In the first cyber attacks timeline of March 2023 I collected 152 events (10.13 events/day), a number that, unsurprisingly, confirms the high level of activity that is accompanying us over the course of this 2023.
Ransomware-driven events slide at 21.7% from 24.6% (33 out of 152 events), whilst 19 events were characterized by the exploitation of vulnerabilities (corresponding to 12.5% vs 8% of the previous timeline), an increase mainly due to the ongoing exploitation of the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
Multi-million losses continued to affect the fintech sector, with Euler Finance suffering a flash loan attack leading to the theft of $197 million worth in multiple digital assets. Other fintech organizations targeted in the same period included Algodex and Poolz Finance.
And the season of the mega breaches has just begun apparently: victims in this fortnight included: HDB Financial Services (72 million records affected), an undisclosed marketing vendor working for AT&T and other organizations (9 million records affected), Independent Living Systems (around 4 million records), and Zoll Medical (one million). Other high-profile victims included ACER that suffered the leak of 160 Gb.
The Cyber Espionage front is always hot, with multiple campaigns unearthed in the first half of March, and carried out by known threat actors such as: APT27, APT28, APT29, Mustang Panda, Sharp Panda, the Tick, and Transparent Tribe, but also new players, such as UNC2970, UNC4540, and Yoro Trooper. The Iranian group Cobalt Illusion also launched a campaign against female human rights activists.
And as always, this brief summary is closed by a quick mention to the DDos attacks launched by the pro-Russian hacktivists of NoName057(16) that were directed against several government websites in Poland and Italy.
My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Geo Map March H2 2023
No Data Found
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/03/2023
28/02/2023
28/02/2023
NoName057(16)
Poland’s tax service
Poland’s tax service website is hit by a DDoS attack believed to have been carried out by Russian hackers.
DDoS
Public admin and defence, social security
Hacktivism
PL
NoName057(16)
2
01/03/2023
Since April 2022
During April 2022
APT27 AKA Iron Tiger
Multiple organizations
Researchers from Trend Micro reveal that the APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware, to target more services used in the enterprise.
Targeted Attack
Multiple Industries
Cyber Espionage
>1
APT27, Iron Tiger
3
01/03/2023
During October 2022
Since at least October 2022
maxwell187
Multiple organizations
Researchers of ESET reveal that the developers of the BlackLotus UEFI bootkit have improved the malware with Secure Boot bypass capabilities that allow it to infected even Windows 11 systems from CVE-2022-21894.
Researchers from Cyble reveal that the carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary.
Unknown
Finance and insurance
Cyber Crime
>1
Cyble, BidenCash
5
01/03/2023
-
-
?
Multiple organizations
Researchers from Kroll discover a malicious Python package uploaded to the Python Package Index (PyPI) that contained a fully-featured information stealer and remote access trojan tracked as Colour-Blind.
Malware
Multiple Industries
Cyber Crime
>1
Kroll, Python, PyPI, Colour-Blind
6
01/03/2023
-
-
Since May 2020
Organizations in the Maritime Industry
Researchers from EclecticIQ discover a campaign targeting the maritime industry, using spear phishing emails to Agent Tesla and Formbook.
Malware
Transportation and storage
Cyber Crime
>1
EclecticIQ, Agent Tesla, Formbook
7
01/03/2023
09/02/2023
09/02/2023
?
Group 1001
The insurance company Group 1001 restores the operations after suffering a ransomware attack.
Malware
Finance and insurance
Cyber Crime
US
Group 1001, ransomware
8
01/03/2023
Between 23/11/2022 and 27/11/2022
-
?
Codman Square Health Center
Codman Square Health Center files a notice of data breach after learning that a ransomware attack targeting the company’s IT system compromised confidential patient information.
Malware
Human health and social work
Cyber Crime
US
Codman Square Health Center, ransomware
9
01/03/2023
12/02/2023
12/02/2023
?
Azienda Ospedaliero-Universitaria di Parma (Hospital of Parma)
The Hospital of Parma suffers a cyber attack.
Unknown
Human health and social work
Cyber Crime
IT
Azienda Ospedaliero-Universitaria di Parma, Hospital of Parma
10
02/03/2023
-
-
?
WH Smith
British retailer WH Smith suffers a data breach that exposes information belonging to current and former employees.
Unknown
Wholesale and retail
Cyber Crime
UK
WH Smith
11
02/03/2023
Since January 2023
'Recently'
Mustang Panda AKA TA416 and Bronze President
Government and political organizations in Europe and Asia, focusing on Taiwan and Ukraine.
Researchers from ESET reveal that the Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year.
U.S. critical infrastructure sectors, including healthcare, communications, and education
CISA and the FBI issue a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many U.S. critical infrastructure sectors, including healthcare, communications, and education.
Malware
Multiple Industries
Cyber Crime
>1
CISA, FBI, Royal, ransomware
13
02/03/2023
26/02/2023
26/02/2023
?
Sandbox players
The Sandbox blockchain game warns its community that a security incident caused some users to receive fraudulent emails impersonating the game, trying to infect them with malware.
Account Takeover
Malware
Arts entertainment, recreation
Cyber Crime
>1
Sandbox
14
02/03/2023
Since early September 2022
Since early September 2022
?
Individuals in East Asia
Researchers from Wiz warn of a widespread redirection campaign in which thousands of websites targeting East Asian audiences have been compromised using legitimate FTP credentials.
Account Takeover
Individual
Cyber Crime
>1
Wiz, FTP
15
02/03/2023
-
-
?
GunAuction.com
Hackers breach GunAuction.com, a website that allows people to buy and sell guns, exposing the identities of 550,000 users.
Unknown
Mining and quarrying
Cyber Crime
US
GunAuction.com
16
02/03/2023
Since the beginning of 2023
Since the beginning of 2023
?
Insecure deployments of Redis
Researchers from Cado Labs discover a novel cryptojacking campaign targeting insecure deployments of Redis. Underpinning this campaign was the use of transfer.sh, a free and open source command line file transfer service.
Misconfiguration
Multiple Industries
Cyber Crime
>1
Cado Labs, Redis
17
02/03/2023
-
-
?
Organizations in the hospitality sector
Researchers from Trend Micro discover a campaign targeting the hospitality sector and using Dropbox to release the malicious file.
Malware
Accommodation and food service
Cyber Crime
>1
Trend Micro, Dropbox
18
02/03/2023
25/02/2023
25/02/2023
?
Porter Police Department
The Porter Police Department suffers a "network security incident".
Unknown
Public admin and defence, social security
Cyber Crime
US
Porter Police Department
19
02/03/2023
-
-
RansomEXX
Bettuzzi And Partners
Bettuzzi And Partners, an Italian accounting firm is hit with a RansomEXX ransomware attack.
Malware
Professional, scientific and technical
Cyber Crime
IT
Bettuzzi And Partners, RansomEXX, ransomware
20
03/03/2023
-
-
BianLian
Parques Reunidos Group
The BianLian ransomware group claims to have stolen employee information, including passport details, as well as information on the company's partners, data on park-related incidents, financial records, internal emails and legal documents from Parques Reunidos Group, a Spanish amusement park company.
Malware
Arts entertainment, recreation
Cyber Crime
ES
BianLian, ransomware, Parques Reunidos Group
21
03/03/2023
28/02/2023
28/02/2023
?
City of Lille
The city of Lille is disrupted by a cyberattack that partially affects the operation of public services.
Unknown
Public admin and defence, social security
Cyber Crime
FR
City of Lille
22
03/03/2023
Between 13/12/2022 and 13/01/2023
-
?
Denver Public Schools (DPS)
Personal information belonging to some 15,000 Denver Public Schools (DPS) employees was stolen in what the district is calling a "cybersecurity incident" that went on for a month.
Unknown
Education
Cyber Crime
US
Denver Public Schools, DPS
23
03/03/2023
-
-
?
Henrico Doctors' Hospital
Henrico Doctors' Hospital notifies 990 patients that some of their protected health information was compromised in a data breach.
Unknown
Human health and social work
Cyber Crime
US
Henrico Doctors' Hospital
24
03/03/2023
-
-
?
Houston Healthcare
A cyberattack disrupts Houston Healthcare's operations.
Unknown
Human health and social work
Cyber Crime
US
Houston Healthcare
25
03/03/2023
-
-
?
Suprbay.org
The official web forum of The Pirate Bay, Suprbay.org, is the latest victim of an apparent cyberattack that forced its site to remain offline for several days.
Unknown
Other service activities
Cyber Crime
N/A
The Pirate Bay, Suprbay.org
26
03/03/2023
22/02/2023
22/02/2023
?
Gaston College
Gaston College posts a “System Interruption” notice after the school confirmed that it was the victim of a ransomware attack
Malware
Education
Cyber Crime
US
Gaston College, ransomware
27
04/03/2023
29/03/2023
29/03/2023
Vice Society
Hamburg University of Applied Sciences (HAW Hamburg)
The Vice Society ransomware group adds the Hamburg University of Applied Sciences (HAW Hamburg) to its leak site following an attack that the institution said took place late last year.
Malware
Education
Cyber Crime
DE
Vice Society, ransomware, University of Applied Sciences, HAW Hamburg
28
04/03/2023
04/03/2023
04/03/2023
SeigedSec
Tourist website for the Faroe Islands
The SeigedSec hacking group claims to have defaced the tourist website for the Faroe Islands – a self-governing territory of the Kingdom of Denmark — and to have stolen employee data and other sensitive information.
Defacement
Public admin and defence, social security
Hacktivism
DK
SeigedSec, Faroe Islands, Kingdom of Denmark
29
04/03/2023
-
-
?
Vodafone NL
A threat actor publishes 83,000 records allegedly stolen from Vodafone NL.
Unknown
Information and communication
Cyber Crime
NL
Vodafone NL
30
05/03/2023
01/03/2023
01/03/2023
?
Northern Essex Community College
Northern Essex Community College remains shuttered after suffering a cyberattack.
Unknown
Education
Cyber Crime
US
Northern Essex Community College
31
05/03/2023
Early February 2023
13/02/2023
?
Flutterwave
Flutterwave, Africa’s largest startup by private valuation, is involved in a hack that results in more than ₦2.9 billion (~$4.2 million) missing from its accounts.
Account Takeover
Finance and insurance
Cyber Crime
NG
Flutterwave
32
05/03/2023
-
-
KelvinSecurity
Ministry of Public Health in Ecuador
A database called Covid-19 allegedly from the Ministry of Public Health in Ecuador has been listed for sale on a popular forum by KelvinSecurity, however the Ministry denies to have suffered any breach.
Unknown
Public admin and defence, social security
Cyber Crime
EC
Covid-19, Ministry of Public Health in Ecuador, KelvinSecurity
33
06/03/2023
During January 2023
-
?
Undisclosed marketing vendor
AT&T notifies roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January.
Unknown
Administration and support service
Cyber Crime
US
AT&T
34
06/03/2023
Since at least July 2022
During July 2022
?
Vulnerable DrayTek Vigor routers
Researchers from Black Lotus Lab discover a new campaign called 'Hiatus' targeting DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network.
Vulnerability
Multiple Industries
Cyber Crime
>1
Black Lotus Lab, 'Hiatus, DrayTek Vigor, 2960, 3900
35
06/03/2023
-
-
?
Eastern European institutions and businesses
Researchers from SentinelOne discover phishing campaigns that distribute the Remcos RAT using the DBatLoader malware loader to target predominantly Eastern European institutions and businesses.
Malware
Multiple Industries
Cyber Crime
>1
SentinelOne, Remcos RAT, DBatLoader
36
06/03/2023
05/03/2023
05/03/2023
RansomHouse
Hospital Clínic de Barcelona
The Hospital Clínic de Barcelona suffers a RansomHouse ransomware attack, severely disrupting its healthcare services after the institution's virtual machines were targeted by the attacks.
Malware
Human health and social work
Cyber Crime
ES
Hospital Clínic de Barcelona, RansomHouse, ransomware
37
06/03/2023
'Recently'
'Recently'
FiXS
Banks in Mexico
Researchers from Metabase Q discover FiXS, a new malware family targeting ATMs in Latin America, and specifically banks in Mexico.
Malware
Finance and insurance
Cyber Crime
MX
Metabase Q, FiXS
38
06/03/2023
During the second half of 2022
During the second half of 2022
?
ICS computers in Russia
Researchers from Kaspersky disclose a surge in attacks on ICS computers in Russia and blames it on the exploitation of a Bitrix CMS vulnerability tracked as CVE-2022-27228.
Individuals in Australia, Denmark, Germany, Ireland and the Netherlands.
Researchers from Bitdefender warn of a fresh phishing campaign that uses copycat ChatGPT platform to swindle eager investors.
Account Takeover
Individual
Cyber Crime
AU
DE
DK
IE
NL
Bitdefender, ChatGPT
40
06/03/2023
-
-
BianLian
City of Waynesboro
The City of Waynesboro is hit with a BianLian ransomware attack and leaks 350 GB of data.
Malware
Public admin and defence, social security
Cyber Crime
US
City of Waynesboro, BianLian, ransomware
41
06/03/2023
Since at least December 2022
During December 2022
DarkBLUP
Multiple organizations
Researchers from Flashpoint discover a private loader named “AresLoader” advertised for sale on the top-tier Russian-language hacking forum XSS.
Malware
Multiple Industries
Cyber Crime
>1
DarkBLUP, Flashpoint, AresLoader, XSS
42
06/03/2023
-
-
?
Texas Medical Liability Trust (TMLT)
Texas Medical Liability Trust (TMLT) files a notice of data breach after learning that confidential consumer information entrusted to the company was leaked in a recent cybersecurity incident.
Unknown
Finance and insurance
Cyber Crime
US
Texas Medical Liability Trust, TMLT
43
06/03/2023
05/03/2023
05/03/2023
?
Algodex
DeFi platform Algodex reveals that a malicious actor infiltrated a company wallet during the early hours of the previous morning.
Unknown
Fintech
Cyber Crime
N/A
Algodex
44
06/03/2023
06/03/2023
06/03/2023
NoName057(16)
Several websites of Italian Ministries including the Labour Ministry, High Council of the Judiciary, and Carabinieri
The Russian collective NoName057(16) launches a new campaign against several websites in Italy.
DDoS
Public admin and defence, social security
Hacktivism
IT
NoName057(16), Italian Ministries including the Labour Ministry, High Council of the Judiciary, Carabinieri
45
07/03/2023
Since late January 2022
Since late January 2022
TA499
Individuals who have spoken out against Putin’s invasion
Researchers from Proofpoint discover a disinformation campaign targeting individuals who have spoken out against Putin’s invasion and involving them in fake conversations to support the Russian President.
Disinformation
Individual
Cyber Warfare
>1
TA499, Proofpoint, Putin, Russia, Ukraine
46
07/03/2023
-
-
kernelware
Acer
Taiwanese computer giant Acer confirms that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians and leaked 160GB of data.
Unknown
Manufacturing
Cyber Crime
TW
Acer, kernelware
47
07/03/2023
-
-
kernelware
Acronis
The same attacker publishes a 12 Gb archive file allegedly containing certificate files, command logs, system configurations and information logs, filesystem archives, scripts, and backup configuration data stolen from Acronis.
Unknown
Professional, scientific and technical
Cyber Crime
CH
Acronis, kernelware
48
07/03/2023
07/03/2023
07/03/2023
Emotet
Banking users worldwide
Researchers from Cofense and the Emotet-tracking group Cryptolaemus warn that the Emotet botnet had once again resumed sending emails.
Malware
Finance and insurance
Cyber Crime
>1
Cofense, Emotet, Cryptolaemus
49
07/03/2023
During late 2022
During late 2022
Sharp Panda
High-profile government entities in Vietnam, Thailand, and Indonesia
Researchers from Check Point reveal that the Sharp Panda cyber-espionage group is targeting high-profile government entities in Vietnam, Thailand, and Indonesia with a new version of the ‘Soul’ malware framework.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
VN
TH
ID
Check Point, Sharp Panda, Soul
50
07/03/2023
06/03/2023
06/03/2023
IntelBroker
DC Health Link
The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and sensitive personal information was stolen from DC Health Link's servers.
Unknown
Public admin and defence, social security
Cyber Crime
US
IntelBroker, FBI, U.S. House of Representatives, DC Health Link
51
07/03/2023
-
-
UNC4540
Multiple organizations
Researchers from Mandiant discover UNC4540, a suspected Chinese hacking campaign targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that establishes long-term persistence for cyber espionage campaigns.
Vulnerability
Multiple Industries
Cyber Espionage
>1
Mandiant, UNC4540, China, SonicWall Secure Mobile Access, SMA
52
07/03/2023
06/03/2023
06/03/2023
LockBit 3.0
Essendant
Essendant, a wholesale distributor of stationery and office supplies, notifies to be experiencing a multi-day systems "outage" preventing customers and suppliers from placing and fulfilling online orders. Few days after the LockBit ransomware gang claims responsibility for the attack.
Malware
Wholesale and retail
Cyber Crime
US
LockBit 3.0, Essendant, ransomware
53
07/03/2023
-
-
Suspected state-sponsored threat actors from China
Governments and large organizations
Fortinet reveals that unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss.
CVE-2022-41328 Vulnerability
Multiple Industries
Cyber Espionage
>1
Fortinet, FortiOS, CVE-2022-41328
54
07/03/2023
Since November 2022
Since November 2022
Sys01 Stealer
Multiple organizations
Researchers from Morphisec share details on Sys01 Stealer, an information stealer observed targeting the Facebook accounts of critical government infrastructure employees.
Malware
Multiple Industries
Cyber Espionage
>1
Morphisec, Sys01 Stealer
55
07/03/2023
-
-
Dark Angels
Andrade Gutierrez
A group known as Dark Angels claims to have stolen 3 terabytes of corporate and employee information from controversial Brazilian multinational Andrade Gutierrez.
Unknown
Professional, scientific and technical
Hacktivism
BR
Dark Angels, Andrade Gutierrez
56
07/03/2023
17/02/2023
17/02/2023
Qilin
Attent Zorg en Behandeling
The systems of Attent Zorg en Behandeling, a care facility in the Netherlands, are hacked by the notorious Qilin ransomware group.
Malware
Human health and social work
Cyber Crime
NL
Attent Zorg en Behandeling, Qilin, ransomware
57
07/03/2023
Since July 2022
-
Transparent Tribe
Indian and Pakistani Android users with a military or political orientation
Researchers from ESET discover an active Transparent Tribe campaign, targeting mostly Indian and Pakistani Android users, presumably with a military or political orientation, via the CapraRAT distributed through rogue secure messaging apps in a romance scam.
Malware
Public admin and defence, social security
Cyber Espionage
IN
PK
ESET, Transparent Tribe, India, Pakistan, CapraRAT
58
07/03/2023
-
08/01/2023
?
SundaySky
SundaySky files a notice of data breach following a cybersecurity incident in which an unauthorized party copied files containing confidential consumer information.
Unknown
Professional, scientific and technical
Cyber Crime
US
SundaySky
59
07/03/2023
-
16/01/2023
?
Bone & Joint
Bone & Joint began notifies current and former patients and employees of a data breach after experiencing a reported “network outage,” resulting in sensitive information in the company’s possession being compromised.
Unknown
Human health and social work
Cyber Crime
US
Bone & Joint
60
07/03/2023
08/01/2023
08/01/2023
BianLian
Northeast Surgical Group (NSG)
Northeast Surgical Group notifies 15,298 patients of a HIPAA breach, deriving from a BianLian ransomware attack.
Malware
Human health and social work
Cyber Crime
US
Northeast Surgical Group, BianLian, ransomware
61
07/03/2023
-
29/12/2022
GhostSec
Council of Grenada (Diputatción de Grenada - dipgra.es)
Nearly 7 GB of data from the Council of Grenada are posted online by the GhostSec group.
Unknown
Public admin and defence, social security
Cyber Crime
ES
Council of Grenada, Diputatción de Grenada, dipgra.es
62
08/03/2023
-
-
?
Undisclosed organization
Researchers from Microsoft reveal the details of a business email compromise (BEC) attack in which attackers moved rapidly, with some steps taking mere minutes.
Business Email Compromise
Unknown
Cyber Crime
N/A
Microsoft
63
08/03/2023
-
-
?
Black & McDonald
A Canadian engineering giant Black & McDonald, working with critical military, power and transportation infrastructure across the country is hit with a ransomware attack.
Malware
Professional, scientific and technical
Cyber Crime
CA
Black & McDonald, ransomware
64
08/03/2023
-
-
Multiple threat actors
Multiple organizations
CISA adds three actively exploited flaws in Teclib GLPI, Apache Spark, and Zoho ManageEngine ADSelfService Plus to its Known Exploited Vulnerabilities Catalog.
Researchers from Fortinet discover the mining group 8220 Gang using a new crypter called ScrubCrypt in cryptojacking attacks.
Malware
Multiple Industries
Cyber Crime
>1
Fortinet, 8220, ScrubCrypt
66
08/03/2023
23/02/2023
23/02/2023
?
Undisclosed organization in APAC
Akamai claims to have mitigated the largest DDoS attack ever, which peaked at 900.1 gigabits per second.
DDoS
Unknown
Cyber Crime
N/A
Akamai
67
08/03/2023
-
-
Kernelware
HDB Financial Services
A hacker using the alias Kernelware leaks 7.5 GB of customer data with over 72 million entries belonging to HDB Financial Services, a subsidiary of India’s largest private bank, HDFC Bank.
Unknown
Finance and insurance
Cyber Crime
IN
Kernelware, HDB Financial Services, HDFC Bank
68
08/03/2023
-
-
Exotic Lily, aka PROJECTOR LIBRA and TA580
Multiple organizations
Researchers from ReliaQuest discover a new campaign by the Initial Access Broker Exotic Lily.
Malware
Multiple Industries
Cyber Crime
>1
ReliaQuest, Exotic Lily, PROJECTOR LIBRA, TA580
69
08/03/2023
Since one year
During January 2023
?
Individual
Researchers at DeepSee and Malwarebytes identify DeepStreamer, an invalid traffic scheme undetected for over one year via a number of illegal video streaming platforms.
Ad fraud
Individual
Cyber Crime
>1
DeepSee, Malwarebytes, DeepStreamer
70
08/03/2023
'Recently'
'Recently'
MedusaLocker
Multiple organizations
Researchers from AhnLab discover the active distribution of the GlobeImposter ransomware carried out by the threat actors behind MedusaLocker through the exploitation of RDP.
Beaver Medical Group (BMG) files a notice of data breach after discovering that a successful email phishing attack provided an unauthorized party with access to files containing confidential patient information.
Account Takeover
Human health and social work
Cyber Crime
US
Beaver Medical Group, BMG
72
08/03/2023
-
-
?
Wichita Urology Group
Wichita Urology Group notifies 1,493 individuals that unauthorized individuals gained access to its network and potentially viewed or obtained files containing names, prescription information, billing information, and health insurance information.
Unknown
Human health and social work
Cyber Crime
US
Wichita Urology Group
73
08/03/2023
-
-
?
Eurovision fans
Eurovision fans who have booked rooms for May's song contest in Liverpool are having their data put at risk by scammers targeting hotel chains.
Account Takeover
Accommodation and food service
Cyber Crime
UK
Eurovision
74
08/03/2023
-
-
?
Exprivia
The Italian IT company Exprivia suffers a possible ransomware attack.
Malware
Professional, scientific and technical
Cyber Crime
IT
Exprivia, ransomware
75
09/03/2023
'In recent weeks'
'In recent weeks'
IceFire
Several media and entertainment sector organizations worldwide
Researchers from Sentinel One discover a novel Linux versions of the IceFire ransomware being deployed within the enterprise network intrusions of several media and entertainment sector organizations worldwide.
Malware
Arts entertainment, recreation
Cyber Crime
>1
Sentinel One, IceFire, ransomware
76
09/03/2023
-
-
?
Crypto investors
The FBI warns that cybercriminals are now using fake rewards in so-called "play-to-earn" mobile and online games to steal millions worth of cryptocurrency.
Play-to-earn scam
Fintech
Cyber Crime
US
FBI, play-to-earn
77
09/03/2023
During January 2023
During January 2023
Mustang Panda AKA TA416 and Bronze President
People in Mongolia, Papua New Guinea, Ghana, Zimbabwe, and Nigeria.
Researchers from Sophos reveal the details of 'retro', a campaign by the Chinese group Mustang Panda using USB drives laden with PlugX to target people in Mongolia, Papua New Guinea, Ghana, Zimbabwe, and Nigeria.
Hawaii’s Department of Health says it is sending out breach notification letters after a cyberattack in January gave hackers limited access to the state’s death registry.
Account Takeover
Human health and social work
Cyber Crime
US
Hawaii Death Registry
79
09/03/2023
-
-
?
Multiple organizations
Researchers at ASEC (AhnLab Security Emergency response Center) observe threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun.
Researchers from Cisco Talos discover a new version of the Prometei botnet infecting more than 10,000 systems worldwide since November 2022.
Multiple vulnerabilities
Multiple Industries
Cyber Crime
>1
Cisco Talos, Prometei
81
09/03/2023
-
09/03/2023
LockBit 3.0
Audio-Technica
Audio-Technica, the Japanese audio equipment manufacturer, is uploaded to LockBit’s dark-web blog, suggesting the company may have been breached by the notorious ransomware gang.
Malware
Manufacturing
Cyber Crime
JP
Audio-Technica, LockBit, LockBit 3.0, ransomware
82
09/03/2023
Since at least 24/02/2023
24/02/2023
Cobalt Illusion
Female Human Right Activists in Iran
Researchers from Secureworks discover that female human rights activists are being targeted by a Cobalt Illusion, a state-backed threat group posing as a fellow campaigner to steal their personal data, possibly with the intention of passing it on to the Islamist regime in Iran.
Account Takeover
Individual
Cyber Espionage
IR
Secureworks, Cobalt Illusion
83
09/03/2023
-
09/03/2023
Medusa
Bishop Luffa School
Bishop Luffa School, a British secondary school, has student data exposed after a likely ransomware attack by the Medusa gang.
Malware
Education
Cyber Crime
UK
Bishop Luffa School, ransomware, Medusa
84
09/03/2023
Since June 2022
Since June 2022
UNC2970
Western Media and Technology companies
Researchers from Mandiant expose a campaign targeting Western Media and Technology companies from a suspected North Korean espionage group tracked as UNC2970.
Targeted Attack
Professional, scientific and technical
Cyber Espionage
>1
Mandiant, North Korea, UNC2970
85
09/03/2023
Since 31/01/2023
Since 31/01/2023
Qakbot, AKA Qbot, Pinkslipbot, QuakBot
Multiple organizations
Multiple security companies, including Sophos and Trellix discover a new campaign distributing Qakbot via OneNote documents.
Researchers from eSentire discover a new campaign carried out via the malware downloader known as BATLOADER abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif.
Malware
Multiple Industries
Cyber Crime
>1
eSentire, BATLOADER, Google Ads, Vidar Stealer, Ursnif
87
09/03/2023
Between 25/10/2022 and 03/11/2022
03/11/2022
?
Merced College (MCCD)
Merced College (MCCD) files a notice of data breach after learning that a ransomware attack resulted in confidential student information being exposed to an unauthorized party.
Malware
Education
Cyber Crime
US
Merced College, MCCD, ransomware
88
09/03/2023
Between 16/12/2022 and 18/12/2022
05/01/2023
?
Trinity Health Corporation
Trinity Health Corporation files a notice of data breach after learning that a phishing incident resulted in the confidential information of tens of thousands of patients being leaked.
Account Takeover
Administration and support service
Cyber Crime
US
Trinity Health Corporation
89
09/03/2023
-
-
Dark Power
Autoridad para la Reconstrucción con Cambios (ARCC)
The data from the Autoridad para la Reconstrucción con Cambios (ARCC) are listed by a new group called Dark Power.
Unknown
Public admin and defence, social security
Cyber Crime
PE
Autoridad para la Reconstrucción con Cambios, ARCC, Dark Power
90
09/03/2023
Early March 2023
Early March 2023
?
Clinica Santa Chiara di Locarno
The Clinica Santa Chiara di Locarno is hit with a cyber attack.
Unknown
Human health and social work
Cyber Crime
CH
Clinica Santa Chiara di Locarno
91
10/03/2023
-
-
Hadoken Security Group
Banking users worldwide
Researchers from ThreatFabric discover a new version of the Xenomorph Android malware that adds significant capabilities to conduct malicious attacks, including a new automated transfer system (ATS) framework and the ability to steal credentials for 400 banks.
Malware
Finance and insurance
Cyber Crime
>1
ThreatFabric, Xenomorph, Android, Hadoken Security Group
92
10/03/2023
Since at least early December 2022.
Since at least early December 2022.
Multiple threat actors
Vulnerable VMware servers
CISA adds CVE-2021-39144, a critical severity vulnerability in VMware's Cloud Foundation, to its catalog of security flaws exploited in the wild.
CVE-2021-39144 Vulnerability
Multiple Industries
N/A
US
CISA, CVE-2021-39144, VMware's Cloud Foundation
93
10/03/2023
'Recently'
'Recently'
?
Web servers running phpMyAdmin, MySQL, FTP, and Postgres services
Researchers from Palo Alto Networks discover GoBruteforcer, a new Golang-based botnet malware scanning and infecting web servers running phpMyAdmin, MySQL, FTP, and Postgres services.
Military and government organizations in South Asia
Researchers from EcleticIQ reveal that the suspected government-backed hackers Dark Pink are attacking military and government organizations in South Asia with malware called KamiKakaBot that is designed to steal sensitive information.
Malware
Public admin and defence, social security
Cyber Espionage
>1
EcleticIQ, Dark Pink, KamiKakaBot
95
10/03/2023
Between 28/01/2023 and 29/01/2023
28/01/2023
?
Zoll Medical
Medical technology developer Zoll Medical notifies roughly one million individuals that their personal information might have been compromised in a recent data breach.
Unknown
Professional, scientific and technical
Cyber Crime
US
Zoll Medical
96
10/03/2023
09/01/2023
09/01/2023
?
Florida Medical Clinic (FMC)
Florida Medical Clinic (FMC) files a notice of data breach after learning that unauthorized actors gained access to the FMC computer system following a ransomware attack.
Malware
Human health and social work
Cyber Crime
US
Florida Medical Clinic, FMC, ransomware
97
10/03/2023
Between 28/01/2023 and 30/01/2023
-
?
Community Health Systems Professional Services Company (CHSPSC)
Community Health Systems Professional Services Company (CHSPSC) files a notice of data breach after the organization learned that a cybersecurity event at Fortra, one of the company’s vendors, subjected patient information to unauthorized access.
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Professional, scientific and technical
Cyber Crime
US
Community Health Systems Professional Services Company, CHSPSC, CVE-2023-0669 Fortra GoAnywhere MFT
98
10/03/2023
09/03/2023
10/03/2023
?
University hospital center (CHU) of Brest-Carhaix
The university hospital center (CHU) of Brest-Carhaix is the subject of a cyberattack.
Unknown
Human health and social work
Cyber Crime
FR
University hospital center, CHU, Brest-Carhaix
99
10/03/2023
09/03/2023
09/03/2023
?
Wilkes-Barre Career and Technical Center
Wilkes-Barre Career and Technical Center in Pennsylvania reportedly thwarts a cyber attack with backup procedures and by shutting down its network.
Malware
Education
Cyber Crime
US
Wilkes-Barre Career and Technical Center
100
10/03/2023
-
-
?
Municipality of Turate
The Municipality of Turate in Italy is hit with a cyber attack.
Unknown
Public admin and defence, social security
Cyber Crime
IT
Municipality of Turate
101
11/03/2023
-
-
Multiple threat actors
Vulnerable Plex Media Servers
CISA adds CVE-2020-5741, an almost three-year-old high-severity remote code execution (RCE) vulnerability in the Plex Media Server to its catalog of security flaws exploited in attacks.
CVE-2020-5741 Vulnerability
Multiple Industries
N/A
US
CISA, CVE-2020-5741, Remote Code Execution, RCE, Plex Media Server
102
11/03/2023
-
-
Clop AKA Cl0p
Multiple organizations
The Clop ransomware gang begins extorting companies whose data was stolen using a zero-day vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution.
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Multiple Industries
Cyber Crime
>1
Clop, Cl0p, ransomware, Fortra GoAnywhere MFT
103
11/03/2023
10/03/2023
10/03/2023
?
Centre Hospitalier Universitaire (CHU) Saint-Pierre
Centre Hospitalier Universitaire (CHU) Saint-Pierre in Belgium is hit with a cyber attack.
Unknown
Human health and social work
Cyber Crime
BE
Centre Hospitalier Universitaire Saint-Pierre, CHU
104
11/03/2023
-
-
LockBit 3.0
Grupo Hospitalar Vida
The Grupo Hospitalar Vida is hit with a LockBit ransomware attack.
Malware
Human health and social work
Cyber Crime
BR
Grupo Hospitalar Vida, LockBit, ransomware
105
11/03/2023
-
-
LockBit 3.0
Schrader Camargo
Schrader Camargo is listed in the site of the LockBit 3.0 ransomware gang.
Malware
Professional, scientific and technical
Cyber Crime
CO
Schrader Camargo, LockBit 3.0, ransomware
106
11/03/2023
-
-
LockBit 3.0
Bontà Viva
Bontà Viva, an Italian dairy, is listed in the site of the LockBit 3.0 ransomware gang.
Malware
Accommodation and food service
Cyber Crime
IT
LockBit 3.0 ransomware
107
12/03/2023
Since 2023
During 2024
Medusa
Multiple organizations
The ransomware operation known as Medusa begins to pick up steam in 2023, targeting corporate victims worldwide with million-dollar ransom demands.
Malware
Multiple Industries
Cyber Crime
>1
Medusa, ransomware
108
12/03/2023
'Recently'
'Recently'
A "community from a Russian social network"
GSC Game World
GSC Game World, the developer of the ‘STALKER 2: Heart of Chornobyl’ game, warns their systems were breached, allowing threat actors to steal game assets during the attack.
Account Takeover
Arts entertainment, recreation
Hacktivism
UA
GSC Game World, STALKER 2: Heart of Chornobyl, Russia, Ukraine
109
12/03/2023
'Recently'
'Recently'
?
Shopee and Carousell users in Taiwan
Shopee and Carousell users in Taiwan are the victims of a phishing campaign.
Account Takeover
Individual
Cyber Crime
TW
Shopee, Carousell
110
13/03/2023
05/03/2023
05/03/2023
?
Estonia Parliamentary Elections
The National Cyber Security Centre-Estonia (NCSC-EE) reveals that the parliamentary elections were unsuccessfully targeted by cyberattacks.
Unknown
Public admin and defence, social security
Cyber Warfare
EE
National Cyber Security Centre-Estonia, NCSC-EE, Estonia Parliamentary Elections
111
13/03/2023
12/03/2023
12/03/2023
?
Euler Finance
Lending protocol Euler Finance is hit by a cryptocurrency flash loan attack, with the threat actor stealing $197 million in multiple digital assets.
Flash loan
Fintech
Cyber Crime
N/A
Euler Finance
112
13/03/2023
Since 10/03/2023
10/03/2023
?
Silicon Valley Bank (SVB) customers
Multiple security researchers and security companies report that threat actors are exploiting the Silicon Valley Bank collapse, registering suspicious domains that are very likely to be used in attacks.
Account Takeover
Finance and insurance
Cyber Crime
US
Silicon Valley Bank, SVB
113
13/03/2023
-
-
Play
Royal Dirkzwager
The Play ransomware group adds the Dutch maritime logistics company Royal Dirkzwager to its list of its victims.
Malware
Administration and support service
Cyber Crime
NL
Royal Dirkzwager, ransomware
114
13/03/2023
Since May 2022
Since May 2022
DEV-1101
Multiple organizations
Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem.
The KalvinSecurity hacker group shares hundreds of documents online containing information on the development of the Sputnik V COVID-19 vaccine, with some including the names of deceased participants of its clinical trials.
Unknown
Human health and social work
Hacktivism
RU
KalvinSecurity, Sputnik V, COVID-19
116
13/03/2023
Since 25/01/2023
Since 25/01/2023
Emotet
Multiple organizations in Europe, Asia Pacific, and Latin America
Researchers from Trend Micro discover a new Emotet campaign using binary padding to avoid detection.
Malware
Multiple Industries
Cyber Crime
>1
Trend Micro, Emotet, Binary Padding
117
13/03/2023
Since November 2022
Since November 2022
?
Multiple organizations
Researchers from CloudSEK reveal that threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar.
Malware
Multiple Industries
Cyber Crime
>1
CloudSEK, YouTube, Raccoon, RedLine, Vida
118
13/03/2023
14/04/2022
21/06/2022
?
AllCare Plus Pharmacy
After an email phishing attack, AllCare Plus Pharmacy reports that 5,971 patients potentially had their protected health information (PHI) exposed.
Account Takeover
Human health and social work
Cyber Crime
US
AllCare Plus Pharmacy
119
13/03/2023
-
-
LockBit 3.0
Lubrimetal
Lubrimetal, an Italian chemical firm, is hit with a LockBit ransomware attack.
Malware
Professional, scientific and technical
Cyber Crime
IT
Lubrimetal, LockBit, ransomware
120
13/03/2023
02/03/2023
02/03/2023
?
Guam Memorial Hospital
The Guam Memorial Hospital is hit wth a cyber attack.
Unknown
Human health and social work
Cyber Crime
US
Guam Memorial Hospital
121
14/03/2023
Early March 2023
Early March 2023
APT29 AKA Nobelium and Cozy Bear, the Dukes
Diplomatic entities and government agencies in Eastern Europe
Researchers from BlackBerry reveal that the Russian state-backed group known as Nobelium is behind recent attempted cyberattacks on diplomatic entities and government agencies in the European Union via phishing emails with a malicious document attached, using the Polish Foreign Minister’s recent visit to the US as a lure.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
>1
BlackBerry, Nobelium, APT29, Cozy Bear, Dukes
122
14/03/2023
Since at least June 2022
Since at least June 2022
YoroTrooper
CIS countries, embassies and EU health care agencies
Researchers from Cisco Talos discover a new threat actor named 'YoroTrooper' running cyber-espionage campaigns since at least June 2022, targeting government and energy organizations in Commonwealth of Independent States (CIS) countries, embassies and EU health care agency.
Targeted Attack
Multiple Industries
Cyber Espionage
>1
Cisco Talos, YoroTrooper, Commonwealth of Independent States, CIS
123
14/03/2023
-
-
?
Crypto investors in the U.S.
The Federal Bureau of Investigation (FBI) reveals that Americans are increasingly targeted in 'pig butchering' cryptocurrency investment schemes.
Pig-butchering scam
Fintech
Cyber Crime
US
U.S. Federal Bureau of Investigation, FBI, pig-butchering
124
14/03/2023
Since at least January 2023
15/02/2023
Magniber
Multiple organizations in South Korea, China, Taiwan, Malaysia, Hong Kong, Singapore, and now Europe.
Microsoft patches CVE-2023-24880, a zero-day used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware.
CVE-2023-24880 Vulnerability
Multiple Industries
Cyber Crime
CN
HK
KR
MY
SG
TW
EU
Microsoft, CVE-2023-24880, Magniber, ransomware
125
14/03/2023
Between mid-April and December 2022
-
APT28 AKA STRONTIUM, Sednit, Sofacy, and Fancy Bear
Fewer than 15 government, military, energy, and transportation organizations in Europe
Microsoft patches an Outlook zero-day vulnerability (CVE-2023-23397) exploited by APT28, the hacking group linked to Russia's military intelligence service GRU to target European organizations.
Cybersecurity company Rubrik confirms that its data was stolen using a zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform.
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Professional, scientific and technical
Cyber Crime
US
CVE-2023-0669, Fortra GoAnywhere
127
14/03/2023
Between 30/06/2022 and 05/07/2022
05/07/2022
?
Independent Living Systems (ILS)
Independent Living Systems (ILS), a Miami-based healthcare administration and managed care solutions provider, discloses a data breach that exposed the personal information of 4,226,508 individuals.
Unknown
Human health and social work
Cyber Crime
US
Independent Living Systems, ILS
128
14/03/2023
-
-
FakeCalls
Banking users in South Korea
Researchers from Check Point reveal that the Android malware 'FakeCalls' is circulating again in South Korea, imitating phone calls for over 20 financial organizations and attempting to fool bankers into giving away their credit card details.
Malware
Finance and insurance
Cyber Crime
KR
Check Point reveal, Android, FakeCalls
129
14/03/2023
-
-
ALPHV AKA BlackCat
Ring
The smart doorbell and security camera company Ring is allegedly hit with a BlackCat ransomware attack, despite the company denied it was hit.
Malware
Manufacturing
Cyber Crime
US
ALPHV, BlackCat, Ring, ransomware
130
14/03/2023
14/03/2023
14/03/2023
?
Wymondham College
Wymondham College, the largest state boarding school in the United Kingdom, announces that it had been hit by a “sophisticated cyberattack”.
Unknown
Education
Cyber Crime
UK
Wymondham College
131
14/03/2023
-
-
LockBit 3.0
Maximum Industries
The LockBit ransomware group claims to have stolen valuable SpaceX files after breaching the systems of piece part production company Maximum Industries.
Malware
Manufacturing
Cyber Crime
US
LockBit , LockBit 3.0, ransomware, SpaceX, Maximum Industries
132
14/03/2023
During March 2021
-
Tick AKA Bronze Butler and RedBaldKnight
DLP software development company located in an unnamed East Asian country
Researchers from ESET disclose a campaign by the notorious Chinese cyberespionage group known as Tick, targeting a data loss prevention (DLP) company that serves military and other government organizations.
Targeted Attack
Professional, scientific and technical
Cyber Espionage
N/A
Tick, Bronze Butler, RedBaldKnight, ESET
133
14/03/2023
-
-
Black Basta
Marshall
Marshall, a British amplifier and speaker-cabinet maker, is added to the victim list of ransomware gang Black Basta’s dark-web blog.
Malware
Manufacturing
Cyber Crime
UK
Marshall, ransomware, Black Basta
134
14/03/2023
'Recently'
'Recently'
GoatRAT
Mobile banking users in Brazil
Researchers from Cyble discover GoatRAT, an Android banking Trojan targeting Brazilian banks.
Malware
Finance and insurance
Cyber Crime
BR
Cyble, GoatRAT, Android
135
14/03/2023
16/09/2022
-
?
NorthStar Emergency Medical Services
NorthStar Emergency Medical Services discloses a breach that might have given bad actors access to the records of more than 80,000 current and former patients.
Unknown
Human health and social work
Cyber Crime
US
NorthStar Emergency Medical Services
136
14/03/2023
-
09/02/2023
?
Voya Financial Advisors (VFA)
Voya Financial Advisors (VFA) files a notice of data breach after learning that sensitive consumer information stored on the company’s computer system was accessible to an unauthorized party.
Account Takeover
Finance and insurance
Cyber Crime
US
Voya Financial Advisors, VFA
137
14/03/2023
-
14/03/2023
Kernelware
PetroVietnam
Kernelware postes data from PetroVietnam, a state-owned oil and gas group.
Unknown
Electricity, gas steam, air conditioning
Cyber Crime
VN
Kernelware, PetroVietnam
138
14/03/2023
-
14/03/2023
Kernelware
Long Son Petrochemicals
Kernelware posts data from Long Son Petrochemicals
Unknown
Electricity, gas steam, air conditioning
Cyber Crime
VN
Kernelware, Long Son Petrochemicals
139
14/03/2023
-
14/03/2023
Kernelware
POSCO Engineering & Construction
Kernelware postes data from POSCO Engineering & Construction.
Unknown
Electricity, gas steam, air conditioning
Cyber Crime
VN
Kernelware, POSCO Engineering & Construction
140
14/03/2023
-
-
?
Undisclosed supplier
A threat actor leaks some data allegedly stolen from the Italian engineering company Fincantieri. A subsequent analysis reveals that the data was stolen from a third party.
Account Takeover
Professional, scientific and technical
Cyber Crime
IT
FIncantieri
141
15/03/2023
During February 2023
During February 2023
?
Vulnerable Kubernetes systems
Researchers from Crowdstrike discover The first known cryptojacking operation mining the Dero coin, targeting vulnerable Kubernetes container orchestrator infrastructure with exposed APIs.
Misconfiguration
Multiple Industries
Cyber Crime
>1
Crowdstrike, Dero, Kubernetes
142
15/03/2023
Between November 2022 and early January 2023
-
At least two threat actors (including the Vietnamese XE Group)
Unnamed federal civilian executive branch (FCEB) agency
The CISA, FBI, and MS-ISAC reveal that a U.S. federal agency's Microsoft Internet Information Services (IIS) web server was hacked by exploiting a critical .NET deserialization vulnerability in the Progress Telerik UI for ASP.NET AJAX component.
CVE-2019-18935 vulnerability
Public admin and defence, social security
Cyber Espionage
US
CISA, FBI, MS-ISAC, Microsoft Internet Information Services, IIS, .NET, Progress Telerik UI
143
15/03/2023
-
-
Multiple threat actors
Multiple organizations
CISA adds CVE-2023-26360, a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018, to its catalog of security bugs exploited in the wild.
A convincing Twitter scam is targeting bank customers by abusing the quote-tweet feature.
Account Takeover
Finance and insurance
Cyber Crime
>1
quote-tweet
145
15/03/2023
-
-
?
Multiple organizations
Researchers from Avast reveal that cybercriminals are abusing Adobe Acrobat Sign, an online document signing service, to distribute the redline info-stealing malware to unsuspecting users.
Malware
Multiple Industries
Cyber Crime
>1
Adobe Acrobat Sign, Redline, Avast
146
15/03/2023
-
13/03/2023
LockBit 3.0?
Deutsche Bank
An unknown hacker offers up a cache of 60GB of sensitive files, allegedly stolen from Deutsche Bank by the infamous LockBit ransomware gang.
Unknown
Finance and insurance
Cyber Crime
DE
Deutsche Bank, LockBit, ransomware
147
15/03/2023
During Q4 2022
During Q4 2022
Chinese and Russian cybercriminals
Multiple organizations in Brazil, France, and Taiwan
Researchers from WithSecure discover a threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems using SILKLOADER, a new piece of malware designed to load Cobalt Strike onto infected machines.
Researchers from Check Point discover a new piece of malware dubbed dotRunpeX used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar.
Kroger Postal Prescription Services (Kroger PPS) files a notice of data breach after learning that confidential consumer information in the company’s possession was subject to unauthorized access.
Unknown
Wholesale and retail
Cyber Crime
US
Kroger Postal Prescription Services, Kroger PPS
150
15/03/2023
Since Early 2022
-
Black Basta
Organizations in the Healthcare Sector in the U.S.
The Health Sector Cybersecurity Coordination Center (HC3) issues a warning regarding the Black Basta ransomware group targeting the Healthcare sector.
Malware
Human health and social work
Cyber Crime
US
Health Sector Cybersecurity Coordination Center, HC3, Black Basta, ransomware
151
15/03/2023
14/03/2023
10/03/2023
?
HLA Grupo Hospitalario
A forum user on BreachForums lists data from the HLA Grupo Hospitalario in Spain for sale. The listing advertises 45,000 patient records and information on 1,600 doctors, with samples provided of each.
Misconfiguration
Human health and social work
Cyber Crime
ES
BreachForums, HLA Grupo Hospitalario
152
15/03/2023
13/03/2023
13/03/2023
?
Autoridad de Acueductos y Alcantarillados (AAA)
Autoridad de Acueductos y Alcantarillados (AAA) confirms it suffered a ransomware attack. The attack reportedly affects AAA’s electronic customer service systems.
Malware
Public admin and defence, social security
Cyber Crime
PR
Autoridad de Acueductos y Alcantarillados, AAA, ransomware
153
15/03/2023
15/03/2023
15/03/2023
?
Poolz Finance
An attacker steals $390,000 from cross-chain platform Poolz Finance
Vulnerability
Fintech
Cyber Crime
N/A
Poolz Finance
154
15/03/2023
-
-
?
Municipality of Taggia
The Municipality of Taggia in Italy is hit with a cyber attack.
Malware
Public admin and defence, social security
Cyber Crime
IT
Municipality of Taggia
155
15/03/2023
During Q4 2022
29/09/2022
Black Basta
Undisclosed organization(s)
Researchers from ReliaQuest discover a new campaign using Qbot distributing the Black Basta ransomware.
Malware
Unknown
Cyber Crime
N/A
ReliaQuest, QakBot, Qbot Black Basta, ransomware
156
15/03/2023
Between 30/07/2022 and 25/08/2022
30/11/2022
?
Merritt Healthcare Advisors
Merritt Healthcare Advisors reports a phishing attack that exposed the data of some of its healthcare clients.
Account Takeover
Professional, scientific and technical
Cyber Crime
US
Merritt Healthcare Advisors
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
No Data Found
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.