The sustained trend of cyber attacks continued in the second half of March, where I collected 177 events (corresponding to 11.19 events/day).
This high number is mainly due to the wave of attacks against high-profile targets worldwide, carried out by the Clop (AKA Cl0p) ransomware gang, carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability. This aspect obviously led to a sharp increase in the number of ransomware attack: 54 out of 179 events (corresponding to 30.1%) were characterized by this attack vector, in contrast with 21.7% of the previous timeline. In terms of ransomware, even the LockBit gang was particularly active, but this is not a surprise any longer.
Also due to the exploitation at scale of this vulnerability, the software flaws played a part in 42 out of 177 events or, in other terms, in 23.7%, more than twice than 12.5% of the previous fortnight.
Multi-million losses continued to plague the fintech sector, with SafeMoon suffering a hack leading to the theft of $8.9 million worth in multiple digital assets. Other fintech organizations were targeted in the same period but in at least two cases the attackers were unsuccessful.
And the season of mega breaches continued: victims in this fortnight included: Latitude Financial Services (14 million records affected), TMX Finance (nearly 5 million affected), and Blauw (1.5 million individuals affected).
The Cyber Espionage front was always hot, with multiple campaigns unearthed also in the second half of March, and carried out by known threat actors such as: the North Korean Lazarus Group (author of a massive supply-chain attack against 3CX), APT37, APT43, Winnti, Kimsuky, SideCopy, Bitter, Mustang Panda, and also less-known groups such as Winter Vivern and Bad Magic, a threat actor targeting organizations located in the Donetsk, Lugansk, and Crimea regions.
And as always, this brief summary is closed by a quick mention to the DDos attacks launched by the pro-Russian hacktivists of NoName057(16) that were directed against several government websites in Italy and France
My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Geo Map March H2 2023
No Data Found
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/03/2023
Since 2021
-
Winter Vivern
Various government organizations since 2021, including Lithuania, India, Vatican, and Slovakia.
Researchers from Sentinel One discover a new campaign by the pro-Russian group Winter Vivern, targeting several European government organizations and telecommunication service providers to conduct espionage.
Targeted Attack
Multiple Industries
Cyber Espionage
IN
IT
PL
UA
Sentinel One, Winter Vivern
2
16/03/2023
16/03/2023
16/03/2023
?
Latitude Financial Services
Australian financial services company Latitude Financial Services reveals that personal information of approximately 14 million individuals might have been compromised in a data breach.
Unknown
Finance and insurance
Cyber Crime
AU
Latitude Financial Services
3
16/03/2023
-
-
?
Two undisclosed service providers
In the wake of the Latitude Financial Services breach, the threat actor is able to steal an employee's login and use it for logging into two of the company's service providers to steal customer data.
Account Takeover
Professional, scientific and technical
Cyber Crime
AU
Latitude Financial Services
4
16/03/2023
-
-
BianLian
Multiple organizations
Researchers from Redacted reveal that the BianLian ransomware group has shifted its focus from encrypting its victims' files to only exfiltrating data found on compromised networks and using them for extortion.
Malware
Multiple Industries
Cyber Crime
>1
Redacted, BianLian, ransomware
5
16/03/2023
During Q1 2023
During Q1 2023
HinataBot
Realtek SDK, Huawei routers, and Hadoop YARN servers
Researchers from Akamai discover HinataBot, a new malware botnet targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS.
Multiple vulnerabilities including CVE-2014-8361 and CVE-2017-17215
Defense, government, tech, and telecom organizations
Researchers from Mandiant reveal that the suspected Chinese threat actor UNC3886 has been exploiting the Fortinet CVE-2022-41328 vulnerability to target organizations in the in the defense, government, tech, and telecom sectors.
At least 16 organizations in the manufacturing, finance, construction, agriculture, marketing and high technology industries.
Researchers from Palo Alto Networks discover Trigona, a new ransomware strain extremely active in Australia, Italy, France, Germany, New Zealand, and the United States.
Malware
Multiple Industries
Cyber Crime
AU
DE
FR
IT
NZ
US
Palo Alto Networks, Trigona, Ransomware
8
16/03/2023
Early February 2023
Early February 2023
?
Undisclosed Educational Institution
Researchers from Armorblox detect a new hybrid phishing campaign impersonating the Social Security Administration (SSA), which tries to trick recipients into calling a criminal call center.
Account Takeover
Education
Cyber Crime
US
Armorblox, Social Security Administration, SSA
9
16/03/2023
-
-
?
Android Crypto users
Researchers from ESET discover dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps hiding clipper malware.
Malware
Fintech
Cyber Crime
>1
ESET, Telegram, WhatsApp
10
16/03/2023
-
During July 2022
?
Happy State Bank (HSB)
Happy State Bank (HSB) files a notice of data breach after learning that confidential consumer information stored on the company’s computer system was compromised following an email phishing attack.
Account Takeover
Finance and insurance
Cyber Crime
US
Happy State Bank, HSB
11
16/03/2023
-
-
Phoenix
Indian Health Ministry
A pro-Russian hacker group, Phoenix, claims to have hacked the Indian Health Ministry, and stolen sensitive information on hospitals, staff, patients and more.
Unknown
Public admin and defence, social security
Hacktivism
IN
Phoenix, Indian Health Ministry
12
17/03/2023
-
-
Clop (AKA Cl0p)
Hitachi Energy
Hitachi Energy confirms it suffered a data breach after the Clop ransomware gang stole data using the GoAnywhere zero-day vulnerability.
Rio Tinto, the world's second-largest metals and mining corporation, ia added to Clop’s ransomware list of victims.
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Mining and quarrying
Cyber Crime
AU
UK
Rio Tinto, CVE-2023-0669 Fortra GoAnywhere, Clop, Cl0p
14
17/03/2023
-
-
Clop (AKA Cl0p)
Undisclosed supplier
Investissement Québec, a government organization created to attract businesses to the region, confirms that one of its suppliers was attacked through the GoAnywhere MFT product by the Clop ransomware gang.
The NBA (National Basketball Association) notifies fans of a data breach after some of their personal information, "held" by a third-party newsletter service, was stolen.
Unknown
Professional, scientific and technical
Cyber Crime
US
NBA, National Basketball Association
16
17/03/2023
17/03/2023
17/03/2023
?
Docomo Pacific
The largest provider of mobile, television, internet and telephone services to the U.S. territories of Guam and the Northern Mariana Islands, Docomo Pacific, recovers from a cyberattack that brought down many of its services.
Unknown
Information and communication
Cyber Crime
US
Docomo Pacific, Guam, Northern Mariana
17
17/03/2023
-
-
ShellBot (AKA PerlBot)
Misconfigured Linux SSH servers
Researchers from AhnLab discover a new variant of the ShellBot malware employed in a campaign that targets poorly managed Linux SSH servers.
Misconfiguration
Multiple Industries
Cyber Crime
>1
AhnLab, ShellBot, PerlBot, Linux, SSH
18
17/03/2023
17/03/2023
17/03/2023
?
Paraspace
Security firm BlockSec prevents a hacker from stealing $5 million from the NFT lending project Paraspace.
Vulnerability
Fintech
Cyber Crime
N/A
BlockSec, Paraspace.
19
17/03/2023
29/08/2022
Between 27/08/2022 and 29/08/2022
?
Sunland Asphalt and Construction
Sunland Asphalt and Construction files a notice of data breach after learning that an unknown actor had gained access to certain parts of the Sunland network that stored confidential consumer information.
Unknown
Professional, scientific and technical
Cyber Crime
US
Sunland Asphalt and Construction
20
17/03/2023
-
17/01/2023
?
Health Plan of San Mateo (HPSM)
The Health Plan of San Mateo files a notice of data breach after learning that an unauthorized party was able to access confidential member information stored in an employee’s email account.
Account Takeover
Human health and social work
Cyber Crime
US
Health Plan of San Mateo, HPSM
21
17/03/2023
-
31/10/2022
?
Virtual Private Network Solutions (VPN Solutions)
Associates in Dermatology (AID) files a notice of data breach after a ransomware attack targeting its vendor Virtual Private Network Solutions (VPN Solutions),
El Camino Health investigates claims of a possible data breach.
Account Takeover
Human health and social work
Cyber Crime
US
El Camino Health
23
17/03/2023
17/03/2023
17/03/2023
?
Cooperativa de Electricidad Obras y Servicios Públicos de San Antonio de Areco (CEOSP)
The Cooperativa de Electricidad Obras y Servicios Públicos de San Antonio de Areco (CEOSP) posts a notice about a malware incident:
Malware
Electricity, gas steam, air conditioning
Cyber Crime
AR
Cooperativa de Electricidad Obras y Servicios Públicos de San Antonio de Areco, CEOSP
24
17/03/2023
Since early March 2023
During March 2023
Ursnif
Italian Taxpayers
The Italian taxpayers are the targets of a campaign distributing the Ursnif malware via fake notifications from the Italian Revenue Agency (Agenzia delle Entrate).
Malware
Individual
Cyber Crime
IT
Ursnif, Italian Revenue Agency, Agenzia delle Entrate
25
18/03/2023
Between 17/03/2023 and 18/03/2023
18/03/2023
?
General Bytes
Leading Bitcoin ATM maker General Bytes discloses that hackers stole cryptocurrency from the company and its customers using a zero-day vulnerability in its BATM management platform. $1.5M worth are stolen.
0-day Vulnerability
Manufacturing
Cyber Crime
US
ATM, General Bytes, BATM
26
18/03/2023
18/11/2022
18/11/2022
?
CHC Montlégia
The CHC Montlégia in Liège is still down for a cyber attack suffered in November 2022.
Unknown
Human health and social work
Cyber Crime
BE
CHC Montlégia
27
18/03/2023
-
-
Clop (AKA Cl0p)
Zucchetti Kos
The Italian Zucchetti Kos, a manufacturer of sanitary taps, is hit by the Clop ransomware gang.
Malware
Manufacturing
Cyber Crime
IT
Zucchetti Kos, Cl0p, Clop, ransomware
28
19/03/2023
Vice Society
Puerto Rico Aqueduct and Sewer Authority (PRASA)
The Vice Society ransomware gang claims to have hit the Puerto Rico Aqueduct and Sewer Authority (PRASA)
Malware
Water supply, waste mgmt, remediation
Cyber Crime
US
Vice Society, Ransomware, Puerto Rico Aqueduct and Sewer Authority, PRASA
29
19/03/2023
-
-
?
Datatime
QIMR Berghofer, an Australian medical research institute, is hit by a data breach after Datatime, a technology company hired by QIMR, suffers a cyber attack.
Unknown
Professional, scientific and technical
Cyber Crime
AU
QIMR Berghofer, Datatime
30
19/03/2023
19/03/2023
19/03/2023
NoName057(16)
High Council of the Judiciary (Consiglio Superiore della Magistratura)
The High Council of the Judiciary is taken down by a DDoS attack launched by the hacktivists of the pro-Russian NoName057(16) collective.
DDoS
Public admin and defence, social security
Hacktivism
IT
NoName057(16), High Council of the Judiciary, Consiglio Superiore della Magistratura
31
20/03/2023
During February 2023
During February 2023
?
Multiple organizations
Researchers from JFrog discover a sophisticated and highly-malicious attack targeting .NET developers via the NuGet repository, using sophisticated typosquatting techniques downloaded more than 150,000 times.
Malware
Multiple Industries
Cyber Crime
>1
JFrog, .NET, NuGet
32
20/03/2023
-
-
?
Ferrari
Ferrari discloses a data breach following a ransom demand received after attackers gained access to some of the company's IT systems.
Unknown
Manufacturing
Cyber Crime
IT
Ferrari
33
20/03/2023
-
-
Kimsuky (aka Thallium, Velvet Chollima)
Users in South Korea
A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of Korea (NIS) warns about Kimsuky's use of Chrome extensions to steal target's Gmail emails.
Targeted Attack
Individual
Cyber Espionage
KR
German Federal Office for the Protection of the Constitution, BfV, National Intelligence Service of the Republic of Korea, NIS, Kimsuky, Thallium, Velvet Chollima, Chrome, Android, Gmail
34
20/03/2023
17/03/2023
17/03/2023
?
Lansing Community College
The Lansing Community College brings systems back online after experiencing a cyberattack that cut off campus Wi-Fi and forced the school to temporarily cancel its online courses.
Unknown
Education
Cyber Crime
US
Lansing Community College
35
20/03/2023
-
-
REF2924
Organizations in southern and southeast Asia
Researchers from Elastic discover Naplistener, a novel data-stealing malware with high capabilities to evade detection.
Malware
Multiple Industries
Cyber Crime
>1
Elastic, Naplistener
36
20/03/2023
During the previous week
During the previous week
Chinese Military
Qantas
Australian airline Qantas issues standing orders to its pilots advising them that some of its fleet experienced interference on VHF stations from sources purporting to be the Chinese Military.
VHF Interference
Transportation and storage
Cyber Warfare
AU
Qantas, Chinese Military
37
20/03/2023
-
-
Mispadu
Banking users Chile, Mexico, Peru and Portugal
Researchers from Metabase Q discover twenty different spam campaigns relying on the Mispadu banking Trojan were discovered targeting victims in Chile, Mexico, Peru and Portugal.
Malware
Finance and insurance
Cyber Crime
CL
MX
PE
PT
Metabase Q, Mispadu
38
20/03/2023
20/03/2023
20/03/2023
?
News24 Twitter account
The Twitter account of one of the leading news channels in India – News24 – is the victim of a cryptocurrency scheme, with attackers breaching their security to post phishing links of a fake XRP drop.
Account Takeover
Information and communication
Cyber Crime
IN
Twitter, News24, XRP
39
20/03/2023
During July 2022
During July 2022
?
Oklahoma City University (OCU)
Oklahoma City University (OCU) files a notice of data breach after learning that a cyberattack compromised the security of current and former students and employees,
Unknown
Education
Cyber Crime
US
Oklahoma City University, OCU
40
20/03/2023
20/03/2023
20/03/2023
?
Shoreline Community College
A ransomware attack forces the majority of Shoreline Community College students and staff to transition to remote work.
Malware
Education
Cyber Crime
US
Shoreline Community College
41
20/03/2023
20/03/2023
20/03/2023
?
Consejo Nacional de Supervisión del Sistema Financiero (CONASSIF)
The website of the Costa Rican Consejo Nacional de Supervisión del Sistema Financiero (CONASSIF) is defaced.
Defacement
Finance and insurance
Cyber Crime
CR
Consejo Nacional de Supervisión del Sistema Financiero, CONASSIF
42
21/03/2023
21/03/2023
21/03/2023
pro-Russia Threat Actors
Skylink
M7 Group’s Czech and Slovak operator Skylink is the victim of a DDoS attack by Russian threat actors.
DDoS
Information and communication
Hacktivism
CZ
SK
M7 Group, Skylink, Russia
43
21/03/2023
-
-
Clop (AKA Cl0p)
Saks Fifth Avenue
The Clop ransomware gang claims to have attacked Saks Fifth Avenue on its dark web leak site.
Government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions
Researchers from Kaspersky discover a campaign targeting government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions via a previously unseen malicious framework called CommonMagic and a new backdoor called PowerMagic.
Targeted Attack
Multiple Industries
Cyber Espionage
UA
Dropbox, OneDrive, Kaspersky, Donetsk, Lugansk, Crimea, CommonMagic, PowerMagic, Bad Magic
45
21/03/2023
-
-
?
Multiple organizations
Researchers from Sucuri discover a new credit card stealing campaign hiding the malicious code inside the 'Authorize.net' payment gateway module for WooCommcerce, to evade detection by security scans.
Malicious Script Injection
Wholesale and retail
Cyber Crime
>1
Sucuri. Authorize.net, WooCommcerce
46
21/03/2023
-
-
?
Android users
Google suspends the Chinese shopping app Pinduoduo on its app store after malware was discovered in versions of the app from other sources.
Malware
Individual
Cyber Crime
>1
Google, Pinduoduo, Android
47
21/03/2023
Since early January 2023
Early January 2023
Nexus
Android Banking users
Researchers from Cleafy discover Nexus, and Android malware able to perform account takeover (ATO) attacks against more than 450 financial applications.
Malware
Finance and insurance
Cyber Crime
>1
Cleafy, Nexus, Android, Account Takeover, ATO
48
21/03/2023
From January 2022 to January 2023
During 2022
?
Job seekers in Middle East
Researchers from Group-IB discover a campaign leveraging more than 2400 scam pages targeting Arabic-speaking job seekers in 13 countries
Account Takeover
Individual
Cyber Crime
>1
Group-IB
49
21/03/2023
During February and March 2023
-
APT37 (AKA ScarCruft or Temp.Reaper)
Individuals in various South Korean organizations
Researchers from Zscaler discover a new campaign by the North Korean APT27 threat actor, using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware onto targeted machines.
Targeted Attack
Multiple Industries
Cyber Espionage
KR
APT37, ScarCruft, Temp.Reaper, Zscaler, North Korea, Microsoft Compiled HTML Help, CHM
50
21/03/2023
'Recently'
'Recently'
SideCopy APT
India's Defense Research and Development Organization (DRDO)
Security researchers from Cyble discover a new campaign by the Pakistani cyberespionage group SideCopy APT employing fresh tactics to target workers at India's Defense Research and Development Organization and steal sensitive military secrets.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
IN
Cyble, India, Pakistan, SideCopy APT, Defense Research and Development Organization, DRDO
51
21/03/2023
17/11/2022
17/11/2022
?
Top of the World Ranch Treatment Center
Top of the World Ranch Treatment Center discloses a healthcare data breach that stemmed from unauthorized access to one business email account.
Account Takeover
Human health and social work
Cyber Crime
US
Top of the World Ranch Treatment Center
52
22/03/2023
Since 14/03/2023
During March 2023
?
Facebook users
Researchers from Guardio Labs discover a trojanized version of the legitimate ChatGPT extension for Chrome, called FakeGPT, gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts.
Malware
Individual
Cyber Crime
>1
Guardio Labs, ChatGPT, Chrome, FakeGPT, Chrome Web Store, Facebook
53
22/03/2023
-
-
?
Multiple organizations
Researchers from Phylum discover 'onyxproxy', a malicious package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised devices.
Malware
Multiple Industries
Cyber Crime
>1
Phylum, 'onyxproxy', PyPI, Unicode
54
22/03/2023
'Recently'
'Recently'
?
Municipal government organization
InQuest Labs analysts detect a phishing attack discovered by a municipal government organization, hosting the phishing pages on Raven and Microsoft Azure.
Account Takeover
Public admin and defence, social security
Cyber Crime
N/A
InQuest Labs, Raven, Microsoft Azure.
55
22/03/2023
-
-
Clop (AKA Cl0p)
AvidXchange
Payment software startup AvidXchange joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
Swiss pharmaceutical giant Galderma joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
Healthcare call center provider ITx Companies joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
Child mental health startup Brightline joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
Events planner Emerald Expositions joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
Private equity firm Onex joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
Rehab and mental health provider Homewood Health joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
England-based affordable housing provider Guinness Partnership joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
Retail banking company Avidia Bank joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Finance and insurance
Cyber Crime
US
Avidia Bank, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
65
22/03/2023
-
-
Clop (AKA Cl0p)
Medex Healthcare
Medex Healthcare joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
Cornerstone Home Lending joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Finance and insurance
Cyber Crime
US
Cornerstone Home Lending, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
67
22/03/2023
-
-
Clop (AKA Cl0p)
Grupo Vanti
Colombian energy giant Grupo Vanti joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Electricity, gas steam, air conditioning
Cyber Crime
CO
Grupo Vanti, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
68
22/03/2023
-
-
?
Undisclosed Insurance Firm
Researchers from Abnormal Security reveal the details of an attempted $36M Business Email Compromise attack against an insurance firm.
Business Email Compromise
Finance and insurance
Cyber Crime
N/A
Abnormal Security
69
22/03/2023
17/03/2023
17/03/2023
?
Alliance Healthcare
Alliance Healthcare, the fourth largest pharmaceutical distributor in Spain, is hit with a cyber attack.
Unknown
Wholesale and retail
Cyber Crime
ES
Alliance Healthcare
70
22/03/2023
-
-
Kritec
Multiple organizations
Researchers from Malwarebytes discover a web skimming campaign carried out through a new skimmer dubbed Kritec, targeting Magento stores and abusing Google Tag Manager.
Malicious Script Injection
Wholesale and retail
Cyber Crime
>1
Malwarebytes, Kritec, Magento, Google Tag Manager
71
22/03/2023
Since Late November 2022
During Late November 2022
AiD Lock aka DarkBLUP
Multiple organizations
Researchers from Intel471 discover AresLoader, a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism, offering a “binder” tool that allows users to masquerade their malware as legitimate software.
Malware
Multiple Industries
Hacktivism
>1
AiD Lock, DarkBLUP, Intel471, AresLoader, Russia
72
22/03/2023
-
31/01/2023
?
US Wellness
US Wellness files a notice of data breach after learning that a data security incident at one of the company’s vendors compromised certain customers’ protected health information.
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Professional, scientific and technical
Cyber Crime
US
US Wellness, CVE-2023-0669, Fortra, GoAnywhere
73
22/03/2023
22/03/2023
22/03/2023
NoName057(16)
Italian Ministry of Infrastructure and Transport
The Italian Ministry of Infrastructure and Transport is taken down by a DDoS attack launched by the pro-Russian hacktivists of the NoName057(16) collective.
DDoS
Public admin and defence, social security
Hacktivism
IT
Italian Ministry of Infrastructure and Transport, Russia, NoName057(16) collective.
74
23/03/2023
-
20/03/2023
Clop (AKA Cl0p)
City of Toronto
The City of Toronto appears among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree.
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Public admin and defence, social security
Cyber Crime
CA
City of Toronto, CVE-2023-0669. Fortra GoAnywhere, Clop, Cl0p
75
23/03/2023
-
-
Clop (AKA Cl0p)
Virgin Red
Virgin Red, the Virgin Rewards program, appears among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree.
Researchers from AT&T Alien Labs discover a new variant of the BlackGuard stealer, featuring new capabilities like USB propagation, persistence mechanisms, loading additional payloads in memory, and targeting additional crypto wallets.
Malware
Multiple Industries
Cyber Crime
>1
AT&T Alien Labs, BlackGuard stealer
83
23/03/2023
-
-
Emotet
U.S. taxpayers
Researchers from Malwarebytes and Palo Alto Networks discover a new Emotet phishing campaign targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and partner companies.
Malware
Individual
Cyber Crime
US
Malwarebytes, Palo Alto Networks, Emotet, W-9, Internal Revenue Service
84
23/03/2023
-
-
?
At least 1600 individuals across Europe, the US and other countries
Researchers from Kaspersky discover a novel phishing scam relying on legitimate servers from Microsoft’s collaborative platform SharePoint, targeting at least 1600 individuals across Europe, the US and other countries using a native notification mechanism.
Account Takeover
Individual
Cyber Crime
>1
Kaspersky, Microsoft, SharePoint
85
23/03/2023
-
-
?
City of Oak Ridge
The city of Oak Ridge in Tennessee reveals that city officials are working with law enforcement and cybersecurity experts to deal with a ransomware attack affecting its technology systems.
Malware
Public admin and defence, social security
Cyber Crime
US
Oak Ridge, Tennessee, ransomware
86
23/03/2023
10/03/2023
10/03/2023
?
Walsall Healthcare NHS Trust
The Walsall Healthcare NHS Trust, which runs Walsall Manor Hospital, discloses that it has been impacted by a “contained” cyber incident.
Chinese threat actors (linked to APT41 and Gallium?)
Telecommunication providers in the Middle East
Researchers from Sentinel One reveal the details of 'Operation Tainted Love', an operation carried out by a Chinese threat actor linked to APT41 and Gallium, targeting telecommunication providers in the Middle East
Attackers steal the personal data of about one million of users from kids’ tech coding camp iD Tech.
Unknown
Education
Cyber Crime
US
iD Tech
90
23/03/2023
-
-
?
At least 1600 individuals across Europe, the US and other countries
Researchers from Kaspersky discover a novel phishing scam relying on legitimate servers from Microsoft’s collaborative platform SharePoint, targeting at least 1600 individuals across Europe, the US and other countries using a native notification mechanism.
Account Takeover
Individual
Cyber Crime
>1
Microsoft SharePoint
91
23/03/2023
During 2022
During 2022
?
Over 51,000 websites
Researchers from Palo Alto Networks reveal the details of an ongoing widespread malicious JavaScript (JS) injection campaign that redirects victims to malicious content such as adware and scam pages.
Malicious Script Injection
Wholesale and retail
Cyber Crime
>1
Palo Alto Networks
92
23/03/2023
Mid-February 2023
Mid-February 2023
?
Instagram users from various countries including the UK, Australia, France, Spain, and Poland
Researchers from Avast discover a new scam, using fake SHEIN gift cards as lure, and targeting Instagram users from various countries including the UK, Australia, France, Spain, and Poland.
Instagram Scam
Individual
Cyber Crime
AU
ES
FR
UK
PL
>1
Avast, SHEIN, Instagram
93
23/03/2023
Since March 2023
During March 2023
Cinoshi
Multiple organizations
Researchers from Cyble discover a new Malware-as-a-Service (MaaS) platform called “Cinoshi”, consisting of a stealer, botnet, clipper, and cryptominer.
Malware
Multiple Industries
Cyber Crime
>1
Cyble, Cinoshi
94
23/03/2023
23/03/2023
23/03/2023
NoName057(16)
Italian Constitutional Court
The pro-Russian collective takes down the website of the Italian Constitutional Court.
DDoS
Public admin and defence, social security
Hacktivism
IT
NoName057(16), Italian Constitutional Court, Russia
95
24/03/2023
'Recently'
'Recently'
Bitter APT
Various Chinese nuclear energy companies and academics related to that field.
Researchers from Intezer disclose a cyber espionage campaign carried out by the group tracked as 'Bitter APT' targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders.
Targeted Attack
Electricity, gas steam, air conditioning
Cyber Espionage
CN
Intezer, Bitter APT, China
96
24/03/2023
-
-
?
Multiple organizations in the U.S.
The Federal Bureau of Investigation warns companies in the U.S. of threat actors using tactics similar to business email to steal various goods from vendors.
Business Email Compromise
Multiple Industries
Cyber Crime
US
Federal Bureau of Investigation, FBI
97
24/03/2023
-
-
?
Individuals
Researchers from Uptycs discover a new info-stealing malware named MacStealer, targeting Mac users, stealing their credentials stored in the iCloud KeyChain and web browsers, cryptocurrency wallets, and potentially sensitive files.
Malware
Individual
Cyber Crime
>1
Uptycs, MacStealer, iCloud KeyChain
98
24/03/2023
-
-
Clop (AKA Cl0p)
Government of Tasmania
The Clop ransomware gang adds the government of Tasmania to its list of organizations breached via the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Public admin and defence, social security
Cyber Crime
AU
Clop, Cl0p, ransomware, Government of Tasmania, CVE-2023-0669, Fortra GoAnywhere
99
24/03/2023
-
-
?
University of New Orleans
The University of New Orleans restores its network after the Louisiana State Police said it found evidence that their systems had been compromised.
Unknown
Education
Cyber Crime
US
University of New Orleans, Louisiana State Police
100
24/03/2023
-
-
?
LSU Agricultural Center
The LSU Agricultural Center restores its network after the Louisiana State Police said it found evidence that their systems had been compromised.
Unknown
Education
Cyber Crime
US
LSU Agricultural Center, Louisiana State Police
101
24/03/2023
-
-
?
Nunez Community College
The Nunez Community College restores its network after the Louisiana State Police said it found evidence that their systems had been compromised.
Unknown
Education
Cyber Crime
US
Nunez Community College, Louisiana State Police
102
24/03/2023
-
-
?
River Parishes Community College
The River Parishes Community College restores its network after the Louisiana State Police said it found evidence that their systems had been compromised.
Unknown
Education
Cyber Crime
US
River Parishes Community College, Louisiana State Police
103
24/03/2023
-
-
?
Southern University at Shreveport
The Southern University at Shreveport restores its network after the Louisiana State Police said it found evidence that their systems had been compromised.
Unknown
Education
Cyber Crime
US
Southern University at Shreveport, Louisiana State Police
104
24/03/2023
01/02/2023
04/02/2023
?
NCB Management Services
Nearly half a million people have their sensitive financial information leaked during a cyberattack on NCB Management Services – a company that purchases debt.
Unknown
Finance and insurance
Cyber Crime
US
NCB Management Services
105
24/03/2023
between January 2020 and March 2023
-
Two men and two women
At least 15 victims
The Australian Federal Police (AFP) arrests four members of a cybercriminal syndicate that has laundered $1.7 million stolen from at least 15 victims between January 2020 and March 2023.
Business Email Compromise
Individual
Cyber Crime
AU
Australian Federal Police, AFP
106
24/03/2023
-
-
Clop (AKA Cl0p)
Atos
The French IT company ATOS confirms that Nimbix, a subsidiary, suffered a Clop ransomware attack occurred exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
American Pain and Wellness files a notice of data breach after learning that an unauthorized party was able to access confidential patient data stored on the company’s computer network.
Unknown
Human health and social work
Cyber Crime
US
American Pain and Wellness
108
24/03/2023
-
-
?
Tri Counties Bank
Tri Counties Bank posts a “Network Outage Update” after determining that a recent ransomware attack may have resulted in confidential consumer data being exposed to hackers.
Malware
Finance and insurance
Cyber Crime
US
Tri Counties Bank, ransomware
109
24/03/2023
-
-
?
Frideres Dental
Frideres Dental confirms that the protected health information of 1,596 patients was potentially compromised in a cyberattack.
Unknown
Human health and social work
Cyber Crime
US
Frideres Dental
110
24/03/2023
-
18/03/2023
ALPHV AKA BlackCat
Fabrega Molino
Fabrega Molino is Panamanian law firm is reportedly hacked by the BlackCat ransomware gang, which claims to have 113GB of files.
Malware
Professional, scientific and technical
Cyber Crime
PA
ALPHV, BlackCat, Fabrega Molino, ransomware
111
24/03/2023
-
-
Medusa
Vazquez Nava Consultores y Abogados
Vazquez Nava Consultores y Abogados, a Mexican firm of consultants and lawyers, is added to the Medusa ransomware leak site.
Malware
Professional, scientific and technical
Cyber Crime
MX
Medusa, ransomware, Vazquez Nava Consultores y Abogados
112
24/03/2023
-
-
?
U.S: Postal Service’s PostalEASE system
Some United States Postal Service workers in the eastern North Carolina and Jacksonville area lose their paychecks due to a cyber attack.
Account Takeover
Public admin and defence, social security
Cyber Crime
US
U.S: Postal Service’s PostalEASE system
113
24/03/2023
17/03/2023
17/03/2023
?
NGS Super
The Australian pension fund NGS Super confirms a cyberattack that occurred earlier this month, in which "some limited data" was stolen
Unknown
Finance and insurance
Cyber Crime
AU
NGS Super
114
24/03/2023
Since 16/03/2023
16/03/2023
?
Swerve Finance
A hacker tries to unsuccessfully drain funds from Swerve Finance for more than a week.
Governance Attack
Fintech
Cyber Crime
N/A
Swerve Finance
115
24/03/2023
-
-
RansomHouse
Municipality of Taggia
The Italian Municipality of Taggia is hit by the RansomHouse ransomware gang.
Malware
Public admin and defence, social security
Cyber Crime
IT
Municipality of Taggia, RansomHouse, ransomware
116
24/03/2023
-
-
?
Individuals in Italy
A new campaign delivering the Mekotio malware using the company Leonardo as a bait, hits victims in Italy.
Malware
Individual
Cyber Crime
IT
Mekotio, Leonardo
117
24/03/2023
Between 02/01/2022 and 10/01/2022
During January 2022
?
University of the People (UoPeople)
The University of the People (UoPeople) files a notice of data breach after learning that an unauthorized party was able to access confidential information stored on the school’s SharePoint platform.
Unknown
Education
Cyber Crime
US
University of the People, UoPeople
118
25/03/2023
Since 29/01/2023
-
Dark Power
Multiple organizations
A new ransomware operation named 'Dark Power' appears, and it has already listed its first victims on a dark web data leak site, threatening to publish the data if a ransom is not paid.
Malware
Multiple Industries
Cyber Crime
>1
Ransomware, Dark Power
119
25/03/2023
23/03/2023
23/03/2023
?
Arbitrum
Attacker manage to steal $500,000 worth of tokens from layer-2 scaling solution Arbitrum’s March 23 airdrop
Vanity Addresses
Fintech
Cyber Crime
N/A
Arbitrum
120
25/03/2023
-
-
RansomHouse
Cospec
The Italian manufacturing Cospec is hit with a RansomHouse ransomware attack.
Malware
Manufacturing
Cyber Crime
IT
Cospec, RansomHouse, ransomware
121
25/03/2023
25/03/2023
25/03/2023
NoName057(16)
Several government websites in Italy
A new wave of DDoS attacks by the NoName057(16) collective hits several websites in Italy including the Constitutional Court, and the National Authority of Transports.
DDoS
Public admin and defence, social security
Hacktivism
IT
NoName057(16), Constitutional Court, National Authority of Transports
122
26/03/2023
-
24/03/2023
ALPHV AKA BlackCat
Sun Pharmaceuticals
Sun Pharmaceuticals, the largest pharmaceutical company in India confirms a ransomware attack in its regulatory filings, explaining that the incident involved the theft of company data and personal information.
Malware
Professional, scientific and technical
Cyber Crime
IN
Sun Pharmaceuticals, ransomware, ALPHV, BlackCat
123
26/03/2023
26/03/2023
26/03/2023
?
Yucatan Government
The Yucatan Government is hit by a cyber attack affecting multiple services.
Unknown
Public admin and defence, social security
Cyber Crime
MX
Yucatan Government
124
26/03/2023
SInce 22/03/2023
SInce 22/03/2023
NoName057(16)
ATAC (Azienda Tramvie e Autobus del Comune di Roma)
ATAC, the company managing the public transportation of the city of Rome, is hit by a DDoS attack launched by the pro-Russian NoName057(16) collective.
DDoS
Transportation and storage
Hacktivism
IT
ATAC, Azienda Tramvie e Autobus del Comune di Roma, Russia, NoName057(16)
125
26/03/2023
26/03/2023
26/03/2023
?
Vending machines in Italy
Several vending machines distributing cigarettes in Italy are hijacked in support of Alfredo Cospito, an Italian anarchist in jail under the the 41-bis hard prison regime.
Unknown
Wholesale and retail
Hacktivism
IT
Alfredo Cospito
126
27/03/2023
Since at least 10/03/2023
10/03/2023
?
Multiple organizations
Researchers from Proofpoint discover a new IcedID campaign using HTML Smuggling to drop a password protected, zipped Windows Script File (WSF).
Malware
Multiple Industries
Cyber Crime
>1
Proofpoint, IcedID, HTML Smuggling, Windows Script File, WSF
127
27/03/2023
Since at least 03/02/2023
03/02/2023
?
Multiple organizations
Researchers from Proofpoint discover a new IcedID campaign using invoice-themed email lures to deliver IcedID via Microsoft OneNote attachments.
Malware
Multiple Industries
Cyber Crime
>1
Proofpoint, IcedID, Microsoft OneNote
128
27/03/2023
Between 20/03/2023 and 23/03/2023
Between 20/03/2023 and 23/03/2023
?
Multiple organizations
Researchers from Proofpoint discover a new IcedID campaign using two different email lures: a recall notice from the National Traffic and Motor Vehicle Safety Act; and a violation from the U.S. Food and Drug Administration (FDA) to deliver the IcedID malware.
Malware
Multiple Industries
Cyber Crime
US
Proofpoint, IcedID, National Traffic and Motor Vehicle Safety Act, U.S. Food and Drug Administration, FDA
129
27/03/2023
-
-
Clop (AKA Cl0p)
Crown Resorts
Crown Resorts, Australia's largest gambling and entertainment company, confirms that it suffered a ransomware attack after its GoAnywhere secure file-sharing server was breached using the CVE-2023-0669 zero-day vulnerability.
Lumen Technologies tells regulators that it had discovered two cybersecurity incidents, including a ransomware attack that has been degrading services for some enterprise customers.
Malware
Information and communication
Cyber Crime
US
Lumen Technologies, ransomware
131
27/03/2023
10/03/2023
10/03/2023
Ransom House
Tanbridge House School
The Tanbridge House School is listed in the Ransom House ransomware gang leak site.
Malware
Education
Cyber Crime
UK
Tanbridge House School, Ransom House, ransomware
132
27/03/2023
During March 2023
During March 2023
NullMixer
Multiple organizations
A recent NullMixer campaign hits targets in Italy, France and North America.
Malware
Multiple Industries
Cyber Crime
CA
FR
IT
US
NullMixer
133
27/03/2023
During 2022
During 2022
Multiple threat actors
Multiple organizations
Researchers from Kaspersky discover a surge of phishing campaigns carried out exploiting the distributed Interplanetary File System (IPFS).
Account Takeover
Multiple Industries
Cyber Crime
>1
Kaspersky, Interplanetary File System, IPFS
134
27/03/2023
-
-
DBatLoader
Multiple organizations in Europe
Researchers from Zscaler discover a new DBatLoader campaign distributing the Remcos RAT and Formbook malware.
Malware
Multiple Industries
Cyber Crime
>1
Zscaler, DBatLoader, Remcos, Formbook
135
27/03/2023
-
11/12/2022
?
Bright Horizons Family Solutions
Bright Horizons Family Solutions files a notice of data breach after learning that an unauthorized actor logged on to the company’s corporate system and stole files containing confidential employee information.
Unknown
Education
Cyber Crime
US
Bright Horizons Family Solutions
136
27/03/2023
Between 28/01/2023 and 31/01/2023
05/02/2023
Clop (AKA Cl0p)?
Blue Shield of California
Blue Shield of California files a notice of data breach after learning that one of the company’s vendors, Fortra, was the target of a cyberattack.
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Human health and social work
Cyber Crime
US
Blue Shield of California, Fortra, CVE-2023-0669, GoAnywhere, ransomware, Clop, Cl0p
137
27/03/2023
-
-
Six members of a criminal gang
Multiple organizations
Indian police arrests six members of an alleged criminal gang that sold the personal data of 168 million Indian citizens, including defense personnel and government employees.
>1
Multiple Industries
Cyber Crime
IN
138
27/03/2023
22/12/2022
22/12/2022
?
Nonstop Administration and Insurance Services (NAIS)
Nonstop Administration and Insurance Services (NAIS) announces that the protected health information of employees of its clients has been exposed to an unknown party, who claimed to have accessed company data.
Account Takeover
Administration and support service
Cyber Crime
US
Nonstop Administration and Insurance Services, NAIS
139
28/03/2023
Since late 2018
-
APT43 (AKA Kimsuky, Thallium)
Government organizations, academics, and think tanks in the United States, Europe, Japan, and South Korea for the past five years.
Researchers from Mandiant disclose the details of APT43, a new North Korean group, financially motivated and engaged in cyber espionage operations, targeting government organizations, academics, and think tanks in the United States, Europe, Japan, and South Korea for the past five years.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
EU
JP
KR
US
Mandiant, APT43, Kimsuky, Thallium
140
28/03/2023
From September 2022
From September 2022
?
Tor users in Russia and Eastern Europe
Researchers from Kaspersky discover a surge of trojanized Tor Browser installers targeting Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users' cryptocurrency transactions.
Malware
Fintech
Cyber Crime
EU
RU
Kaspersky,Tor
141
28/03/2023
21/02/2023
Between 14/02/2023 and 21/02/2023
?
AudienceView
AudienceView, an online ticketing platform, discloses to have been hit by a cyber attack impacting students at dozens of the biggest universities and colleges in the U.S. and Canada.
Malware
Arts entertainment, recreation
Cyber Crime
US
AudienceView
142
28/03/2023
From late April or May 2022.
'Recently'
Winnti
Multiple organizations
Researchers from ExaTrack discover Mélofée, a stealthy Linux implant allowing Chinese cyberespionage group Winnti to conduct targeted attacks.
Targeted Attack
Multiple Industries
Cyber Espionage
>1
ExaTrack, Mélofée, Linux, China, Winnti
143
28/03/2023
-
13/12/2022
?
Majestic Care
Majestic Care files a notice of data breach after learning that hackers successfully launched a cyberattack, giving them access to confidential information belonging to current and former residents and staff members.
Unknown
Human health and social work
Cyber Crime
US
Majestic Care
144
28/03/2023
-
-
?
Central National Bank
Central National Bank files a notice of data breach after learning that confidential client data entrusted to the bank was leaked following a cybersecurity event.
Unknown
Finance and insurance
Cyber Crime
US
Central National Bank
145
28/03/2023
-
-
LockBit 3.0
Tecnosys Italia
Tecnosys Italia is hit with a LockBit 3.0 ransomware attack.
Malware
Administration and support service
Cyber Crime
IT
Tecnosys Italia, LockBit 3.0, ransomware
146
29/03/2023
-
-
North Korean state-backed hacking group? (Labyrinth Collima AKA Lazarus Group, Covellite, UNC4034, Zinc, Nickel Academy)
Multiple organizations
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client compromised via exploitation of the CVE-2013-3900 vulnerability, is reportedly being used to target the company’s customers in an ongoing supply chain attack.
Targeted Attack
Multiple Industries
Cyber Espionage
>1
North Korea, Labyrinth Collima, Lazarus Group, Covellite, UNC4034, Zinc, Nickel Academy, 3CX, Voice Over IP, VOIP, CVE-2013-3900
147
29/03/2023
Since November 2022
-
?
Individuals in Italy, Malaysia, Kazakhstan
Researchers from Google's Threat Analysis Group (TAG) discover a new campaign targeting iOS and Android users to install commercial spyware and malicious apps.
CVE-2022-42856, CVE-2021-30900, CVE-2022-4135, CVE-2022-38181, and CVE-2022-3723 Vulnerabilities
Researchers from Google's Threat Analysis Group (TAG) discover a new campaign targeting Samsung Android users to install commercial spyware and malicious apps.
The SafeMoon token liquidity pool loses $8.9 million after an attacker exploited a newly created 'burn' smart contract function that artificially inflated the price, allowing the actors to sell SafeMoon at a much higher price.
Smart Contract Vulnerability
Fintech
Cyber Crime
N/A
SafeMoon, Liquidity Pool
150
29/03/2023
Since at least 28/03/2023
28/03/2023
Money Message
Multiple organizations worldwide
Researchers from Zscaler discover a new ransomware gang named 'Money Message', targeting victims worldwide and demanding million-dollar ransoms not to leak data and release a decryptor.
Malware
Multiple Industries
Cyber Crime
>1
Zscaler, Money Message, ransomware
151
29/03/2023
21/02/2023
21/02/2023
LockBit 3.0
Washington County Sheriff’s Office
The LockBit ransomware group leaks data it stole from Washington County Sheriff’s Office in northeastern Florida.
Malware
Public admin and defence, social security
Cyber Crime
US
LockBit 3.0, LockBit, ransomware, Washington County Sheriff’s Office, Florida
152
29/03/2023
-
-
Play
BMW Local Dealer in France
The Play ransomware group claims to have hit BMW France, but in reality the victim turns out to be a local dealer.
Malware
Wholesale and retail
Cyber Crime
FR
Play, ransomware, BMW France
153
29/03/2023
During 2022
During 2022
Mustang Panda (AKA Earth Preta, RedDelta, and TA416)
Over 200 organizations worldwide
Researchers from Trend Micro disclose the details of multiple campaigns launched by the Chinese threat actor Mustang Panda, targeting over 200 organizations worldwide.
Targeted Attack
Multiple Industries
Cyber Espionage
>1
Mustang Panda, Earth Preta, RedDelta, TA416, Trend Micro, China
154
29/03/2023
-
-
LockBit 3.0
South Korean National Tax Service (nts.go.kr)
The LockBit 3.0 ransomware gang claims to have breached the South Korean National Tax Service and threatens to leak the stolen data.
Malware
Public admin and defence, social security
Cyber Crime
KR
LockBit 3.0, LockBit, South Korean National Tax Service, nts.go.kr, ransomware
155
29/03/2023
29/03/2023
29/03/2023
NoName057(16)
French National Assembly
NoName057(16), an anti-Ukrainian hacktivist collective, takes down the website of the French National Assembly in retaliation for France’s support for Ukraine.
DDoS
Public admin and defence, social security
Hacktivism
FR
French National Assembly, NoName057(16), Russia, Ukraine
156
29/03/2023
29/03/2023
29/03/2023
NoName057(16)
Children’s Parliament
NoName057(16), an anti-Ukrainian hacktivist collective, takes down the website of the Children’s Parliament in retaliation for France’s support for Ukraine.
Researchers from Sentinel One reveal the details of 'AlienFox', a new modular toolkit allowing threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services.
Misconfiguration
Multiple Industries
Cyber Crime
>1
Sentinel One, AlienFox
163
30/03/2023
-
-
Moobot
Vulnerable Cacti instances and RealTek devices
Researchers from Fortinet discover a new variant of the Moobot botnet targeting vulnerable Cacti instances and RealTek devices via respectively CVE-2022-46169 and CVE-2021-35394 vulnerabilities.
Researchers from Fortinet discover a new variant of the ShellBot botnet targeting vulnerable Cacti instances via respectively CVE-2022-46169
CVE-2022-46169 and CVE-2021-35394 Vulnerabilities
Multiple Industries
Cyber Crime
>1
Fortinet, ShellBot, Cacti, CVE-2022-46169
165
30/03/2023
-
-
?
Users in France, Spain, Poland, the Czech Republic, Portugal, and other European countries
Ukraine's cyber police arrests members of a fraud gang that stole roughly $4,300,000 from over a thousand victims across the EU.
Account Takeover
Individual
Cyber Crime
CZ
ES
FR
PL
PT
EU
Ukraine
166
30/03/2023
Since February 2023
During February 2023
Winter Vivern AKA TA473
NATO-Aligned Governments in Europe
Researchers from Proofpoint discover a new campaign by the Russian hacking group tracked as TA473, aka 'Winter Vivern,' actively exploiting CVE-2022-27926 vulnerability in unpatched Zimbra endpoints to steal the emails of NATO officials, governments, military personnel, and diplomats.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
EU
Proofpoint, TA473, Winter Vivern, CVE-2022-27926, Zimbra, NATO
167
30/03/2023
Early December 2022
44970
?
TMX Finance
TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach that exposed the personal data of 4,822,580 customers.
Unknown
Finance and insurance
Cyber Crime
CA
TMX Finance,TitleMax, TitleBucks, InstaLoan
168
30/03/2023
-
-
?
Multiple e-commerce sites using WordPress
Researchers from Patchstack reveal that threat actors are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin, when using in conjunction with the WooCommerce plugin, used by over eleven million websites.
Vulnerability
Wholesale and retail
Cyber Crime
>1
Patchstack, Elementor Pro, WordPress, WooCommerce
169
30/03/2023
-
-
TACTICAL#OCTOPUS
Individuals in the US
Researchers from Securonix identify TACTICAL#OCTOPUS, an ongoing phishing campaign targeting individuals in the US using seemingly valid tax forms and contracts. Some of the lure documents observed contained employee W-2 tax documents, I-9, and real estate purchase contracts.
Researchers from Recorded Future identify a new campaign using a custom Windows and Linux backdoor KEYPLUG attributed to a threat activity group tracked as RedGolf, overlapped with APT41 and BARIUM, which is highly likely to be a Chinese state-sponsored group
Targeted Attack
Multiple Industries
>1
US
Recorded Future, Windows, Linux, KEYPLUG, RedGolf, APT41, BARIUM, China
171
30/03/2023
'In the past couple of weeks'
'In the past couple of weeks'
?
Vinted Customers
Customers of the online second-hand fashion store Vinted report stolen funds and fraudulent activity on their accounts.
Account Takeover
Wholesale and retail
Cyber Crime
>1
Vinted
172
30/03/2023
-
-
?
Piletilevi Group
Unknown attackers post an advert on a Lithuanian IT community forum, claiming to have found an exploit to access user information on ticket-selling platforms in Estonia, Latvia, and Lithuania owned by Piletilevi Group.
Unknown
Arts entertainment, recreation
Cyber Crime
EE
Piletilevi Group
173
30/03/2023
Since at least January 2023
During January 2023
Xloader
Multiple organizations
Researchers from Zscaler identify a new variant of Xloader with several modifications including additional obfuscation.
Malware
Multiple Industries
Cyber Crime
>1
Zscaler, Xloader
174
30/03/2023
-
-
?
Burns Science and Technology Charter
The principal of Burns Science and Technology Charter, a Florida science and technology charter school has resigned after allegedly writing a $100,000 check to an Elon Musk impersonator using school funds.
Internet Scam
Education
Cyber Crime
US
Burns Science and Technology Charter, Elon Musk
175
30/03/2023
During March 2023
During March 2023
PayMe100USD
Multiple organizations
Researchers from Fortinet discover PayMe100USD, a new ransomware variant written in Python.
Malware
Multiple Industries
Cyber Crime
>1
Fortinet, PayMe100USD, ransomware, Python
176
30/03/2023
-
-
?
Santa Clara Family Health Plan (SCFHP)
Santa Clara Family Health Plan (SCFHP) files a notice of data breach after learning that confidential consumer information in the company’s possession was subject to unauthorized access.
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Human health and social work
Cyber Crime
US
Santa Clara Family Health Plan, SCFHP, CVE-2023-0669, Fortra GoAnywhere MFT
177
31/03/2023
03/03/2023
Between 07/03/2023 and 24/03/2023
Vice Society
Lewis & Clark College
Lewis & Clark College in Oregon is the victim of a ransomware attack by Vice Society.
Malware
Education
Cyber Crime
US
Lewis & Clark College, ransomware, Vice Society.
178
31/03/2023
-
24/03/2023
?
Blauw
Blauw, a dutch marketing firm suffers a data breach affecting 1.5 million individuals.
Unknown
Professional, scientific and technical
Cyber Crime
NL
Blauw
179
31/03/2023
05/11/2021
-
?
Adelanto HealthCare Ventures
At least eight new healthcare providers reveal to have been involved in the breach of Adelanto HealthCare Ventures, a consulting firm supporting healthcare organizations.
Account Takeover
Professional, scientific and technical
Cyber Crime
US
Adelanto HealthCare Ventures
180
31/03/2023
-
-
Cylance
Multiple organizations
Researchers at Palo Alto Networks discover a new ransomware strain dubbed Cylance, targeting Linux and Windows devices.
Malware
Multiple Industries
Cyber Crime
>1
Palo Alto Networks, ransomware, Cylance, Linux, Windows
181
31/03/2023
-
30/08/2022
?
Our Lady of the Lake University (OLLU)
Our Lady of the Lake University (OLLU) posts a notice of data breach on its website after the institution learned that an unauthorized party was able to access and remove files containing confidential student information from its computer system.
Unknown
Education
Cyber Crime
US
Our Lady of the Lake University, OLLU
182
31/03/2023
'Recently'
'Recently'
?
Southwest Healthcare Services
Southwest Healthcare Services files a notice of data breach after the organization learned that an unauthorized party was able to access confidential patient information stored on its computer system.
Unknown
Human health and social work
Cyber Crime
US
Southwest Healthcare Services
183
31/03/2023
-
-
Stormous
Instituto De Educación Secundaria Ies Emilio Canalejo Olmeda (IESCO)
The Instituto De Educación Secundaria Ies Emilio Canalejo Olmeda (IESCO) is hit by the pro-Russian Stormous ransomware group.
Malware
Education
Cyber Crime
ES
Instituto De Educación Secundaria Ies Emilio Canalejo Olmeda, IESCO, Stormous, ransomware
184
31/03/2023
'Recently'
'Recently'
?
Undisclosed organization
Researchers at CrowdStrike discover a campaign abusing WinRAR SFX archives
Malware
Unknown
Cyber Crime
N/A
Crowdstrike, WinRAR, SFX
185
31/03/2023
29/03/2023
29/03/2023
Medusa
SONDA
The Chilean IT multinational SONDA, which has a presence in 11 countries, is placed on the leaks page of the ransomware threat actor Medusa Locker.
Malware
Professional, scientific and technical
Cyber Crime
CL
SONDA, Medusa, ransomware
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
No Data Found
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.