1-15 March 2023 Cyber Attacks Timeline

Last modified: April 3, 2023

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Attack Distribution March H1 2023

Attack Techniques March H1 2023

Follow me on Twitter

Connect on Linkedin

Connect on Mastodon

In the first cyber attacks timeline of March 2023 I collected 152 events (10.13 events/day), a number that, unsurprisingly, confirms the high level of activity that is accompanying us over the course of this 2023.

Ransomware-driven events slide at 21.7% from 24.6% (33 out of 152 events), whilst 19 events were characterized by the exploitation of vulnerabilities (corresponding to 12.5% vs 8% of the previous timeline), an increase mainly due to the ongoing exploitation of the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.

16-30 April 2023 Cyber Attacks Timeline

In the second half of April 2023 I collected 180 events (corresponding to 12 events/day), a sharp increase compared to…

Multi-million losses continued to affect the fintech sector, with Euler Finance suffering a flash loan attack leading to the theft of $197 million worth in multiple digital assets. Other fintech organizations targeted in the same period included Algodex and Poolz Finance.

And the season of the mega breaches has just begun apparently: victims in this fortnight included: HDB Financial Services (72 million records affected), an undisclosed marketing vendor working for AT&T and other organizations (9 million records affected), Independent Living Systems (around 4 million records), and Zoll Medical (one million). Other high-profile victims included ACER that suffered the leak of 160 Gb.

The Cyber Espionage front is always hot, with multiple campaigns unearthed in the first half of March, and carried out by known threat actors such as: APT27, APT28, APT29, Mustang Panda, Sharp Panda, the Tick, and Transparent Tribe, but also new players, such as UNC2970, UNC4540, and Yoro Trooper. The Iranian group Cobalt Illusion also launched a campaign against female human rights activists.

And as always, this brief summary is closed by a quick mention to the DDos attacks launched by the pro-Russian hacktivists of NoName057(16) that were directed against several government websites in Poland and Italy.

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map March H2 2023

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/03/2023	28/02/2023	28/02/2023	NoName057(16)	Poland’s tax service	Poland’s tax service website is hit by a DDoS attack believed to have been carried out by Russian hackers.	DDoS	Public admin and defence, social security	Hacktivism	PL		NoName057(16)
2	01/03/2023	Since April 2022	During April 2022	APT27 AKA Iron Tiger	Multiple organizations	Researchers from Trend Micro reveal that the APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware, to target more services used in the enterprise.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		APT27, Iron Tiger
3	01/03/2023	During October 2022	Since at least October 2022	maxwell187	Multiple organizations	Researchers of ESET reveal that the developers of the BlackLotus UEFI bootkit have improved the malware with Secure Boot bypass capabilities that allow it to infected even Windows 11 systems from CVE-2022-21894.	Malware	Multiple Industries	Cyber Crime	>1		ESET, BlackLotus, UEFI, maxwell187, CVE-2022-21894
4	01/03/2023	28/02/2023	28/02/2023	?	Unknown target(s)	Researchers from Cyble reveal that the carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary.	Unknown	Finance and insurance	Cyber Crime	>1		Cyble, BidenCash
5	01/03/2023	-	-	?	Multiple organizations	Researchers from Kroll discover a malicious Python package uploaded to the Python Package Index (PyPI) that contained a fully-featured information stealer and remote access trojan tracked as Colour-Blind.	Malware	Multiple Industries	Cyber Crime	>1		Kroll, Python, PyPI, Colour-Blind
6	01/03/2023	-	-	Since May 2020	Organizations in the Maritime Industry	Researchers from EclecticIQ discover a campaign targeting the maritime industry, using spear phishing emails to Agent Tesla and Formbook.	Malware	Transportation and storage	Cyber Crime	>1		EclecticIQ, Agent Tesla, Formbook
7	01/03/2023	09/02/2023	09/02/2023	?	Group 1001	The insurance company Group 1001 restores the operations after suffering a ransomware attack.	Malware	Finance and insurance	Cyber Crime	US		Group 1001, ransomware
8	01/03/2023	Between 23/11/2022 and 27/11/2022	-	?	Codman Square Health Center	Codman Square Health Center files a notice of data breach after learning that a ransomware attack targeting the company’s IT system compromised confidential patient information.	Malware	Human health and social work	Cyber Crime	US		Codman Square Health Center, ransomware
9	01/03/2023	12/02/2023	12/02/2023	?	Azienda Ospedaliero-Universitaria di Parma (Hospital of Parma)	The Hospital of Parma suffers a cyber attack.	Unknown	Human health and social work	Cyber Crime	IT		Azienda Ospedaliero-Universitaria di Parma, Hospital of Parma
10	02/03/2023	-	-	?	WH Smith	British retailer WH Smith suffers a data breach that exposes information belonging to current and former employees.	Unknown	Wholesale and retail	Cyber Crime	UK		WH Smith
11	02/03/2023	Since January 2023	'Recently'	Mustang Panda AKA TA416 and Bronze President	Government and political organizations in Europe and Asia, focusing on Taiwan and Ukraine.	Researchers from ESET reveal that the Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	TW UA		Mustang Panda, TA416, Bronze President, ESET, MQsTTang
12	02/03/2023	-	-	Royal	U.S. critical infrastructure sectors, including healthcare, communications, and education	CISA and the FBI issue a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many U.S. critical infrastructure sectors, including healthcare, communications, and education.	Malware	Multiple Industries	Cyber Crime	>1		CISA, FBI, Royal, ransomware
13	02/03/2023	26/02/2023	26/02/2023	?	Sandbox players	The Sandbox blockchain game warns its community that a security incident caused some users to receive fraudulent emails impersonating the game, trying to infect them with malware.	Account Takeover Malware	Arts entertainment, recreation	Cyber Crime	>1		Sandbox
14	02/03/2023	Since early September 2022	Since early September 2022	?	Individuals in East Asia	Researchers from Wiz warn of a widespread redirection campaign in which thousands of websites targeting East Asian audiences have been compromised using legitimate FTP credentials.	Account Takeover	Individual	Cyber Crime	>1		Wiz, FTP
15	02/03/2023	-	-	?	GunAuction.com	Hackers breach GunAuction.com, a website that allows people to buy and sell guns, exposing the identities of 550,000 users.	Unknown	Mining and quarrying	Cyber Crime	US		GunAuction.com
16	02/03/2023	Since the beginning of 2023	Since the beginning of 2023	?	Insecure deployments of Redis	Researchers from Cado Labs discover a novel cryptojacking campaign targeting insecure deployments of Redis. Underpinning this campaign was the use of transfer.sh, a free and open source command line file transfer service.	Misconfiguration	Multiple Industries	Cyber Crime	>1		Cado Labs, Redis
17	02/03/2023	-	-	?	Organizations in the hospitality sector	Researchers from Trend Micro discover a campaign targeting the hospitality sector and using Dropbox to release the malicious file.	Malware	Accommodation and food service	Cyber Crime	>1		Trend Micro, Dropbox
18	02/03/2023	25/02/2023	25/02/2023	?	Porter Police Department	The Porter Police Department suffers a "network security incident".	Unknown	Public admin and defence, social security	Cyber Crime	US		Porter Police Department
19	02/03/2023	-	-	RansomEXX	Bettuzzi And Partners	Bettuzzi And Partners, an Italian accounting firm is hit with a RansomEXX ransomware attack.	Malware	Professional, scientific and technical	Cyber Crime	IT		Bettuzzi And Partners, RansomEXX, ransomware
20	03/03/2023	-	-	BianLian	Parques Reunidos Group	The BianLian ransomware group claims to have stolen employee information, including passport details, as well as information on the company's partners, data on park-related incidents, financial records, internal emails and legal documents from Parques Reunidos Group, a Spanish amusement park company.	Malware	Arts entertainment, recreation	Cyber Crime	ES		BianLian, ransomware, Parques Reunidos Group
21	03/03/2023	28/02/2023	28/02/2023	?	City of Lille	The city of Lille is disrupted by a cyberattack that partially affects the operation of public services.	Unknown	Public admin and defence, social security	Cyber Crime	FR		City of Lille
22	03/03/2023	Between 13/12/2022 and 13/01/2023	-	?	Denver Public Schools (DPS)	Personal information belonging to some 15,000 Denver Public Schools (DPS) employees was stolen in what the district is calling a "cybersecurity incident" that went on for a month.	Unknown	Education	Cyber Crime	US		Denver Public Schools, DPS
23	03/03/2023	-	-	?	Henrico Doctors' Hospital	Henrico Doctors' Hospital notifies 990 patients that some of their protected health information was compromised in a data breach.	Unknown	Human health and social work	Cyber Crime	US		Henrico Doctors' Hospital
24	03/03/2023	-	-	?	Houston Healthcare	A cyberattack disrupts Houston Healthcare's operations.	Unknown	Human health and social work	Cyber Crime	US		Houston Healthcare
25	03/03/2023	-	-	?	Suprbay.org	The official web forum of The Pirate Bay, Suprbay.org, is the latest victim of an apparent cyberattack that forced its site to remain offline for several days.	Unknown	Other service activities	Cyber Crime	N/A		The Pirate Bay, Suprbay.org
26	03/03/2023	22/02/2023	22/02/2023	?	Gaston College	Gaston College posts a “System Interruption” notice after the school confirmed that it was the victim of a ransomware attack	Malware	Education	Cyber Crime	US		Gaston College, ransomware
27	04/03/2023	29/03/2023	29/03/2023	Vice Society	Hamburg University of Applied Sciences (HAW Hamburg)	The Vice Society ransomware group adds the Hamburg University of Applied Sciences (HAW Hamburg) to its leak site following an attack that the institution said took place late last year.	Malware	Education	Cyber Crime	DE		Vice Society, ransomware, University of Applied Sciences, HAW Hamburg
28	04/03/2023	04/03/2023	04/03/2023	SeigedSec	Tourist website for the Faroe Islands	The SeigedSec hacking group claims to have defaced the tourist website for the Faroe Islands – a self-governing territory of the Kingdom of Denmark — and to have stolen employee data and other sensitive information.	Defacement	Public admin and defence, social security	Hacktivism	DK		SeigedSec, Faroe Islands, Kingdom of Denmark
29	04/03/2023	-	-	?	Vodafone NL	A threat actor publishes 83,000 records allegedly stolen from Vodafone NL.	Unknown	Information and communication	Cyber Crime	NL		Vodafone NL
30	05/03/2023	01/03/2023	01/03/2023	?	Northern Essex Community College	Northern Essex Community College remains shuttered after suffering a cyberattack.	Unknown	Education	Cyber Crime	US		Northern Essex Community College
31	05/03/2023	Early February 2023	13/02/2023	?	Flutterwave	Flutterwave, Africa’s largest startup by private valuation, is involved in a hack that results in more than ₦2.9 billion (~$4.2 million) missing from its accounts.	Account Takeover	Finance and insurance	Cyber Crime	NG		Flutterwave
32	05/03/2023	-	-	KelvinSecurity	Ministry of Public Health in Ecuador	A database called Covid-19 allegedly from the Ministry of Public Health in Ecuador has been listed for sale on a popular forum by KelvinSecurity, however the Ministry denies to have suffered any breach.	Unknown	Public admin and defence, social security	Cyber Crime	EC		Covid-19, Ministry of Public Health in Ecuador, KelvinSecurity
33	06/03/2023	During January 2023	-	?	Undisclosed marketing vendor	AT&T notifies roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January.	Unknown	Administration and support service	Cyber Crime	US		AT&T
34	06/03/2023	Since at least July 2022	During July 2022	?	Vulnerable DrayTek Vigor routers	Researchers from Black Lotus Lab discover a new campaign called 'Hiatus' targeting DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network.	Vulnerability	Multiple Industries	Cyber Crime	>1		Black Lotus Lab, 'Hiatus, DrayTek Vigor, 2960, 3900
35	06/03/2023	-	-	?	Eastern European institutions and businesses	Researchers from SentinelOne discover phishing campaigns that distribute the Remcos RAT using the DBatLoader malware loader to target predominantly Eastern European institutions and businesses.	Malware	Multiple Industries	Cyber Crime	>1		SentinelOne, Remcos RAT, DBatLoader
36	06/03/2023	05/03/2023	05/03/2023	RansomHouse	Hospital Clínic de Barcelona	The Hospital Clínic de Barcelona suffers a RansomHouse ransomware attack, severely disrupting its healthcare services after the institution's virtual machines were targeted by the attacks.	Malware	Human health and social work	Cyber Crime	ES		Hospital Clínic de Barcelona, RansomHouse, ransomware
37	06/03/2023	'Recently'	'Recently'	FiXS	Banks in Mexico	Researchers from Metabase Q discover FiXS, a new malware family targeting ATMs in Latin America, and specifically banks in Mexico.	Malware	Finance and insurance	Cyber Crime	MX		Metabase Q, FiXS
38	06/03/2023	During the second half of 2022	During the second half of 2022	?	ICS computers in Russia	Researchers from Kaspersky disclose a surge in attacks on ICS computers in Russia and blames it on the exploitation of a Bitrix CMS vulnerability tracked as CVE-2022-27228.	CVE-2022-27228 vulnerability	Multiple Industries	Cyber Crime	RU		Kaspersky, ICS, Russia, Bitrix CMS, CVE-2022-27228
39	06/03/2023	-	-	?	Individuals in Australia, Denmark, Germany, Ireland and the Netherlands.	Researchers from Bitdefender warn of a fresh phishing campaign that uses copycat ChatGPT platform to swindle eager investors.	Account Takeover	Individual	Cyber Crime	AU DE DK IE NL		Bitdefender, ChatGPT
40	06/03/2023	-	-	BianLian	City of Waynesboro	The City of Waynesboro is hit with a BianLian ransomware attack and leaks 350 GB of data.	Malware	Public admin and defence, social security	Cyber Crime	US		City of Waynesboro, BianLian, ransomware
41	06/03/2023	Since at least December 2022	During December 2022	DarkBLUP	Multiple organizations	Researchers from Flashpoint discover a private loader named “AresLoader” advertised for sale on the top-tier Russian-language hacking forum XSS.	Malware	Multiple Industries	Cyber Crime	>1		DarkBLUP, Flashpoint, AresLoader, XSS
42	06/03/2023	-	-	?	Texas Medical Liability Trust (TMLT)	Texas Medical Liability Trust (TMLT) files a notice of data breach after learning that confidential consumer information entrusted to the company was leaked in a recent cybersecurity incident.	Unknown	Finance and insurance	Cyber Crime	US		Texas Medical Liability Trust, TMLT
43	06/03/2023	05/03/2023	05/03/2023	?	Algodex	DeFi platform Algodex reveals that a malicious actor infiltrated a company wallet during the early hours of the previous morning.	Unknown	Fintech	Cyber Crime	N/A		Algodex
44	06/03/2023	06/03/2023	06/03/2023	NoName057(16)	Several websites of Italian Ministries including the Labour Ministry, High Council of the Judiciary, and Carabinieri	The Russian collective NoName057(16) launches a new campaign against several websites in Italy.	DDoS	Public admin and defence, social security	Hacktivism	IT		NoName057(16), Italian Ministries including the Labour Ministry, High Council of the Judiciary, Carabinieri
45	07/03/2023	Since late January 2022	Since late January 2022	TA499	Individuals who have spoken out against Putin’s invasion	Researchers from Proofpoint discover a disinformation campaign targeting individuals who have spoken out against Putin’s invasion and involving them in fake conversations to support the Russian President.	Disinformation	Individual	Cyber Warfare	>1		TA499, Proofpoint, Putin, Russia, Ukraine
46	07/03/2023	-	-	kernelware	Acer	Taiwanese computer giant Acer confirms that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians and leaked 160GB of data.	Unknown	Manufacturing	Cyber Crime	TW		Acer, kernelware
47	07/03/2023	-	-	kernelware	Acronis	The same attacker publishes a 12 Gb archive file allegedly containing certificate files, command logs, system configurations and information logs, filesystem archives, scripts, and backup configuration data stolen from Acronis.	Unknown	Professional, scientific and technical	Cyber Crime	CH		Acronis, kernelware
48	07/03/2023	07/03/2023	07/03/2023	Emotet	Banking users worldwide	Researchers from Cofense and the Emotet-tracking group Cryptolaemus warn that the Emotet botnet had once again resumed sending emails.	Malware	Finance and insurance	Cyber Crime	>1		Cofense, Emotet, Cryptolaemus
49	07/03/2023	During late 2022	During late 2022	Sharp Panda	High-profile government entities in Vietnam, Thailand, and Indonesia	Researchers from Check Point reveal that the Sharp Panda cyber-espionage group is targeting high-profile government entities in Vietnam, Thailand, and Indonesia with a new version of the ‘Soul’ malware framework.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	VN TH ID		Check Point, Sharp Panda, Soul
50	07/03/2023	06/03/2023	06/03/2023	IntelBroker	DC Health Link	The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and sensitive personal information was stolen from DC Health Link's servers.	Unknown	Public admin and defence, social security	Cyber Crime	US		IntelBroker, FBI, U.S. House of Representatives, DC Health Link
51	07/03/2023	-	-	UNC4540	Multiple organizations	Researchers from Mandiant discover UNC4540, a suspected Chinese hacking campaign targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that establishes long-term persistence for cyber espionage campaigns.	Vulnerability	Multiple Industries	Cyber Espionage	>1		Mandiant, UNC4540, China, SonicWall Secure Mobile Access, SMA
52	07/03/2023	06/03/2023	06/03/2023	LockBit 3.0	Essendant	Essendant, a wholesale distributor of stationery and office supplies, notifies to be experiencing a multi-day systems "outage" preventing customers and suppliers from placing and fulfilling online orders. Few days after the LockBit ransomware gang claims responsibility for the attack.	Malware	Wholesale and retail	Cyber Crime	US		LockBit 3.0, Essendant, ransomware
53	07/03/2023	-	-	Suspected state-sponsored threat actors from China	Governments and large organizations	Fortinet reveals that unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss.	CVE-2022-41328 Vulnerability	Multiple Industries	Cyber Espionage	>1		Fortinet, FortiOS, CVE-2022-41328
54	07/03/2023	Since November 2022	Since November 2022	Sys01 Stealer	Multiple organizations	Researchers from Morphisec share details on Sys01 Stealer, an information stealer observed targeting the Facebook accounts of critical government infrastructure employees.	Malware	Multiple Industries	Cyber Espionage	>1		Morphisec, Sys01 Stealer
55	07/03/2023	-	-	Dark Angels	Andrade Gutierrez	A group known as Dark Angels claims to have stolen 3 terabytes of corporate and employee information from controversial Brazilian multinational Andrade Gutierrez.	Unknown	Professional, scientific and technical	Hacktivism	BR		Dark Angels, Andrade Gutierrez
56	07/03/2023	17/02/2023	17/02/2023	Qilin	Attent Zorg en Behandeling	The systems of Attent Zorg en Behandeling, a care facility in the Netherlands, are hacked by the notorious Qilin ransomware group.	Malware	Human health and social work	Cyber Crime	NL		Attent Zorg en Behandeling, Qilin, ransomware
57	07/03/2023	Since July 2022	-	Transparent Tribe	Indian and Pakistani Android users with a military or political orientation	Researchers from ESET discover an active Transparent Tribe campaign, targeting mostly Indian and Pakistani Android users, presumably with a military or political orientation, via the CapraRAT distributed through rogue secure messaging apps in a romance scam.	Malware	Public admin and defence, social security	Cyber Espionage	IN PK		ESET, Transparent Tribe, India, Pakistan, CapraRAT
58	07/03/2023	-	08/01/2023	?	SundaySky	SundaySky files a notice of data breach following a cybersecurity incident in which an unauthorized party copied files containing confidential consumer information.	Unknown	Professional, scientific and technical	Cyber Crime	US		SundaySky
59	07/03/2023	-	16/01/2023	?	Bone & Joint	Bone & Joint began notifies current and former patients and employees of a data breach after experiencing a reported “network outage,” resulting in sensitive information in the company’s possession being compromised.	Unknown	Human health and social work	Cyber Crime	US		Bone & Joint
60	07/03/2023	08/01/2023	08/01/2023	BianLian	Northeast Surgical Group (NSG)	Northeast Surgical Group notifies 15,298 patients of a HIPAA breach, deriving from a BianLian ransomware attack.	Malware	Human health and social work	Cyber Crime	US		Northeast Surgical Group, BianLian, ransomware
61	07/03/2023	-	29/12/2022	GhostSec	Council of Grenada (Diputatción de Grenada - dipgra.es)	Nearly 7 GB of data from the Council of Grenada are posted online by the GhostSec group.	Unknown	Public admin and defence, social security	Cyber Crime	ES		Council of Grenada, Diputatción de Grenada, dipgra.es
62	08/03/2023	-	-	?	Undisclosed organization	Researchers from Microsoft reveal the details of a business email compromise (BEC) attack in which attackers moved rapidly, with some steps taking mere minutes.	Business Email Compromise	Unknown	Cyber Crime	N/A		Microsoft
63	08/03/2023	-	-	?	Black & McDonald	A Canadian engineering giant Black & McDonald, working with critical military, power and transportation infrastructure across the country is hit with a ransomware attack.	Malware	Professional, scientific and technical	Cyber Crime	CA		Black & McDonald, ransomware
64	08/03/2023	-	-	Multiple threat actors	Multiple organizations	CISA adds three actively exploited flaws in Teclib GLPI, Apache Spark, and Zoho ManageEngine ADSelfService Plus to its Known Exploited Vulnerabilities Catalog.	CVE-2022-35914, CVE-2022-33891, CVE-2022-28810 Vulnerabilities	Multiple Industries	N/A	US		CISA, Teclib GLPI, Apache Spark, Zoho ManageEngine ADSelfService Plus, CVE-2022-35914, CVE-2022-33891, CVE-2022-28810
65	08/03/2023	Between January and February 2023	Between January and February 2023	8220	Vulnerable Oracle Weblogic Server	Researchers from Fortinet discover the mining group 8220 Gang using a new crypter called ScrubCrypt in cryptojacking attacks.	Malware	Multiple Industries	Cyber Crime	>1		Fortinet, 8220, ScrubCrypt
66	08/03/2023	23/02/2023	23/02/2023	?	Undisclosed organization in APAC	Akamai claims to have mitigated the largest DDoS attack ever, which peaked at 900.1 gigabits per second.	DDoS	Unknown	Cyber Crime	N/A		Akamai
67	08/03/2023	-	-	Kernelware	HDB Financial Services	A hacker using the alias Kernelware leaks 7.5 GB of customer data with over 72 million entries belonging to HDB Financial Services, a subsidiary of India’s largest private bank, HDFC Bank.	Unknown	Finance and insurance	Cyber Crime	IN		Kernelware, HDB Financial Services, HDFC Bank
68	08/03/2023	-	-	Exotic Lily, aka PROJECTOR LIBRA and TA580	Multiple organizations	Researchers from ReliaQuest discover a new campaign by the Initial Access Broker Exotic Lily.	Malware	Multiple Industries	Cyber Crime	>1		ReliaQuest, Exotic Lily, PROJECTOR LIBRA, TA580
69	08/03/2023	Since one year	During January 2023	?	Individual	Researchers at DeepSee and Malwarebytes identify DeepStreamer, an invalid traffic scheme undetected for over one year via a number of illegal video streaming platforms.	Ad fraud	Individual	Cyber Crime	>1		DeepSee, Malwarebytes, DeepStreamer
70	08/03/2023	'Recently'	'Recently'	MedusaLocker	Multiple organizations	Researchers from AhnLab discover the active distribution of the GlobeImposter ransomware carried out by the threat actors behind MedusaLocker through the exploitation of RDP.	Malware	Multiple Industries	Cyber Crime	>1		AhnLab, GlobeImposter, ransomware, MedusaLocker, RDP
71	08/03/2023	-	24/01/2023	?	Beaver Medical Group (BMG)	Beaver Medical Group (BMG) files a notice of data breach after discovering that a successful email phishing attack provided an unauthorized party with access to files containing confidential patient information.	Account Takeover	Human health and social work	Cyber Crime	US		Beaver Medical Group, BMG
72	08/03/2023	-	-	?	Wichita Urology Group	Wichita Urology Group notifies 1,493 individuals that unauthorized individuals gained access to its network and potentially viewed or obtained files containing names, prescription information, billing information, and health insurance information.	Unknown	Human health and social work	Cyber Crime	US		Wichita Urology Group
73	08/03/2023	-	-	?	Eurovision fans	Eurovision fans who have booked rooms for May's song contest in Liverpool are having their data put at risk by scammers targeting hotel chains.	Account Takeover	Accommodation and food service	Cyber Crime	UK		Eurovision
74	08/03/2023	-	-	?	Exprivia	The Italian IT company Exprivia suffers a possible ransomware attack.	Malware	Professional, scientific and technical	Cyber Crime	IT		Exprivia, ransomware
75	09/03/2023	'In recent weeks'	'In recent weeks'	IceFire	Several media and entertainment sector organizations worldwide	Researchers from Sentinel One discover a novel Linux versions of the IceFire ransomware being deployed within the enterprise network intrusions of several media and entertainment sector organizations worldwide.	Malware	Arts entertainment, recreation	Cyber Crime	>1		Sentinel One, IceFire, ransomware
76	09/03/2023	-	-	?	Crypto investors	The FBI warns that cybercriminals are now using fake rewards in so-called "play-to-earn" mobile and online games to steal millions worth of cryptocurrency.	Play-to-earn scam	Fintech	Cyber Crime	US		FBI, play-to-earn
77	09/03/2023	During January 2023	During January 2023	Mustang Panda AKA TA416 and Bronze President	People in Mongolia, Papua New Guinea, Ghana, Zimbabwe, and Nigeria.	Researchers from Sophos reveal the details of 'retro', a campaign by the Chinese group Mustang Panda using USB drives laden with PlugX to target people in Mongolia, Papua New Guinea, Ghana, Zimbabwe, and Nigeria.	Malware	Individual	Cyber Espionage	MN PG GH ZW NG		Mustang Panda, TA416, Bronze President, Sophos, retro, PlugX
78	09/03/2023	20/01/2023	23/01/2023	?	Hawaii Death Registry	Hawaii’s Department of Health says it is sending out breach notification letters after a cyberattack in January gave hackers limited access to the state’s death registry.	Account Takeover	Human health and social work	Cyber Crime	US		Hawaii Death Registry
79	09/03/2023	-	-	?	Multiple organizations	Researchers at ASEC (AhnLab Security Emergency response Center) observe threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun.	Multiple vulnerabilities	Multiple Industries	N/A	N/A		ASEC, AhnLab Security Emergency response Center, PlugX, Sunlogin, Awesun, CNVD-2022-10270, CNVD-2022-03672
80	09/03/2023	Since November 2022	Since November 2022	Prometei	Multiple organizations	Researchers from Cisco Talos discover a new version of the Prometei botnet infecting more than 10,000 systems worldwide since November 2022.	Multiple vulnerabilities	Multiple Industries	Cyber Crime	>1		Cisco Talos, Prometei
81	09/03/2023	-	09/03/2023	LockBit 3.0	Audio-Technica	Audio-Technica, the Japanese audio equipment manufacturer, is uploaded to LockBit’s dark-web blog, suggesting the company may have been breached by the notorious ransomware gang.	Malware	Manufacturing	Cyber Crime	JP		Audio-Technica, LockBit, LockBit 3.0, ransomware
82	09/03/2023	Since at least 24/02/2023	24/02/2023	Cobalt Illusion	Female Human Right Activists in Iran	Researchers from Secureworks discover that female human rights activists are being targeted by a Cobalt Illusion, a state-backed threat group posing as a fellow campaigner to steal their personal data, possibly with the intention of passing it on to the Islamist regime in Iran.	Account Takeover	Individual	Cyber Espionage	IR		Secureworks, Cobalt Illusion
83	09/03/2023	-	09/03/2023	Medusa	Bishop Luffa School	Bishop Luffa School, a British secondary school, has student data exposed after a likely ransomware attack by the Medusa gang.	Malware	Education	Cyber Crime	UK		Bishop Luffa School, ransomware, Medusa
84	09/03/2023	Since June 2022	Since June 2022	UNC2970	Western Media and Technology companies	Researchers from Mandiant expose a campaign targeting Western Media and Technology companies from a suspected North Korean espionage group tracked as UNC2970.	Targeted Attack	Professional, scientific and technical	Cyber Espionage	>1		Mandiant, North Korea, UNC2970
85	09/03/2023	Since 31/01/2023	Since 31/01/2023	Qakbot, AKA Qbot, Pinkslipbot, QuakBot	Multiple organizations	Multiple security companies, including Sophos and Trellix discover a new campaign distributing Qakbot via OneNote documents.	Malware	Multiple Industries	Cyber Crime	>1		Sophos, Trellix, Qakbot, Qbot, Pinkslipbot, QuakBot
86	09/03/2023	Since February 2023	During February 2023	BATLOADER	Multiple organizations	Researchers from eSentire discover a new campaign carried out via the malware downloader known as BATLOADER abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif.	Malware	Multiple Industries	Cyber Crime	>1		eSentire, BATLOADER, Google Ads, Vidar Stealer, Ursnif
87	09/03/2023	Between 25/10/2022 and 03/11/2022	03/11/2022	?	Merced College (MCCD)	Merced College (MCCD) files a notice of data breach after learning that a ransomware attack resulted in confidential student information being exposed to an unauthorized party.	Malware	Education	Cyber Crime	US		Merced College, MCCD, ransomware
88	09/03/2023	Between 16/12/2022 and 18/12/2022	05/01/2023	?	Trinity Health Corporation	Trinity Health Corporation files a notice of data breach after learning that a phishing incident resulted in the confidential information of tens of thousands of patients being leaked.	Account Takeover	Administration and support service	Cyber Crime	US		Trinity Health Corporation
89	09/03/2023	-	-	Dark Power	Autoridad para la Reconstrucción con Cambios (ARCC)	The data from the Autoridad para la Reconstrucción con Cambios (ARCC) are listed by a new group called Dark Power.	Unknown	Public admin and defence, social security	Cyber Crime	PE		Autoridad para la Reconstrucción con Cambios, ARCC, Dark Power
90	09/03/2023	Early March 2023	Early March 2023	?	Clinica Santa Chiara di Locarno	The Clinica Santa Chiara di Locarno is hit with a cyber attack.	Unknown	Human health and social work	Cyber Crime	CH		Clinica Santa Chiara di Locarno
91	10/03/2023	-	-	Hadoken Security Group	Banking users worldwide	Researchers from ThreatFabric discover a new version of the Xenomorph Android malware that adds significant capabilities to conduct malicious attacks, including a new automated transfer system (ATS) framework and the ability to steal credentials for 400 banks.	Malware	Finance and insurance	Cyber Crime	>1		ThreatFabric, Xenomorph, Android, Hadoken Security Group
92	10/03/2023	Since at least early December 2022.	Since at least early December 2022.	Multiple threat actors	Vulnerable VMware servers	CISA adds CVE-2021-39144, a critical severity vulnerability in VMware's Cloud Foundation, to its catalog of security flaws exploited in the wild.	CVE-2021-39144 Vulnerability	Multiple Industries	N/A	US		CISA, CVE-2021-39144, VMware's Cloud Foundation
93	10/03/2023	'Recently'	'Recently'	?	Web servers running phpMyAdmin, MySQL, FTP, and Postgres services	Researchers from Palo Alto Networks discover GoBruteforcer, a new Golang-based botnet malware scanning and infecting web servers running phpMyAdmin, MySQL, FTP, and Postgres services.	Brute-force	Multiple Industries	Cyber Crime	>1		Palo Alto Networks, GoBruteforcer, Golang, phpMyAdmin, MySQL, FTP, Postgres
94	10/03/2023	During February 2023	During February 2023	Dark Pink	Military and government organizations in South Asia	Researchers from EcleticIQ reveal that the suspected government-backed hackers Dark Pink are attacking military and government organizations in South Asia with malware called KamiKakaBot that is designed to steal sensitive information.	Malware	Public admin and defence, social security	Cyber Espionage	>1		EcleticIQ, Dark Pink, KamiKakaBot
95	10/03/2023	Between 28/01/2023 and 29/01/2023	28/01/2023	?	Zoll Medical	Medical technology developer Zoll Medical notifies roughly one million individuals that their personal information might have been compromised in a recent data breach.	Unknown	Professional, scientific and technical	Cyber Crime	US		Zoll Medical
96	10/03/2023	09/01/2023	09/01/2023	?	Florida Medical Clinic (FMC)	Florida Medical Clinic (FMC) files a notice of data breach after learning that unauthorized actors gained access to the FMC computer system following a ransomware attack.	Malware	Human health and social work	Cyber Crime	US		Florida Medical Clinic, FMC, ransomware
97	10/03/2023	Between 28/01/2023 and 30/01/2023	-	?	Community Health Systems Professional Services Company (CHSPSC)	Community Health Systems Professional Services Company (CHSPSC) files a notice of data breach after the organization learned that a cybersecurity event at Fortra, one of the company’s vendors, subjected patient information to unauthorized access.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Professional, scientific and technical	Cyber Crime	US		Community Health Systems Professional Services Company, CHSPSC, CVE-2023-0669 Fortra GoAnywhere MFT
98	10/03/2023	09/03/2023	10/03/2023	?	University hospital center (CHU) of Brest-Carhaix	The university hospital center (CHU) of Brest-Carhaix is the subject of a cyberattack.	Unknown	Human health and social work	Cyber Crime	FR		University hospital center, CHU, Brest-Carhaix
99	10/03/2023	09/03/2023	09/03/2023	?	Wilkes-Barre Career and Technical Center	Wilkes-Barre Career and Technical Center in Pennsylvania reportedly thwarts a cyber attack with backup procedures and by shutting down its network.	Malware	Education	Cyber Crime	US		Wilkes-Barre Career and Technical Center
100	10/03/2023	-	-	?	Municipality of Turate	The Municipality of Turate in Italy is hit with a cyber attack.	Unknown	Public admin and defence, social security	Cyber Crime	IT		Municipality of Turate
101	11/03/2023	-	-	Multiple threat actors	Vulnerable Plex Media Servers	CISA adds CVE-2020-5741, an almost three-year-old high-severity remote code execution (RCE) vulnerability in the Plex Media Server to its catalog of security flaws exploited in attacks.	CVE-2020-5741 Vulnerability	Multiple Industries	N/A	US		CISA, CVE-2020-5741, Remote Code Execution, RCE, Plex Media Server
102	11/03/2023	-	-	Clop AKA Cl0p	Multiple organizations	The Clop ransomware gang begins extorting companies whose data was stolen using a zero-day vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Multiple Industries	Cyber Crime	>1		Clop, Cl0p, ransomware, Fortra GoAnywhere MFT
103	11/03/2023	10/03/2023	10/03/2023	?	Centre Hospitalier Universitaire (CHU) Saint-Pierre	Centre Hospitalier Universitaire (CHU) Saint-Pierre in Belgium is hit with a cyber attack.	Unknown	Human health and social work	Cyber Crime	BE		Centre Hospitalier Universitaire Saint-Pierre, CHU
104	11/03/2023	-	-	LockBit 3.0	Grupo Hospitalar Vida	The Grupo Hospitalar Vida is hit with a LockBit ransomware attack.	Malware	Human health and social work	Cyber Crime	BR		Grupo Hospitalar Vida, LockBit, ransomware
105	11/03/2023	-	-	LockBit 3.0	Schrader Camargo	Schrader Camargo is listed in the site of the LockBit 3.0 ransomware gang.	Malware	Professional, scientific and technical	Cyber Crime	CO		Schrader Camargo, LockBit 3.0, ransomware
106	11/03/2023	-	-	LockBit 3.0	Bontà Viva	Bontà Viva, an Italian dairy, is listed in the site of the LockBit 3.0 ransomware gang.	Malware	Accommodation and food service	Cyber Crime	IT		LockBit 3.0 ransomware
107	12/03/2023	Since 2023	During 2024	Medusa	Multiple organizations	The ransomware operation known as Medusa begins to pick up steam in 2023, targeting corporate victims worldwide with million-dollar ransom demands.	Malware	Multiple Industries	Cyber Crime	>1		Medusa, ransomware
108	12/03/2023	'Recently'	'Recently'	A "community from a Russian social network"	GSC Game World	GSC Game World, the developer of the ‘STALKER 2: Heart of Chornobyl’ game, warns their systems were breached, allowing threat actors to steal game assets during the attack.	Account Takeover	Arts entertainment, recreation	Hacktivism	UA		GSC Game World, STALKER 2: Heart of Chornobyl, Russia, Ukraine
109	12/03/2023	'Recently'	'Recently'	?	Shopee and Carousell users in Taiwan	Shopee and Carousell users in Taiwan are the victims of a phishing campaign.	Account Takeover	Individual	Cyber Crime	TW		Shopee, Carousell
110	13/03/2023	05/03/2023	05/03/2023	?	Estonia Parliamentary Elections	The National Cyber Security Centre-Estonia (NCSC-EE) reveals that the parliamentary elections were unsuccessfully targeted by cyberattacks.	Unknown	Public admin and defence, social security	Cyber Warfare	EE		National Cyber Security Centre-Estonia, NCSC-EE, Estonia Parliamentary Elections
111	13/03/2023	12/03/2023	12/03/2023	?	Euler Finance	Lending protocol Euler Finance is hit by a cryptocurrency flash loan attack, with the threat actor stealing $197 million in multiple digital assets.	Flash loan	Fintech	Cyber Crime	N/A		Euler Finance
112	13/03/2023	Since 10/03/2023	10/03/2023	?	Silicon Valley Bank (SVB) customers	Multiple security researchers and security companies report that threat actors are exploiting the Silicon Valley Bank collapse, registering suspicious domains that are very likely to be used in attacks.	Account Takeover	Finance and insurance	Cyber Crime	US		Silicon Valley Bank, SVB
113	13/03/2023	-	-	Play	Royal Dirkzwager	The Play ransomware group adds the Dutch maritime logistics company Royal Dirkzwager to its list of its victims.	Malware	Administration and support service	Cyber Crime	NL		Royal Dirkzwager, ransomware
114	13/03/2023	Since May 2022	Since May 2022	DEV-1101	Multiple organizations	Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem.	Account Takeover	Multiple Industries	Cyber Crime	>1		DEV-1101, Microsoft, adversary-in-the-middle, AiTM
115	13/03/2023	-	-	KalvinSecurity	Undisclosed organization in Russia	The KalvinSecurity hacker group shares hundreds of documents online containing information on the development of the Sputnik V COVID-19 vaccine, with some including the names of deceased participants of its clinical trials.	Unknown	Human health and social work	Hacktivism	RU		KalvinSecurity, Sputnik V, COVID-19
116	13/03/2023	Since 25/01/2023	Since 25/01/2023	Emotet	Multiple organizations in Europe, Asia Pacific, and Latin America	Researchers from Trend Micro discover a new Emotet campaign using binary padding to avoid detection.	Malware	Multiple Industries	Cyber Crime	>1		Trend Micro, Emotet, Binary Padding
117	13/03/2023	Since November 2022	Since November 2022	?	Multiple organizations	Researchers from CloudSEK reveal that threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar.	Malware	Multiple Industries	Cyber Crime	>1		CloudSEK, YouTube, Raccoon, RedLine, Vida
118	13/03/2023	14/04/2022	21/06/2022	?	AllCare Plus Pharmacy	After an email phishing attack, AllCare Plus Pharmacy reports that 5,971 patients potentially had their protected health information (PHI) exposed.	Account Takeover	Human health and social work	Cyber Crime	US		AllCare Plus Pharmacy
119	13/03/2023	-	-	LockBit 3.0	Lubrimetal	Lubrimetal, an Italian chemical firm, is hit with a LockBit ransomware attack.	Malware	Professional, scientific and technical	Cyber Crime	IT		Lubrimetal, LockBit, ransomware
120	13/03/2023	02/03/2023	02/03/2023	?	Guam Memorial Hospital	The Guam Memorial Hospital is hit wth a cyber attack.	Unknown	Human health and social work	Cyber Crime	US		Guam Memorial Hospital
121	14/03/2023	Early March 2023	Early March 2023	APT29 AKA Nobelium and Cozy Bear, the Dukes	Diplomatic entities and government agencies in Eastern Europe	Researchers from BlackBerry reveal that the Russian state-backed group known as Nobelium is behind recent attempted cyberattacks on diplomatic entities and government agencies in the European Union via phishing emails with a malicious document attached, using the Polish Foreign Minister’s recent visit to the US as a lure.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	>1		BlackBerry, Nobelium, APT29, Cozy Bear, Dukes
122	14/03/2023	Since at least June 2022	Since at least June 2022	YoroTrooper	CIS countries, embassies and EU health care agencies	Researchers from Cisco Talos discover a new threat actor named 'YoroTrooper' running cyber-espionage campaigns since at least June 2022, targeting government and energy organizations in Commonwealth of Independent States (CIS) countries, embassies and EU health care agency.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		Cisco Talos, YoroTrooper, Commonwealth of Independent States, CIS
123	14/03/2023	-	-	?	Crypto investors in the U.S.	The Federal Bureau of Investigation (FBI) reveals that Americans are increasingly targeted in 'pig butchering' cryptocurrency investment schemes.	Pig-butchering scam	Fintech	Cyber Crime	US		U.S. Federal Bureau of Investigation, FBI, pig-butchering
124	14/03/2023	Since at least January 2023	15/02/2023	Magniber	Multiple organizations in South Korea, China, Taiwan, Malaysia, Hong Kong, Singapore, and now Europe.	Microsoft patches CVE-2023-24880, a zero-day used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware.	CVE-2023-24880 Vulnerability	Multiple Industries	Cyber Crime	CN HK KR MY SG TW EU		Microsoft, CVE-2023-24880, Magniber, ransomware
125	14/03/2023	Between mid-April and December 2022	-	APT28 AKA STRONTIUM, Sednit, Sofacy, and Fancy Bear	Fewer than 15 government, military, energy, and transportation organizations in Europe	Microsoft patches an Outlook zero-day vulnerability (CVE-2023-23397) exploited by APT28, the hacking group linked to Russia's military intelligence service GRU to target European organizations.	CVE-2023-23397 Vulnerability	Multiple Industries	Cyber Espionage	>1		APT28, STRONTIUM, Sednit, Sofacy, and Fancy Bear, Microsoft, Outlook, CVE-2023-23397, GRU
126	14/03/2023	-	-	?	Rubrik	Cybersecurity company Rubrik confirms that its data was stolen using a zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Professional, scientific and technical	Cyber Crime	US		CVE-2023-0669, Fortra GoAnywhere
127	14/03/2023	Between 30/06/2022 and 05/07/2022	05/07/2022	?	Independent Living Systems (ILS)	Independent Living Systems (ILS), a Miami-based healthcare administration and managed care solutions provider, discloses a data breach that exposed the personal information of 4,226,508 individuals.	Unknown	Human health and social work	Cyber Crime	US		Independent Living Systems, ILS
128	14/03/2023	-	-	FakeCalls	Banking users in South Korea	Researchers from Check Point reveal that the Android malware 'FakeCalls' is circulating again in South Korea, imitating phone calls for over 20 financial organizations and attempting to fool bankers into giving away their credit card details.	Malware	Finance and insurance	Cyber Crime	KR		Check Point reveal, Android, FakeCalls
129	14/03/2023	-	-	ALPHV AKA BlackCat	Ring	The smart doorbell and security camera company Ring is allegedly hit with a BlackCat ransomware attack, despite the company denied it was hit.	Malware	Manufacturing	Cyber Crime	US		ALPHV, BlackCat, Ring, ransomware
130	14/03/2023	14/03/2023	14/03/2023	?	Wymondham College	Wymondham College, the largest state boarding school in the United Kingdom, announces that it had been hit by a “sophisticated cyberattack”.	Unknown	Education	Cyber Crime	UK		Wymondham College
131	14/03/2023	-	-	LockBit 3.0	Maximum Industries	The LockBit ransomware group claims to have stolen valuable SpaceX files after breaching the systems of piece part production company Maximum Industries.	Malware	Manufacturing	Cyber Crime	US		LockBit , LockBit 3.0, ransomware, SpaceX, Maximum Industries
132	14/03/2023	During March 2021	-	Tick AKA Bronze Butler and RedBaldKnight	DLP software development company located in an unnamed East Asian country	Researchers from ESET disclose a campaign by the notorious Chinese cyberespionage group known as Tick, targeting a data loss prevention (DLP) company that serves military and other government organizations.	Targeted Attack	Professional, scientific and technical	Cyber Espionage	N/A		Tick, Bronze Butler, RedBaldKnight, ESET
133	14/03/2023	-	-	Black Basta	Marshall	Marshall, a British amplifier and speaker-cabinet maker, is added to the victim list of ransomware gang Black Basta’s dark-web blog.	Malware	Manufacturing	Cyber Crime	UK		Marshall, ransomware, Black Basta
134	14/03/2023	'Recently'	'Recently'	GoatRAT	Mobile banking users in Brazil	Researchers from Cyble discover GoatRAT, an Android banking Trojan targeting Brazilian banks.	Malware	Finance and insurance	Cyber Crime	BR		Cyble, GoatRAT, Android
135	14/03/2023	16/09/2022	-	?	NorthStar Emergency Medical Services	NorthStar Emergency Medical Services discloses a breach that might have given bad actors access to the records of more than 80,000 current and former patients.	Unknown	Human health and social work	Cyber Crime	US		NorthStar Emergency Medical Services
136	14/03/2023	-	09/02/2023	?	Voya Financial Advisors (VFA)	Voya Financial Advisors (VFA) files a notice of data breach after learning that sensitive consumer information stored on the company’s computer system was accessible to an unauthorized party.	Account Takeover	Finance and insurance	Cyber Crime	US		Voya Financial Advisors, VFA
137	14/03/2023	-	14/03/2023	Kernelware	PetroVietnam	Kernelware postes data from PetroVietnam, a state-owned oil and gas group.	Unknown	Electricity, gas steam, air conditioning	Cyber Crime	VN		Kernelware, PetroVietnam
138	14/03/2023	-	14/03/2023	Kernelware	Long Son Petrochemicals	Kernelware posts data from Long Son Petrochemicals	Unknown	Electricity, gas steam, air conditioning	Cyber Crime	VN		Kernelware, Long Son Petrochemicals
139	14/03/2023	-	14/03/2023	Kernelware	POSCO Engineering & Construction	Kernelware postes data from POSCO Engineering & Construction.	Unknown	Electricity, gas steam, air conditioning	Cyber Crime	VN		Kernelware, POSCO Engineering & Construction
140	14/03/2023	-	-	?	Undisclosed supplier	A threat actor leaks some data allegedly stolen from the Italian engineering company Fincantieri. A subsequent analysis reveals that the data was stolen from a third party.	Account Takeover	Professional, scientific and technical	Cyber Crime	IT		FIncantieri
141	15/03/2023	During February 2023	During February 2023	?	Vulnerable Kubernetes systems	Researchers from Crowdstrike discover The first known cryptojacking operation mining the Dero coin, targeting vulnerable Kubernetes container orchestrator infrastructure with exposed APIs.	Misconfiguration	Multiple Industries	Cyber Crime	>1		Crowdstrike, Dero, Kubernetes
142	15/03/2023	Between November 2022 and early January 2023	-	At least two threat actors (including the Vietnamese XE Group)	Unnamed federal civilian executive branch (FCEB) agency	The CISA, FBI, and MS-ISAC reveal that a U.S. federal agency's Microsoft Internet Information Services (IIS) web server was hacked by exploiting a critical .NET deserialization vulnerability in the Progress Telerik UI for ASP.NET AJAX component.	CVE-2019-18935 vulnerability	Public admin and defence, social security	Cyber Espionage	US		CISA, FBI, MS-ISAC, Microsoft Internet Information Services, IIS, .NET, Progress Telerik UI
143	15/03/2023	-	-	Multiple threat actors	Multiple organizations	CISA adds CVE-2023-26360, a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018, to its catalog of security bugs exploited in the wild.	CVE-2023-26360 Vulnerability	Multiple Industries	N/A	US		CISA, CVE-2023-26360, Adobe ColdFusion, 2021, 2018
144	15/03/2023	Mid-march 2023	Mid-march 2023	?	Banking customers worldwide	A convincing Twitter scam is targeting bank customers by abusing the quote-tweet feature.	Account Takeover	Finance and insurance	Cyber Crime	>1		quote-tweet
145	15/03/2023	-	-	?	Multiple organizations	Researchers from Avast reveal that cybercriminals are abusing Adobe Acrobat Sign, an online document signing service, to distribute the redline info-stealing malware to unsuspecting users.	Malware	Multiple Industries	Cyber Crime	>1		Adobe Acrobat Sign, Redline, Avast
146	15/03/2023	-	13/03/2023	LockBit 3.0?	Deutsche Bank	An unknown hacker offers up a cache of 60GB of sensitive files, allegedly stolen from Deutsche Bank by the infamous LockBit ransomware gang.	Unknown	Finance and insurance	Cyber Crime	DE		Deutsche Bank, LockBit, ransomware
147	15/03/2023	During Q4 2022	During Q4 2022	Chinese and Russian cybercriminals	Multiple organizations in Brazil, France, and Taiwan	Researchers from WithSecure discover a threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems using SILKLOADER, a new piece of malware designed to load Cobalt Strike onto infected machines.	Malware	Multiple Industries	Cyber Crime	BR FR TW		WithSecure, China, Russia, SILKLOADER, Cobalt Strike
148	15/03/2023	During the past few months	During the past few months	dotRunpeX	Multiple organizations	Researchers from Check Point discover a new piece of malware dubbed dotRunpeX used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar.	Malware	Multiple Industries	Cyber Crime	>1		Check Point, dotRunpeX, Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, Vidar
149	15/03/2023	During August 2022	During August 2022	?	Tom James Company	Kroger Postal Prescription Services (Kroger PPS) files a notice of data breach after learning that confidential consumer information in the company’s possession was subject to unauthorized access.	Unknown	Wholesale and retail	Cyber Crime	US		Kroger Postal Prescription Services, Kroger PPS
150	15/03/2023	Since Early 2022	-	Black Basta	Organizations in the Healthcare Sector in the U.S.	The Health Sector Cybersecurity Coordination Center (HC3) issues a warning regarding the Black Basta ransomware group targeting the Healthcare sector.	Malware	Human health and social work	Cyber Crime	US		Health Sector Cybersecurity Coordination Center, HC3, Black Basta, ransomware
151	15/03/2023	14/03/2023	10/03/2023	?	HLA Grupo Hospitalario	A forum user on BreachForums lists data from the HLA Grupo Hospitalario in Spain for sale. The listing advertises 45,000 patient records and information on 1,600 doctors, with samples provided of each.	Misconfiguration	Human health and social work	Cyber Crime	ES		BreachForums, HLA Grupo Hospitalario
152	15/03/2023	13/03/2023	13/03/2023	?	Autoridad de Acueductos y Alcantarillados (AAA)	Autoridad de Acueductos y Alcantarillados (AAA) confirms it suffered a ransomware attack. The attack reportedly affects AAA’s electronic customer service systems.	Malware	Public admin and defence, social security	Cyber Crime	PR		Autoridad de Acueductos y Alcantarillados, AAA, ransomware
153	15/03/2023	15/03/2023	15/03/2023	?	Poolz Finance	An attacker steals $390,000 from cross-chain platform Poolz Finance	Vulnerability	Fintech	Cyber Crime	N/A		Poolz Finance
154	15/03/2023	-	-	?	Municipality of Taggia	The Municipality of Taggia in Italy is hit with a cyber attack.	Malware	Public admin and defence, social security	Cyber Crime	IT		Municipality of Taggia
155	15/03/2023	During Q4 2022	29/09/2022	Black Basta	Undisclosed organization(s)	Researchers from ReliaQuest discover a new campaign using Qbot distributing the Black Basta ransomware.	Malware	Unknown	Cyber Crime	N/A		ReliaQuest, QakBot, Qbot Black Basta, ransomware
156	15/03/2023	Between 30/07/2022 and 25/08/2022	30/11/2022	?	Merritt Healthcare Advisors	Merritt Healthcare Advisors reports a phishing attack that exposed the data of some of its healthcare clients.	Account Takeover	Professional, scientific and technical	Cyber Crime	US		Merritt Healthcare Advisors
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

April 2023 Cyber Attacks Timeline
After the cyber attacks timelines, it’s time to publish the statistics of April 2023 where I collected...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
Q1 2023 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published in the first three months of 2023. In total...
16-30 April 2023 Cyber Attacks Timeline
In the second half of April 2023 I collected 180 events (corresponding to 12 events/day), a sharp increase compared to...
Leaky Buckets in 2023
Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...