals and North American companies.
Account Takeover
Multiple Industries
CC
US
Spain's National Police, U.S. Secret Service, Madrid
140
11/02/2023
11/02/2023
11/02/2023
Ali’s Justice (Edalat-e Ali)
Iranian state-run TV and radio station
The Ali’s Justice (Edalat-e Ali) hacker group claims responsibility for hacking the live transmission of an Iranian state-run TV and radio station to disrupt the speech of Iranian president Ebrahim Raisi during the Revolution Day ceremonies.
Unknown
Information and communication
H
IR
Ali’s Justice, Edalat-e Ali, Iranian state-run TV and radio, Iran, Ebrahim Raisi, Revolution Day
141
11/02/2023
-
-
Multiple threat actors
Multiple organizations in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds actively exploited flaws in Fortra MFT, Intel driver, and TerraMaster NAS to its Known Exploited Vulnerabilities Catalog.
CVE-2023-0669, CVE-2015-2291, and CVE-2022-24990 Vulnerabilities
Multiple Industries
N/A
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, Fortra, MFT Anywhere, Intel driver, TerraMaster NAS, CVE-2023-0669, CVE-2015-2291, and CVE-2022-24990
142
11/02/2023
-
11/02/2023
Play
Microgame
Microgame, an Italian network of gambling companies, is hit with a Play ransomware attack. 5gb of data is leaked.
Malware
Arts entertainment, recreation
CC
IT
Microgame, Play, ransomware
143
11/02/2023
11/02/2023
11/02/2023
?
Taxpayers in Italy
A new campaign spoofing the Italian Revenue Service (Agenzia delle Entrate) and distributing the Ursnif malware, hits the Italian taxpayers.
Malware
Individual
CC
IT
Italian Revenue Service, Agenzia delle Entrate, Ursnif
144
12/02/2023
12/02/2023
12/02/2023
Killnet
NATO's Special Operations Headquarters and Strategic Airlift Capability
The Pro-Russia Killnet collective claims responsibility for a DDoS attack against NATO's Special Operations Headquarters and Strategic Airlift Capability.
DDoS
Extraterritorial orgs and bodies
H
N/A
Killnet, Russia, NATO's Special Operations Headquarters and Strategic Airlift Capability
145
12/02/2023
Since 25/11/2022
12/02/2023
?
Namecheap
Domain registrar Namecheap has their email account breached, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients' personal information and cryptocurrency wallets.
Unknown
Information and communication
CC
US
Namecheap, MetaMask, DHL
146
12/02/2023
12/02/2023
12/02/2023
DarkBit
Technion - Israel Institute of Technology
A new ransomware group going by the name 'DarkBit' has hit Technion - Israel Institute of Technology, one of Israel's leading research universities.
Malware
Education
CC
IL
Ransomware, DarkBit, Technion, Israel Institute of Technology
147
12/02/2023
04/02/2023
12/02/2023
Daixin Team
B&G Foods
B&G Foods is hit by a Daixin Team ransomware attack.
Malware
Accommodation and food service
CC
US
B&G Foods, Daixin Team, ransomware
148
13/02/2023
23/12/2022
18/12/2022
?
Pepsi Bottling Ventures
Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems.
Unknown
Accommodation and food service
CC
US
Pepsi Bottling Ventures
149
13/02/2023
-
-
Multiple threat actors
Multiple organizations
Apple releases emergency security updates to address CVE-2023-23529, a new zero-day vulnerability used in attacks against iPhones, iPads, and Macs.
CVE-2023-23529 Vulnerability
Unknown
N/A
N/A
Apple, CVE-2023-23529, iPhones, iPads, Macs
150
13/02/2023
12/02/2023
12/02/2023
?
Multiple organizations
Cloudflare detects and mitigates dozens of hyper-volumetric DDoS attacks, the majority of which peaking in the range of 50-70 million requests per second (rps) with the largest exceeding 71 million rps.
DDoS
Unknown
CC
N/A
Cloudflare
151
13/02/2023
-
Early February 2023
Beep
Multiple organizations
Researchers from Minerva Labs discover 'Beep', a new stealthy malware featuring many features to evade analysis and detection by security software.
Malware
Multiple Industries
CC
>1
Minerva Labs, Beep
152
13/02/2023
-
-
?
Community Health Systems
Community Health Systems estimates that 1 million patients have been impacted by the GoAnywhere breach.
CVE-2023-0669 Vulnerability
Human health and social work
CC
US
Community Health Systems, GoAnywhere, CVE-2023-0669
153
13/02/2023
13/02/2023
13/02/2023
Medusa
Tonga Communications Corporation (TCC)
Tonga Communications Corporation (TCC) reveals to have been hit with a ransomware attack. The Medusa ransomware group takes credit for the attack.
Organizations in the healthcare and finance sectors
Researchers from Cybereason discover a new campaign using new deployment methods to distribute the GootLoader malware loader, search engine optimization (SEO) poisoning tactics, and the deployment of additional C2 frameworks such as Cobalt Strike and SystemBC, impacting the healthcare and finance sectors.
Malware
Human health and social work
CC
>1
Cybereason, GootLoader, SEO poisoning, Cobalt Strike, SystemBC
157
13/02/2023
Since at least December 2022
During December 2022
?
Organizations in the healthcare and finance sectors
Researchers from Cybereason discover a new campaign using new deployment methods to distribute the GootLoader malware loader, search engine optimization (SEO) poisoning tactics, and the deployment of additional C2 frameworks such as Cobalt Strike and SystemBC, impacting the healthcare and finance sectors.
Malware
Finance and insurance
CC
>1
Cybereason, GootLoader, SEO poisoning, Cobalt Strike, SystemBC
158
13/02/2023
'Recently'
'Recently'
Hong Kong-based ring
Individuals
Researchers from Sophos discover a new "pig-butchering" campaign leveraging the MetaTrader 4 application, a legitimate trading application from a Russian software company, to run a fake gold-trading marketplace.
'pig-butchering' scam
Individual
CC
>1
pig-butchering, MetaTrader 4, Hong Kong
159
13/02/2023
Since 06/12/2023
-
?
Individuals
Researchers from Cyble discover various domains and IP addresses hosting websites that claim to be collecting funds to aid those affected by the earthquake in Turkey and Syria.
Scam
Individual
CC
>1
Cyble, Turkey, Syria
160
13/02/2023
'Recently'
'Recently'
?
Fans of The Last of Us
Researchers from Kaspersky discover two separate campaigns, a scam designed to inject PCs with malware and a phishing ploy designed to steal banking information and other financial data, targeting fans of The Last of Us.
Malware
Arts entertainment, recreation
CC
>1
Kaspersky, The Last of Us
161
13/02/2023
-
-
LockBit 3.0
Cassa Nazionale di Previdenza ed Assistenza Ragionieri e Periti Commerciali (CNPR)
The LockBit 3.0 ransomware gang hits the Cassa Nazionale di Previdenza ed Assistenza Ragionieri e Periti Commerciali (CNPR)
Malware
Administration and support service
CC
iT
LockBit 3.0, Cassa Nazionale di Previdenza ed Assistenza Ragionieri e Periti Commerciali, CNPR
Researchers from Cisco Talos discover an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.
Researchers from Check Point detect a set of 16 malicious NPM packages, pretending to be internet speed testers but being, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the threat actors.
Malware
Multiple Industries
CC
>1
Check Point, NPM, trendava
165
14/02/2023
Since January 2023
During January 2023
APT37 AKA 'RedEyes' or 'ScarCruft'
Multiple organizations
Researchers from AhnLab discover a new campaign by the North Korean APT37 threat group using a new evasive 'M2RAT' malware and steganography to target individuals for intelligence collection, exploiting the CVE-2017-8291 Hangul word processor vulnerability.
Targeted Attack
Multiple Industries
CE
N/A
APT37, RedEyes, ScarCruft, North Korea, AhnLab, M2RAT, CVE-2017-8291 Hangul
166
14/02/2023
Early January 2023
Early January 2023
?
Undisclosed government organization
Researchers from Zscaler discover a campaign targeting a Government organization in which the threat actors utilized the new Command & Control (C2) framework Havoc.
Targeted Attack
Public admin and defence, social security
CE
N/A
Zscaler, Havoc
167
14/02/2023
14/02/2023
14/02/2023
?
Burton Snowboards
Burton Snowboards, a leading snowboard manufacturing company, cancels all online orders following what it describes as a "cyber incident."
Unknown
Manufacturing
CC
US
Burton Snowboards
168
14/02/2023
-
-
Multiple threat actors
Multiple organizations in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds four security vulnerabilities exploited in attacks as zero-day to its list of bugs known to be abused in the wild.
CVE-2023-21823, CVE-2023-23376, CVE-2023-21715, CVE-2023-23529, U.S. Cybersecurity and Infrastructure Security Agency, CISA
169
14/02/2023
14/02/2023
14/02/2023
Al-Toufan, or “The Flood”
Bahrain’s international airport and state news agency
Attackers from Al-Toufan, or “The Flood” say they had taken down the websites of Bahrain’s international airport and state news agency to mark the 12-year anniversary of an Arab Spring uprising in the small Gulf country.
DDoS
Public admin and defence, social security
H
BH
Al-Toufan, The Flood, Bahrain’s international airport, Bahrain state news agency
170
14/02/2023
-
During July 2022
?
CompSource Mutual Insurance Company
CompSource Mutual Insurance Company files a notice of data breach after determining that an unauthorized party accessed confidential consumer information stored on the company’s computer system.
Unknown
Finance and insurance
CC
US
CompSource Mutual Insurance Company
171
14/02/2023
Between 21/11/2022 30/11/2022
-
?
Minuteman Senior Services
Minuteman Senior Services confirms that an unauthorized individual gained access to the email account of an employee.
Account Takeover
Human health and social work
CC
US
Minuteman Senior Services
172
14/02/2023
-
-
?
Supersonic Studios LTD
Attackers share the data (a dataset of nearly 600 MB) allegedly taken from the creators of Escalators, a game from Supersonic Studios LTD
Unknown
Arts entertainment, recreation
CC
IL
Escalators, Supersonic Studios LTD
173
14/02/2023
11/02/2023
11/02/2023
LockBit 3.0
Gruppo Beltrame
Gruppo Beltrame, a steel manufacturing company is hit with a LockBit ransomware attack.
Malware
Manufacturing
CC
IT
Gruppo Beltrame, LockBit, ransomware
174
14/02/2023
End of February 2022
-
Chernovite
A dozen U.S. electric and gas facilities
The security company Dragos reveals that attackers linked to Russia got very close to being able to take a dozen U.S. electric and gas facilities offline in the first weeks of the war in Ukraine,
Malware
Electricity, gas steam, air conditioning
CW
US
Dragos, Russia, Ukraine, Chernovite
175
14/02/2023
Between November 2022 and January 2023
-
8220
Multiple organizations
Researchers from Sysdig reveal the details of the latest campaigns by the 8220 group exploiting Oracle Weblogic and Apache vulnerabilities to perform cryptojacking.
Multiple vulnerabilities
Multiple Industries
CC
>1
Sysdig, 8220, Oracle Weblogic, Apache
176
14/02/2023
-
-
?
Crypto investors
Researchers from WithSecure discover a massive network of fake YouTube videos being used by attackers to launch crypto scams.
Crypto Scam
Fintech
CC
>1
WithSecure
177
14/02/2023
-
-
LockBit 3.0
Montibello
Skin and hair products firm Montibello is added by the LockBit3.0 ransomware gang to their leaks page.
Malware
Manufacturing
CC
ES
Montibello, LockBit3.0, ransomware
178
14/02/2023
17/11/2022
-
?
1st Franklin Financial Corporation (FCC)
1st Franklin Financial Corporation (1FFC) files notice of a data breach after confirming that a recent data security incident compromised consumer data stored on the company’s computer network.
Unknown
Finance and insurance
CC
US
1st Franklin Financial Corporation, FCC
179
15/02/2023
'Recently'
'Recently'
?
Multiple organizations
The security company Emsisoft reveals that a threat actor is using fake code-signing certificates impersonating the firm Emsisoft to target customers using its security products, hoping to bypass their defenses.
Malware
Multiple Industries
CC
>1
Emsisoft
180
15/02/2023
14/02/2023
14/02/2023
Anonymous Sudan
Scandinavian Airlines (SAS)
A cyberattack on Scandinavian Airlines (SAS) knocks its website offline and exposed some customer data
DDoS
Transportation and storage
H
SE
Anonymous Sudan, Scandinavian Airlines, SAS
181
15/02/2023
'Recently'
'Recently'
ProxyShellMiner
Multiple organizations
Researchers from Morphisec discover a new malware dubbed 'ProxyShellMiner' exploiting the Microsoft Exchange ProxyShell vulnerabilities (CVE-2021-34473 and CVE-2021-34523) to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers.
Researchers at Palo Alto Networks discover a new Mirai botnet variant tracked as ‘V3G4’ targeting 13 vulnerabilities in Linux-based servers and IoT devices to use in DDoS (distributed denial of service) attacks.
Multiple vulnerabilities
Multiple Industries
CC
>1
Palo Alto Networks, Mirai, V3G4
183
15/02/2023
'Recently'
'Recently'
Multiple state-sponsored threat actors
Business and governments in the European Union
The EU Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team of the European Union (CERT-EU) reveal that government hacking groups have been seen “recently conducting malicious cyber activities against business and governments in the Union.”
Targeted Attack
Multiple Industries
CE
>1
EU Agency for Cybersecurity, ENISA, Computer Emergency Response Team of the European Union, CERT-EU
184
15/02/2023
Between June 2021 and November 2021
-
SideWinder (aka Rattlesnake or T-APT4)
61 government, military, law enforcement and other targets in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka
Researchers from Group-IB reveal the details of a previously unknown series of phishing operations from the Pakistani threat group SideWinder, which targeted organizations in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka.
Account Takeover
Public admin and defence, social security
CC
AF
BT
MM
NP
LK
SideWinder, Rattlesnake, T-APT4
185
15/02/2023
-
-
?
Multiple ecommerce websites
Researchers from Akamai discover a new sophisticated Magecart web skimming campaign on several ecommerce websites, impersonating a legitimate third-party vendor, like Google Tag Manager, and hiding the malicious code through Base64 encoding.
Malicious Script injection
Wholesale and retail
CC
>1
Akamai, Magecart, Google Tag Manager
186
15/02/2023
-
-
Avos Locker
California Northstate University
The California Northstate University suffers a leak from the Avos Locker ransomware gang.
Malware
Education
CC
US
California Northstate University, Avos Locker, ransomware
187
15/02/2023
During September 2022
During December 2022
?
Boulder County
Boulder County is able to recover the almost $238,000 it mistakenly sent to a fraudulent account after a phishing scam in September.
Account Takeover
Public admin and defence, social security
CC
US
Boulder County
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
No Data Found
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
Update May 12: TCP Split Handshake: Why Cisco ASA is not susceptible Update May 11: The Never Ending Story Update April 21: Other Considerations on TCP Split Handshake Few days ago, independent security research and testing NSS Labs, issued a comparative report among six network security ...
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.