16-31 March 2023 Cyber Attacks Timeline

Last modified: April 13, 2023

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Attack Distribution March H2 2023

Attack Techniques March H2 2023

Follow me on Twitter

Connect on Linkedin

Connect on Mastodon

The sustained trend of cyber attacks continued in the second half of March, where I collected 177 events (corresponding to 11.19 events/day).

This high number is mainly due to the wave of attacks against high-profile targets worldwide, carried out by the Clop (AKA Cl0p) ransomware gang, carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability. This aspect obviously led to a sharp increase in the number of ransomware attack: 54 out of 179 events (corresponding to 30.1%) were characterized by this attack vector, in contrast with 21.7% of the previous timeline. In terms of ransomware, even the LockBit gang was particularly active, but this is not a surprise any longer.

Also due to the exploitation at scale of this vulnerability, the software flaws played a part in 42 out of 177 events or, in other terms, in 23.7%, more than twice than 12.5% of the previous fortnight.

16-30 April 2023 Cyber Attacks Timeline

In the second half of April 2023 I collected 180 events (corresponding to 12 events/day), a sharp increase compared to…

Multi-million losses continued to plague the fintech sector, with SafeMoon suffering a hack leading to the theft of $8.9 million worth in multiple digital assets. Other fintech organizations were targeted in the same period but in at least two cases the attackers were unsuccessful.

And the season of mega breaches continued: victims in this fortnight included: Latitude Financial Services (14 million records affected), TMX Finance (nearly 5 million affected), and Blauw (1.5 million individuals affected).

The Cyber Espionage front was always hot, with multiple campaigns unearthed also in the second half of March, and carried out by known threat actors such as: the North Korean Lazarus Group (author of a massive supply-chain attack against 3CX), APT37, APT43, Winnti, Kimsuky, SideCopy, Bitter, Mustang Panda, and also less-known groups such as Winter Vivern and Bad Magic, a threat actor targeting organizations located in the Donetsk, Lugansk, and Crimea regions.

And as always, this brief summary is closed by a quick mention to the DDos attacks launched by the pro-Russian hacktivists of NoName057(16) that were directed against several government websites in Italy and France

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map March H2 2023

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	16/03/2023	Since 2021	-	Winter Vivern	Various government organizations since 2021, including Lithuania, India, Vatican, and Slovakia.	Researchers from Sentinel One discover a new campaign by the pro-Russian group Winter Vivern, targeting several European government organizations and telecommunication service providers to conduct espionage.	Targeted Attack	Multiple Industries	Cyber Espionage	IN IT PL UA		Sentinel One, Winter Vivern
2	16/03/2023	16/03/2023	16/03/2023	?	Latitude Financial Services	Australian financial services company Latitude Financial Services reveals that personal information of approximately 14 million individuals might have been compromised in a data breach.	Unknown	Finance and insurance	Cyber Crime	AU		Latitude Financial Services
3	16/03/2023	-	-	?	Two undisclosed service providers	In the wake of the Latitude Financial Services breach, the threat actor is able to steal an employee's login and use it for logging into two of the company's service providers to steal customer data.	Account Takeover	Professional, scientific and technical	Cyber Crime	AU		Latitude Financial Services
4	16/03/2023	-	-	BianLian	Multiple organizations	Researchers from Redacted reveal that the BianLian ransomware group has shifted its focus from encrypting its victims' files to only exfiltrating data found on compromised networks and using them for extortion.	Malware	Multiple Industries	Cyber Crime	>1		Redacted, BianLian, ransomware
5	16/03/2023	During Q1 2023	During Q1 2023	HinataBot	Realtek SDK, Huawei routers, and Hadoop YARN servers	Researchers from Akamai discover HinataBot, a new malware botnet targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS.	Multiple vulnerabilities including CVE-2014-8361 and CVE-2017-17215	Multiple Industries	Cyber Crime	>1		Akamai, HinataBot, Realtek SDK, Huawei, Hadoop YARN, CVE-2014-8361, CVE-2017-17215
6	16/03/2023	Since mid-2022	During mid-2022	UNC3886	Defense, government, tech, and telecom organizations	Researchers from Mandiant reveal that the suspected Chinese threat actor UNC3886 has been exploiting the Fortinet CVE-2022-41328 vulnerability to target organizations in the in the defense, government, tech, and telecom sectors.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		Mandiant, China, UNC3886, Fortinet, CVE-2022-41328
7	16/03/2023	During December 2022	SInce October 2022	Trigona	At least 16 organizations in the manufacturing, finance, construction, agriculture, marketing and high technology industries.	Researchers from Palo Alto Networks discover Trigona, a new ransomware strain extremely active in Australia, Italy, France, Germany, New Zealand, and the United States.	Malware	Multiple Industries	Cyber Crime	AU DE FR IT NZ US		Palo Alto Networks, Trigona, Ransomware
8	16/03/2023	Early February 2023	Early February 2023	?	Undisclosed Educational Institution	Researchers from Armorblox detect a new hybrid phishing campaign impersonating the Social Security Administration (SSA), which tries to trick recipients into calling a criminal call center.	Account Takeover	Education	Cyber Crime	US		Armorblox, Social Security Administration, SSA
9	16/03/2023	-	-	?	Android Crypto users	Researchers from ESET discover dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps hiding clipper malware.	Malware	Fintech	Cyber Crime	>1		ESET, Telegram, WhatsApp
10	16/03/2023	-	During July 2022	?	Happy State Bank (HSB)	Happy State Bank (HSB) files a notice of data breach after learning that confidential consumer information stored on the company’s computer system was compromised following an email phishing attack.	Account Takeover	Finance and insurance	Cyber Crime	US		Happy State Bank, HSB
11	16/03/2023	-	-	Phoenix	Indian Health Ministry	A pro-Russian hacker group, Phoenix, claims to have hacked the Indian Health Ministry, and stolen sensitive information on hospitals, staff, patients and more.	Unknown	Public admin and defence, social security	Hacktivism	IN		Phoenix, Indian Health Ministry
12	17/03/2023	-	-	Clop (AKA Cl0p)	Hitachi Energy	Hitachi Energy confirms it suffered a data breach after the Clop ransomware gang stole data using the GoAnywhere zero-day vulnerability.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Electricity, gas steam, air conditioning	Cyber Crime	CH		Hitachi Energy, CVE-2023-0669 Fortra GoAnywhere, Clop, Cl0p
13	17/03/2023	-	30/01/2023	Clop (AKA Cl0p)	Rio Tinto	Rio Tinto, the world's second-largest metals and mining corporation, ia added to Clop’s ransomware list of victims.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Mining and quarrying	Cyber Crime	AU UK		Rio Tinto, CVE-2023-0669 Fortra GoAnywhere, Clop, Cl0p
14	17/03/2023	-	-	Clop (AKA Cl0p)	Undisclosed supplier	Investissement Québec, a government organization created to attract businesses to the region, confirms that one of its suppliers was attacked through the GoAnywhere MFT product by the Clop ransomware gang.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Professional, scientific and technical	Cyber Crime	CA		Investissement Québec, CVE-2023-0669 Fortra GoAnywhere, Clop, Cl0p
15	17/03/2023	'Recently'	'Recently'	?	Undisclosed Service Provider	The NBA (National Basketball Association) notifies fans of a data breach after some of their personal information, "held" by a third-party newsletter service, was stolen.	Unknown	Professional, scientific and technical	Cyber Crime	US		NBA, National Basketball Association
16	17/03/2023	17/03/2023	17/03/2023	?	Docomo Pacific	The largest provider of mobile, television, internet and telephone services to the U.S. territories of Guam and the Northern Mariana Islands, Docomo Pacific, recovers from a cyberattack that brought down many of its services.	Unknown	Information and communication	Cyber Crime	US		Docomo Pacific, Guam, Northern Mariana
17	17/03/2023	-	-	ShellBot (AKA PerlBot)	Misconfigured Linux SSH servers	Researchers from AhnLab discover a new variant of the ShellBot malware employed in a campaign that targets poorly managed Linux SSH servers.	Misconfiguration	Multiple Industries	Cyber Crime	>1		AhnLab, ShellBot, PerlBot, Linux, SSH
18	17/03/2023	17/03/2023	17/03/2023	?	Paraspace	Security firm BlockSec prevents a hacker from stealing $5 million from the NFT lending project Paraspace.	Vulnerability	Fintech	Cyber Crime	N/A		BlockSec, Paraspace.
19	17/03/2023	29/08/2022	Between 27/08/2022 and 29/08/2022	?	Sunland Asphalt and Construction	Sunland Asphalt and Construction files a notice of data breach after learning that an unknown actor had gained access to certain parts of the Sunland network that stored confidential consumer information.	Unknown	Professional, scientific and technical	Cyber Crime	US		Sunland Asphalt and Construction
20	17/03/2023	-	17/01/2023	?	Health Plan of San Mateo (HPSM)	The Health Plan of San Mateo files a notice of data breach after learning that an unauthorized party was able to access confidential member information stored in an employee’s email account.	Account Takeover	Human health and social work	Cyber Crime	US		Health Plan of San Mateo, HPSM
21	17/03/2023	-	31/10/2022	?	Virtual Private Network Solutions (VPN Solutions)	Associates in Dermatology (AID) files a notice of data breach after a ransomware attack targeting its vendor Virtual Private Network Solutions (VPN Solutions),	Malware	Professional, scientific and technical	Cyber Crime	US		Associates in Dermatology, AID, ransomware, Virtual Private Network Solution, VPN Solutions
22	17/03/2023	From September 2021 to January 2023	22/02/2023	?	El Camino Health	El Camino Health investigates claims of a possible data breach.	Account Takeover	Human health and social work	Cyber Crime	US		El Camino Health
23	17/03/2023	17/03/2023	17/03/2023	?	Cooperativa de Electricidad Obras y Servicios Públicos de San Antonio de Areco (CEOSP)	The Cooperativa de Electricidad Obras y Servicios Públicos de San Antonio de Areco (CEOSP) posts a notice about a malware incident:	Malware	Electricity, gas steam, air conditioning	Cyber Crime	AR		Cooperativa de Electricidad Obras y Servicios Públicos de San Antonio de Areco, CEOSP
24	17/03/2023	Since early March 2023	During March 2023	Ursnif	Italian Taxpayers	The Italian taxpayers are the targets of a campaign distributing the Ursnif malware via fake notifications from the Italian Revenue Agency (Agenzia delle Entrate).	Malware	Individual	Cyber Crime	IT		Ursnif, Italian Revenue Agency, Agenzia delle Entrate
25	18/03/2023	Between 17/03/2023 and 18/03/2023	18/03/2023	?	General Bytes	Leading Bitcoin ATM maker General Bytes discloses that hackers stole cryptocurrency from the company and its customers using a zero-day vulnerability in its BATM management platform. $1.5M worth are stolen.	0-day Vulnerability	Manufacturing	Cyber Crime	US		ATM, General Bytes, BATM
26	18/03/2023	18/11/2022	18/11/2022	?	CHC Montlégia	The CHC Montlégia in Liège is still down for a cyber attack suffered in November 2022.	Unknown	Human health and social work	Cyber Crime	BE		CHC Montlégia
27	18/03/2023	-	-	Clop (AKA Cl0p)	Zucchetti Kos	The Italian Zucchetti Kos, a manufacturer of sanitary taps, is hit by the Clop ransomware gang.	Malware	Manufacturing	Cyber Crime	IT		Zucchetti Kos, Cl0p, Clop, ransomware
28	19/03/2023			Vice Society	Puerto Rico Aqueduct and Sewer Authority (PRASA)	The Vice Society ransomware gang claims to have hit the Puerto Rico Aqueduct and Sewer Authority (PRASA)	Malware	Water supply, waste mgmt, remediation	Cyber Crime	US		Vice Society, Ransomware, Puerto Rico Aqueduct and Sewer Authority, PRASA
29	19/03/2023	-	-	?	Datatime	QIMR Berghofer, an Australian medical research institute, is hit by a data breach after Datatime, a technology company hired by QIMR, suffers a cyber attack.	Unknown	Professional, scientific and technical	Cyber Crime	AU		QIMR Berghofer, Datatime
30	19/03/2023	19/03/2023	19/03/2023	NoName057(16)	High Council of the Judiciary (Consiglio Superiore della Magistratura)	The High Council of the Judiciary is taken down by a DDoS attack launched by the hacktivists of the pro-Russian NoName057(16) collective.	DDoS	Public admin and defence, social security	Hacktivism	IT		NoName057(16), High Council of the Judiciary, Consiglio Superiore della Magistratura
31	20/03/2023	During February 2023	During February 2023	?	Multiple organizations	Researchers from JFrog discover a sophisticated and highly-malicious attack targeting .NET developers via the NuGet repository, using sophisticated typosquatting techniques downloaded more than 150,000 times.	Malware	Multiple Industries	Cyber Crime	>1		JFrog, .NET, NuGet
32	20/03/2023	-	-	?	Ferrari	Ferrari discloses a data breach following a ransom demand received after attackers gained access to some of the company's IT systems.	Unknown	Manufacturing	Cyber Crime	IT		Ferrari
33	20/03/2023	-	-	Kimsuky (aka Thallium, Velvet Chollima)	Users in South Korea	A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of Korea (NIS) warns about Kimsuky's use of Chrome extensions to steal target's Gmail emails.	Targeted Attack	Individual	Cyber Espionage	KR		German Federal Office for the Protection of the Constitution, BfV, National Intelligence Service of the Republic of Korea, NIS, Kimsuky, Thallium, Velvet Chollima, Chrome, Android, Gmail
34	20/03/2023	17/03/2023	17/03/2023	?	Lansing Community College	The Lansing Community College brings systems back online after experiencing a cyberattack that cut off campus Wi-Fi and forced the school to temporarily cancel its online courses.	Unknown	Education	Cyber Crime	US		Lansing Community College
35	20/03/2023	-	-	REF2924	Organizations in southern and southeast Asia	Researchers from Elastic discover Naplistener, a novel data-stealing malware with high capabilities to evade detection.	Malware	Multiple Industries	Cyber Crime	>1		Elastic, Naplistener
36	20/03/2023	During the previous week	During the previous week	Chinese Military	Qantas	Australian airline Qantas issues standing orders to its pilots advising them that some of its fleet experienced interference on VHF stations from sources purporting to be the Chinese Military.	VHF Interference	Transportation and storage	Cyber Warfare	AU		Qantas, Chinese Military
37	20/03/2023	-	-	Mispadu	Banking users Chile, Mexico, Peru and Portugal	Researchers from Metabase Q discover twenty different spam campaigns relying on the Mispadu banking Trojan were discovered targeting victims in Chile, Mexico, Peru and Portugal.	Malware	Finance and insurance	Cyber Crime	CL MX PE PT		Metabase Q, Mispadu
38	20/03/2023	20/03/2023	20/03/2023	?	News24 Twitter account	The Twitter account of one of the leading news channels in India – News24 – is the victim of a cryptocurrency scheme, with attackers breaching their security to post phishing links of a fake XRP drop.	Account Takeover	Information and communication	Cyber Crime	IN		Twitter, News24, XRP
39	20/03/2023	During July 2022	During July 2022	?	Oklahoma City University (OCU)	Oklahoma City University (OCU) files a notice of data breach after learning that a cyberattack compromised the security of current and former students and employees,	Unknown	Education	Cyber Crime	US		Oklahoma City University, OCU
40	20/03/2023	20/03/2023	20/03/2023	?	Shoreline Community College	A ransomware attack forces the majority of Shoreline Community College students and staff to transition to remote work.	Malware	Education	Cyber Crime	US		Shoreline Community College
41	20/03/2023	20/03/2023	20/03/2023	?	Consejo Nacional de Supervisión del Sistema Financiero (CONASSIF)	The website of the Costa Rican Consejo Nacional de Supervisión del Sistema Financiero (CONASSIF) is defaced.	Defacement	Finance and insurance	Cyber Crime	CR		Consejo Nacional de Supervisión del Sistema Financiero, CONASSIF
42	21/03/2023	21/03/2023	21/03/2023	pro-Russia Threat Actors	Skylink	M7 Group’s Czech and Slovak operator Skylink is the victim of a DDoS attack by Russian threat actors.	DDoS	Information and communication	Hacktivism	CZ SK		M7 Group, Skylink, Russia
43	21/03/2023	-	-	Clop (AKA Cl0p)	Saks Fifth Avenue	The Clop ransomware gang claims to have attacked Saks Fifth Avenue on its dark web leak site.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Wholesale and retail	Cyber Crime	US		Cl0p, Clop, ransomware, Saks Fifth Avenue, CVE-2023-0669 Fortra GoAnywhere
44	21/03/2023	Since at least September 2021	During October 2022	Bad Magic (State-sponsored threat actor)	Government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions	Researchers from Kaspersky discover a campaign targeting government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions via a previously unseen malicious framework called CommonMagic and a new backdoor called PowerMagic.	Targeted Attack	Multiple Industries	Cyber Espionage	UA		Dropbox, OneDrive, Kaspersky, Donetsk, Lugansk, Crimea, CommonMagic, PowerMagic, Bad Magic
45	21/03/2023	-	-	?	Multiple organizations	Researchers from Sucuri discover a new credit card stealing campaign hiding the malicious code inside the 'Authorize.net' payment gateway module for WooCommcerce, to evade detection by security scans.	Malicious Script Injection	Wholesale and retail	Cyber Crime	>1		Sucuri. Authorize.net, WooCommcerce
46	21/03/2023	-	-	?	Android users	Google suspends the Chinese shopping app Pinduoduo on its app store after malware was discovered in versions of the app from other sources.	Malware	Individual	Cyber Crime	>1		Google, Pinduoduo, Android
47	21/03/2023	Since early January 2023	Early January 2023	Nexus	Android Banking users	Researchers from Cleafy discover Nexus, and Android malware able to perform account takeover (ATO) attacks against more than 450 financial applications.	Malware	Finance and insurance	Cyber Crime	>1		Cleafy, Nexus, Android, Account Takeover, ATO
48	21/03/2023	From January 2022 to January 2023	During 2022	?	Job seekers in Middle East	Researchers from Group-IB discover a campaign leveraging more than 2400 scam pages targeting Arabic-speaking job seekers in 13 countries	Account Takeover	Individual	Cyber Crime	>1		Group-IB
49	21/03/2023	During February and March 2023	-	APT37 (AKA ScarCruft or Temp.Reaper)	Individuals in various South Korean organizations	Researchers from Zscaler discover a new campaign by the North Korean APT27 threat actor, using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware onto targeted machines.	Targeted Attack	Multiple Industries	Cyber Espionage	KR		APT37, ScarCruft, Temp.Reaper, Zscaler, North Korea, Microsoft Compiled HTML Help, CHM
50	21/03/2023	'Recently'	'Recently'	SideCopy APT	India's Defense Research and Development Organization (DRDO)	Security researchers from Cyble discover a new campaign by the Pakistani cyberespionage group SideCopy APT employing fresh tactics to target workers at India's Defense Research and Development Organization and steal sensitive military secrets.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	IN		Cyble, India, Pakistan, SideCopy APT, Defense Research and Development Organization, DRDO
51	21/03/2023	17/11/2022	17/11/2022	?	Top of the World Ranch Treatment Center	Top of the World Ranch Treatment Center discloses a healthcare data breach that stemmed from unauthorized access to one business email account.	Account Takeover	Human health and social work	Cyber Crime	US		Top of the World Ranch Treatment Center
52	22/03/2023	Since 14/03/2023	During March 2023	?	Facebook users	Researchers from Guardio Labs discover a trojanized version of the legitimate ChatGPT extension for Chrome, called FakeGPT, gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts.	Malware	Individual	Cyber Crime	>1		Guardio Labs, ChatGPT, Chrome, FakeGPT, Chrome Web Store, Facebook
53	22/03/2023	-	-	?	Multiple organizations	Researchers from Phylum discover 'onyxproxy', a malicious package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised devices.	Malware	Multiple Industries	Cyber Crime	>1		Phylum, 'onyxproxy', PyPI, Unicode
54	22/03/2023	'Recently'	'Recently'	?	Municipal government organization	InQuest Labs analysts detect a phishing attack discovered by a municipal government organization, hosting the phishing pages on Raven and Microsoft Azure.	Account Takeover	Public admin and defence, social security	Cyber Crime	N/A		InQuest Labs, Raven, Microsoft Azure.
55	22/03/2023	-	-	Clop (AKA Cl0p)	AvidXchange	Payment software startup AvidXchange joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Professional, scientific and technical	Cyber Crime	US		AvidXchange, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
56	22/03/2023	-	-	Clop (AKA Cl0p)	Galderma	Swiss pharmaceutical giant Galderma joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Professional, scientific and technical	Cyber Crime	CH		Galderma, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
57	22/03/2023	-	-	Clop (AKA Cl0p)	ITx Companies	Healthcare call center provider ITx Companies joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Administration and support service	Cyber Crime	US		ITx Companies, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
58	22/03/2023	-	-	Clop (AKA Cl0p)	Brightline	Child mental health startup Brightline joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Human health and social work	Cyber Crime	US		Brightline, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
59	22/03/2023	-	-	Clop (AKA Cl0p)	Emerald Expositions	Events planner Emerald Expositions joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Administration and support service	Cyber Crime	US		Emerald Expositions, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
60	22/03/2023	-	-	Clop (AKA Cl0p)	MedMinder	MedMinder joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Administration and support service	Cyber Crime	US		MedMinder, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
61	22/03/2023	-	-	Clop (AKA Cl0p)	Onex	Private equity firm Onex joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Finance and insurance	Cyber Crime	CA		Onex, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
62	22/03/2023	-	-	Clop (AKA Cl0p)	Homewood Health	Rehab and mental health provider Homewood Health joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Human health and social work	Cyber Crime	CA		Homewood Health, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
63	22/03/2023	-	-	Clop (AKA Cl0p)	Guinness Partnership	England-based affordable housing provider Guinness Partnership joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Real estate	Cyber Crime	UK		Guinness Partnership, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
64	22/03/2023	-	-	Clop (AKA Cl0p)	Avidia Bank	Retail banking company Avidia Bank joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Finance and insurance	Cyber Crime	US		Avidia Bank, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
65	22/03/2023	-	-	Clop (AKA Cl0p)	Medex Healthcare	Medex Healthcare joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Administration and support service	Cyber Crime	US		Medex Healthcare, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
66	22/03/2023	-	-	Clop (AKA Cl0p)	Cornerstone Home Lending	Cornerstone Home Lending joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Finance and insurance	Cyber Crime	US		Cornerstone Home Lending, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
67	22/03/2023	-	-	Clop (AKA Cl0p)	Grupo Vanti	Colombian energy giant Grupo Vanti joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Electricity, gas steam, air conditioning	Cyber Crime	CO		Grupo Vanti, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT
68	22/03/2023	-	-	?	Undisclosed Insurance Firm	Researchers from Abnormal Security reveal the details of an attempted $36M Business Email Compromise attack against an insurance firm.	Business Email Compromise	Finance and insurance	Cyber Crime	N/A		Abnormal Security
69	22/03/2023	17/03/2023	17/03/2023	?	Alliance Healthcare	Alliance Healthcare, the fourth largest pharmaceutical distributor in Spain, is hit with a cyber attack.	Unknown	Wholesale and retail	Cyber Crime	ES		Alliance Healthcare
70	22/03/2023	-	-	Kritec	Multiple organizations	Researchers from Malwarebytes discover a web skimming campaign carried out through a new skimmer dubbed Kritec, targeting Magento stores and abusing Google Tag Manager.	Malicious Script Injection	Wholesale and retail	Cyber Crime	>1		Malwarebytes, Kritec, Magento, Google Tag Manager
71	22/03/2023	Since Late November 2022	During Late November 2022	AiD Lock aka DarkBLUP	Multiple organizations	Researchers from Intel471 discover AresLoader, a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism, offering a “binder” tool that allows users to masquerade their malware as legitimate software.	Malware	Multiple Industries	Hacktivism	>1		AiD Lock, DarkBLUP, Intel471, AresLoader, Russia
72	22/03/2023	-	31/01/2023	?	US Wellness	US Wellness files a notice of data breach after learning that a data security incident at one of the company’s vendors compromised certain customers’ protected health information.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Professional, scientific and technical	Cyber Crime	US		US Wellness, CVE-2023-0669, Fortra, GoAnywhere
73	22/03/2023	22/03/2023	22/03/2023	NoName057(16)	Italian Ministry of Infrastructure and Transport	The Italian Ministry of Infrastructure and Transport is taken down by a DDoS attack launched by the pro-Russian hacktivists of the NoName057(16) collective.	DDoS	Public admin and defence, social security	Hacktivism	IT		Italian Ministry of Infrastructure and Transport, Russia, NoName057(16) collective.
74	23/03/2023	-	20/03/2023	Clop (AKA Cl0p)	City of Toronto	The City of Toronto appears among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Public admin and defence, social security	Cyber Crime	CA		City of Toronto, CVE-2023-0669. Fortra GoAnywhere, Clop, Cl0p
75	23/03/2023	-	-	Clop (AKA Cl0p)	Virgin Red	Virgin Red, the Virgin Rewards program, appears among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Arts entertainment, recreation	Cyber Crime	UK		Virgin Red, CVE-2023-0669. Fortra GoAnywhere, Clop, Cl0p
76	23/03/2023	-	-	Clop (AKA Cl0p)	UK’s Pension Protection Fund (PPF)	The UK’s Pension Protection Fund (PPF) appears among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Finance and insurance	Cyber Crime	UK		UK’s Pension Protection Fund, PPF, CVE-2023-0669. Fortra GoAnywhere, Clop, Cl0p
77	23/03/2023	-	-	Clop (AKA Cl0p)	Munich Re	Munich Re, the German insurance company, appears among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Finance and insurance	Cyber Crime	DE		Munich Re, CVE-2023-0669. Fortra GoAnywhere, Clop, Cl0p
78	23/03/2023	-	Early February 2023	Clop (AKA Cl0p)	Procter & Gamble (P&G)	Procter & Gamble (P&G) appears among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Finance and insurance	Cyber Crime	DE		Procter & Gamble, P&G, CVE-2023-0669. Fortra GoAnywhere, Clop, Cl0p
79	23/03/2023	-	-	Clop (AKA Cl0p)	Volaris	Mexican airline Volaris appears among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Transportation and storage	Cyber Crime	MX		Volaris, CVE-2023-0669. Fortra GoAnywhere, Clop, Cl0p
80	23/03/2023	-	-	Clop (AKA Cl0p)	Gray Television	US-based TV network Gray Television appears among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Transportation and storage	Cyber Crime	US		Gray Television, CVE-2023-0669. Fortra GoAnywhere, Clop, Cl0p
81	23/03/2023	-	-	Clop (AKA Cl0p)	Pluralsight	Pluralsight appears among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Education	Cyber Crime	US		Pluralsight, CVE-2023-0669. Fortra GoAnywhere, Clop, Cl0p
82	23/03/2023	Since November 2022	After November 2022	BlackGuard stealer	Multiple organizations	Researchers from AT&T Alien Labs discover a new variant of the BlackGuard stealer, featuring new capabilities like USB propagation, persistence mechanisms, loading additional payloads in memory, and targeting additional crypto wallets.	Malware	Multiple Industries	Cyber Crime	>1		AT&T Alien Labs, BlackGuard stealer
83	23/03/2023	-	-	Emotet	U.S. taxpayers	Researchers from Malwarebytes and Palo Alto Networks discover a new Emotet phishing campaign targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and partner companies.	Malware	Individual	Cyber Crime	US		Malwarebytes, Palo Alto Networks, Emotet, W-9, Internal Revenue Service
84	23/03/2023	-	-	?	At least 1600 individuals across Europe, the US and other countries	Researchers from Kaspersky discover a novel phishing scam relying on legitimate servers from Microsoft’s collaborative platform SharePoint, targeting at least 1600 individuals across Europe, the US and other countries using a native notification mechanism.	Account Takeover	Individual	Cyber Crime	>1		Kaspersky, Microsoft, SharePoint
85	23/03/2023	-	-	?	City of Oak Ridge	The city of Oak Ridge in Tennessee reveals that city officials are working with law enforcement and cybersecurity experts to deal with a ransomware attack affecting its technology systems.	Malware	Public admin and defence, social security	Cyber Crime	US		Oak Ridge, Tennessee, ransomware
86	23/03/2023	10/03/2023	10/03/2023	?	Walsall Healthcare NHS Trust	The Walsall Healthcare NHS Trust, which runs Walsall Manor Hospital, discloses that it has been impacted by a “contained” cyber incident.	Unknown	Human health and social work	Cyber Crime	UK		Walsall Healthcare NHS Trust, Walsall Manor Hospital
87	23/03/2023	'Early this week'	'Early this week'	?	Wisconsin Court System	Wisconsin Court System is hit with a DDoS attack.	DDoS	Public admin and defence, social security	Cyber Crime	US		Wisconsin Court System
88	23/03/2023	During Q1 2023	During Q1 2023	Chinese threat actors (linked to APT41 and Gallium?)	Telecommunication providers in the Middle East	Researchers from Sentinel One reveal the details of 'Operation Tainted Love', an operation carried out by a Chinese threat actor linked to APT41 and Gallium, targeting telecommunication providers in the Middle East	Targeted Attack	Information and communication	Cyber Espionage	>1		Sentinel One, Operation Tainted Love, APT41, Gallium
89	23/03/2023	03/01/2023	23/01/2023	?	iD Tech	Attackers steal the personal data of about one million of users from kids’ tech coding camp iD Tech.	Unknown	Education	Cyber Crime	US		iD Tech
90	23/03/2023	-	-	?	At least 1600 individuals across Europe, the US and other countries	Researchers from Kaspersky discover a novel phishing scam relying on legitimate servers from Microsoft’s collaborative platform SharePoint, targeting at least 1600 individuals across Europe, the US and other countries using a native notification mechanism.	Account Takeover	Individual	Cyber Crime	>1		Microsoft SharePoint
91	23/03/2023	During 2022	During 2022	?	Over 51,000 websites	Researchers from Palo Alto Networks reveal the details of an ongoing widespread malicious JavaScript (JS) injection campaign that redirects victims to malicious content such as adware and scam pages.	Malicious Script Injection	Wholesale and retail	Cyber Crime	>1		Palo Alto Networks
92	23/03/2023	Mid-February 2023	Mid-February 2023	?	Instagram users from various countries including the UK, Australia, France, Spain, and Poland	Researchers from Avast discover a new scam, using fake SHEIN gift cards as lure, and targeting Instagram users from various countries including the UK, Australia, France, Spain, and Poland.	Instagram Scam	Individual	Cyber Crime	AU ES FR UK PL >1		Avast, SHEIN, Instagram
93	23/03/2023	Since March 2023	During March 2023	Cinoshi	Multiple organizations	Researchers from Cyble discover a new Malware-as-a-Service (MaaS) platform called “Cinoshi”, consisting of a stealer, botnet, clipper, and cryptominer.	Malware	Multiple Industries	Cyber Crime	>1		Cyble, Cinoshi
94	23/03/2023	23/03/2023	23/03/2023	NoName057(16)	Italian Constitutional Court	The pro-Russian collective takes down the website of the Italian Constitutional Court.	DDoS	Public admin and defence, social security	Hacktivism	IT		NoName057(16), Italian Constitutional Court, Russia
95	24/03/2023	'Recently'	'Recently'	Bitter APT	Various Chinese nuclear energy companies and academics related to that field.	Researchers from Intezer disclose a cyber espionage campaign carried out by the group tracked as 'Bitter APT' targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders.	Targeted Attack	Electricity, gas steam, air conditioning	Cyber Espionage	CN		Intezer, Bitter APT, China
96	24/03/2023	-	-	?	Multiple organizations in the U.S.	The Federal Bureau of Investigation warns companies in the U.S. of threat actors using tactics similar to business email to steal various goods from vendors.	Business Email Compromise	Multiple Industries	Cyber Crime	US		Federal Bureau of Investigation, FBI
97	24/03/2023	-	-	?	Individuals	Researchers from Uptycs discover a new info-stealing malware named MacStealer, targeting Mac users, stealing their credentials stored in the iCloud KeyChain and web browsers, cryptocurrency wallets, and potentially sensitive files.	Malware	Individual	Cyber Crime	>1		Uptycs, MacStealer, iCloud KeyChain
98	24/03/2023	-	-	Clop (AKA Cl0p)	Government of Tasmania	The Clop ransomware gang adds the government of Tasmania to its list of organizations breached via the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Public admin and defence, social security	Cyber Crime	AU		Clop, Cl0p, ransomware, Government of Tasmania, CVE-2023-0669, Fortra GoAnywhere
99	24/03/2023	-	-	?	University of New Orleans	The University of New Orleans restores its network after the Louisiana State Police said it found evidence that their systems had been compromised.	Unknown	Education	Cyber Crime	US		University of New Orleans, Louisiana State Police
100	24/03/2023	-	-	?	LSU Agricultural Center	The LSU Agricultural Center restores its network after the Louisiana State Police said it found evidence that their systems had been compromised.	Unknown	Education	Cyber Crime	US		LSU Agricultural Center, Louisiana State Police
101	24/03/2023	-	-	?	Nunez Community College	The Nunez Community College restores its network after the Louisiana State Police said it found evidence that their systems had been compromised.	Unknown	Education	Cyber Crime	US		Nunez Community College, Louisiana State Police
102	24/03/2023	-	-	?	River Parishes Community College	The River Parishes Community College restores its network after the Louisiana State Police said it found evidence that their systems had been compromised.	Unknown	Education	Cyber Crime	US		River Parishes Community College, Louisiana State Police
103	24/03/2023	-	-	?	Southern University at Shreveport	The Southern University at Shreveport restores its network after the Louisiana State Police said it found evidence that their systems had been compromised.	Unknown	Education	Cyber Crime	US		Southern University at Shreveport, Louisiana State Police
104	24/03/2023	01/02/2023	04/02/2023	?	NCB Management Services	Nearly half a million people have their sensitive financial information leaked during a cyberattack on NCB Management Services – a company that purchases debt.	Unknown	Finance and insurance	Cyber Crime	US		NCB Management Services
105	24/03/2023	between January 2020 and March 2023	-	Two men and two women	At least 15 victims	The Australian Federal Police (AFP) arrests four members of a cybercriminal syndicate that has laundered $1.7 million stolen from at least 15 victims between January 2020 and March 2023.	Business Email Compromise	Individual	Cyber Crime	AU		Australian Federal Police, AFP
106	24/03/2023	-	-	Clop (AKA Cl0p)	Atos	The French IT company ATOS confirms that Nimbix, a subsidiary, suffered a Clop ransomware attack occurred exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.	Malware	Professional, scientific and technical	Cyber Crime	FR		ATOS, Nimbix, Clop, Cl0p, ransomware, CVE-2023-0669, Fortra GoAnywhere MFT Vulnerability.
107	24/03/2023	Between 10/11/2022 and 27/11/2022	27/11/2022	?	American Pain and Wellness	American Pain and Wellness files a notice of data breach after learning that an unauthorized party was able to access confidential patient data stored on the company’s computer network.	Unknown	Human health and social work	Cyber Crime	US		American Pain and Wellness
108	24/03/2023	-	-	?	Tri Counties Bank	Tri Counties Bank posts a “Network Outage Update” after determining that a recent ransomware attack may have resulted in confidential consumer data being exposed to hackers.	Malware	Finance and insurance	Cyber Crime	US		Tri Counties Bank, ransomware
109	24/03/2023	-	-	?	Frideres Dental	Frideres Dental confirms that the protected health information of 1,596 patients was potentially compromised in a cyberattack.	Unknown	Human health and social work	Cyber Crime	US		Frideres Dental
110	24/03/2023	-	18/03/2023	ALPHV AKA BlackCat	Fabrega Molino	Fabrega Molino is Panamanian law firm is reportedly hacked by the BlackCat ransomware gang, which claims to have 113GB of files.	Malware	Professional, scientific and technical	Cyber Crime	PA		ALPHV, BlackCat, Fabrega Molino, ransomware
111	24/03/2023	-	-	Medusa	Vazquez Nava Consultores y Abogados	Vazquez Nava Consultores y Abogados, a Mexican firm of consultants and lawyers, is added to the Medusa ransomware leak site.	Malware	Professional, scientific and technical	Cyber Crime	MX		Medusa, ransomware, Vazquez Nava Consultores y Abogados
112	24/03/2023	-	-	?	U.S: Postal Service’s PostalEASE system	Some United States Postal Service workers in the eastern North Carolina and Jacksonville area lose their paychecks due to a cyber attack.	Account Takeover	Public admin and defence, social security	Cyber Crime	US		U.S: Postal Service’s PostalEASE system
113	24/03/2023	17/03/2023	17/03/2023	?	NGS Super	The Australian pension fund NGS Super confirms a cyberattack that occurred earlier this month, in which "some limited data" was stolen	Unknown	Finance and insurance	Cyber Crime	AU		NGS Super
114	24/03/2023	Since 16/03/2023	16/03/2023	?	Swerve Finance	A hacker tries to unsuccessfully drain funds from Swerve Finance for more than a week.	Governance Attack	Fintech	Cyber Crime	N/A		Swerve Finance
115	24/03/2023	-	-	RansomHouse	Municipality of Taggia	The Italian Municipality of Taggia is hit by the RansomHouse ransomware gang.	Malware	Public admin and defence, social security	Cyber Crime	IT		Municipality of Taggia, RansomHouse, ransomware
116	24/03/2023	-	-	?	Individuals in Italy	A new campaign delivering the Mekotio malware using the company Leonardo as a bait, hits victims in Italy.	Malware	Individual	Cyber Crime	IT		Mekotio, Leonardo
117	24/03/2023	Between 02/01/2022 and 10/01/2022	During January 2022	?	University of the People (UoPeople)	The University of the People (UoPeople) files a notice of data breach after learning that an unauthorized party was able to access confidential information stored on the school’s SharePoint platform.	Unknown	Education	Cyber Crime	US		University of the People, UoPeople
118	25/03/2023	Since 29/01/2023	-	Dark Power	Multiple organizations	A new ransomware operation named 'Dark Power' appears, and it has already listed its first victims on a dark web data leak site, threatening to publish the data if a ransom is not paid.	Malware	Multiple Industries	Cyber Crime	>1		Ransomware, Dark Power
119	25/03/2023	23/03/2023	23/03/2023	?	Arbitrum	Attacker manage to steal $500,000 worth of tokens from layer-2 scaling solution Arbitrum’s March 23 airdrop	Vanity Addresses	Fintech	Cyber Crime	N/A		Arbitrum
120	25/03/2023	-	-	RansomHouse	Cospec	The Italian manufacturing Cospec is hit with a RansomHouse ransomware attack.	Malware	Manufacturing	Cyber Crime	IT		Cospec, RansomHouse, ransomware
121	25/03/2023	25/03/2023	25/03/2023	NoName057(16)	Several government websites in Italy	A new wave of DDoS attacks by the NoName057(16) collective hits several websites in Italy including the Constitutional Court, and the National Authority of Transports.	DDoS	Public admin and defence, social security	Hacktivism	IT		NoName057(16), Constitutional Court, National Authority of Transports
122	26/03/2023	-	24/03/2023	ALPHV AKA BlackCat	Sun Pharmaceuticals	Sun Pharmaceuticals, the largest pharmaceutical company in India confirms a ransomware attack in its regulatory filings, explaining that the incident involved the theft of company data and personal information.	Malware	Professional, scientific and technical	Cyber Crime	IN		Sun Pharmaceuticals, ransomware, ALPHV, BlackCat
123	26/03/2023	26/03/2023	26/03/2023	?	Yucatan Government	The Yucatan Government is hit by a cyber attack affecting multiple services.	Unknown	Public admin and defence, social security	Cyber Crime	MX		Yucatan Government
124	26/03/2023	SInce 22/03/2023	SInce 22/03/2023	NoName057(16)	ATAC (Azienda Tramvie e Autobus del Comune di Roma)	ATAC, the company managing the public transportation of the city of Rome, is hit by a DDoS attack launched by the pro-Russian NoName057(16) collective.	DDoS	Transportation and storage	Hacktivism	IT		ATAC, Azienda Tramvie e Autobus del Comune di Roma, Russia, NoName057(16)
125	26/03/2023	26/03/2023	26/03/2023	?	Vending machines in Italy	Several vending machines distributing cigarettes in Italy are hijacked in support of Alfredo Cospito, an Italian anarchist in jail under the the 41-bis hard prison regime.	Unknown	Wholesale and retail	Hacktivism	IT		Alfredo Cospito
126	27/03/2023	Since at least 10/03/2023	10/03/2023	?	Multiple organizations	Researchers from Proofpoint discover a new IcedID campaign using HTML Smuggling to drop a password protected, zipped Windows Script File (WSF).	Malware	Multiple Industries	Cyber Crime	>1		Proofpoint, IcedID, HTML Smuggling, Windows Script File, WSF
127	27/03/2023	Since at least 03/02/2023	03/02/2023	?	Multiple organizations	Researchers from Proofpoint discover a new IcedID campaign using invoice-themed email lures to deliver IcedID via Microsoft OneNote attachments.	Malware	Multiple Industries	Cyber Crime	>1		Proofpoint, IcedID, Microsoft OneNote
128	27/03/2023	Between 20/03/2023 and 23/03/2023	Between 20/03/2023 and 23/03/2023	?	Multiple organizations	Researchers from Proofpoint discover a new IcedID campaign using two different email lures: a recall notice from the National Traffic and Motor Vehicle Safety Act; and a violation from the U.S. Food and Drug Administration (FDA) to deliver the IcedID malware.	Malware	Multiple Industries	Cyber Crime	US		Proofpoint, IcedID, National Traffic and Motor Vehicle Safety Act, U.S. Food and Drug Administration, FDA
129	27/03/2023	-	-	Clop (AKA Cl0p)	Crown Resorts	Crown Resorts, Australia's largest gambling and entertainment company, confirms that it suffered a ransomware attack after its GoAnywhere secure file-sharing server was breached using the CVE-2023-0669 zero-day vulnerability.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Arts entertainment, recreation	Cyber Crime	AU		Crown Resorts, Clop, Cl0p, GoAnywhere, CVE-2023-0669
130	27/03/2023	-	-	?	Lumen Technologies	Lumen Technologies tells regulators that it had discovered two cybersecurity incidents, including a ransomware attack that has been degrading services for some enterprise customers.	Malware	Information and communication	Cyber Crime	US		Lumen Technologies, ransomware
131	27/03/2023	10/03/2023	10/03/2023	Ransom House	Tanbridge House School	The Tanbridge House School is listed in the Ransom House ransomware gang leak site.	Malware	Education	Cyber Crime	UK		Tanbridge House School, Ransom House, ransomware
132	27/03/2023	During March 2023	During March 2023	NullMixer	Multiple organizations	A recent NullMixer campaign hits targets in Italy, France and North America.	Malware	Multiple Industries	Cyber Crime	CA FR IT US		NullMixer
133	27/03/2023	During 2022	During 2022	Multiple threat actors	Multiple organizations	Researchers from Kaspersky discover a surge of phishing campaigns carried out exploiting the distributed Interplanetary File System (IPFS).	Account Takeover	Multiple Industries	Cyber Crime	>1		Kaspersky, Interplanetary File System, IPFS
134	27/03/2023	-	-	DBatLoader	Multiple organizations in Europe	Researchers from Zscaler discover a new DBatLoader campaign distributing the Remcos RAT and Formbook malware.	Malware	Multiple Industries	Cyber Crime	>1		Zscaler, DBatLoader, Remcos, Formbook
135	27/03/2023	-	11/12/2022	?	Bright Horizons Family Solutions	Bright Horizons Family Solutions files a notice of data breach after learning that an unauthorized actor logged on to the company’s corporate system and stole files containing confidential employee information.	Unknown	Education	Cyber Crime	US		Bright Horizons Family Solutions
136	27/03/2023	Between 28/01/2023 and 31/01/2023	05/02/2023	Clop (AKA Cl0p)?	Blue Shield of California	Blue Shield of California files a notice of data breach after learning that one of the company’s vendors, Fortra, was the target of a cyberattack.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Human health and social work	Cyber Crime	US		Blue Shield of California, Fortra, CVE-2023-0669, GoAnywhere, ransomware, Clop, Cl0p
137	27/03/2023	-	-	Six members of a criminal gang	Multiple organizations	Indian police arrests six members of an alleged criminal gang that sold the personal data of 168 million Indian citizens, including defense personnel and government employees.	>1	Multiple Industries	Cyber Crime	IN
138	27/03/2023	22/12/2022	22/12/2022	?	Nonstop Administration and Insurance Services (NAIS)	Nonstop Administration and Insurance Services (NAIS) announces that the protected health information of employees of its clients has been exposed to an unknown party, who claimed to have accessed company data.	Account Takeover	Administration and support service	Cyber Crime	US		Nonstop Administration and Insurance Services, NAIS
139	28/03/2023	Since late 2018	-	APT43 (AKA Kimsuky, Thallium)	Government organizations, academics, and think tanks in the United States, Europe, Japan, and South Korea for the past five years.	Researchers from Mandiant disclose the details of APT43, a new North Korean group, financially motivated and engaged in cyber espionage operations, targeting government organizations, academics, and think tanks in the United States, Europe, Japan, and South Korea for the past five years.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	EU JP KR US		Mandiant, APT43, Kimsuky, Thallium
140	28/03/2023	From September 2022	From September 2022	?	Tor users in Russia and Eastern Europe	Researchers from Kaspersky discover a surge of trojanized Tor Browser installers targeting Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users' cryptocurrency transactions.	Malware	Fintech	Cyber Crime	EU RU		Kaspersky,Tor
141	28/03/2023	21/02/2023	Between 14/02/2023 and 21/02/2023	?	AudienceView	AudienceView, an online ticketing platform, discloses to have been hit by a cyber attack impacting students at dozens of the biggest universities and colleges in the U.S. and Canada.	Malware	Arts entertainment, recreation	Cyber Crime	US		AudienceView
142	28/03/2023	From late April or May 2022.	'Recently'	Winnti	Multiple organizations	Researchers from ExaTrack discover Mélofée, a stealthy Linux implant allowing Chinese cyberespionage group Winnti to conduct targeted attacks.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		ExaTrack, Mélofée, Linux, China, Winnti
143	28/03/2023	-	13/12/2022	?	Majestic Care	Majestic Care files a notice of data breach after learning that hackers successfully launched a cyberattack, giving them access to confidential information belonging to current and former residents and staff members.	Unknown	Human health and social work	Cyber Crime	US		Majestic Care
144	28/03/2023	-	-	?	Central National Bank	Central National Bank files a notice of data breach after learning that confidential client data entrusted to the bank was leaked following a cybersecurity event.	Unknown	Finance and insurance	Cyber Crime	US		Central National Bank
145	28/03/2023	-	-	LockBit 3.0	Tecnosys Italia	Tecnosys Italia is hit with a LockBit 3.0 ransomware attack.	Malware	Administration and support service	Cyber Crime	IT		Tecnosys Italia, LockBit 3.0, ransomware
146	29/03/2023	-	-	North Korean state-backed hacking group? (Labyrinth Collima AKA Lazarus Group, Covellite, UNC4034, Zinc, Nickel Academy)	Multiple organizations	A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client compromised via exploitation of the CVE-2013-3900 vulnerability, is reportedly being used to target the company’s customers in an ongoing supply chain attack.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		North Korea, Labyrinth Collima, Lazarus Group, Covellite, UNC4034, Zinc, Nickel Academy, 3CX, Voice Over IP, VOIP, CVE-2013-3900
147	29/03/2023	Since November 2022	-	?	Individuals in Italy, Malaysia, Kazakhstan	Researchers from Google's Threat Analysis Group (TAG) discover a new campaign targeting iOS and Android users to install commercial spyware and malicious apps.	CVE-2022-42856, CVE-2021-30900, CVE-2022-4135, CVE-2022-38181, and CVE-2022-3723 Vulnerabilities	Unknown	Cyber Espionage	IT MY KZ		Google's Threat Analysis Group, TAG, iOS, Android, CVE-2022-42856, CVE-2021-30900, CVE-2022-4135, CVE-2022-38181
148	29/03/2023	Since at least December 2022	During December 2022	?	Individuals the United Arab Emirates (UAE)	Researchers from Google's Threat Analysis Group (TAG) discover a new campaign targeting Samsung Android users to install commercial spyware and malicious apps.	CVE-2022-4262, CVE-2022-3038, CVE-2022-22706, CVE-2023-0266 Vulnerabilities	Unknown	Cyber Espionage	UAE		Google's Threat Analysis Group, TAG, Samsung, Android, CVE-2022-4262, CVE-2022-3038, CVE-2022-22706, CVE-2023-0266
149	29/03/2023	28/03/2023	28/03/2023	?	SafeMoon	The SafeMoon token liquidity pool loses $8.9 million after an attacker exploited a newly created 'burn' smart contract function that artificially inflated the price, allowing the actors to sell SafeMoon at a much higher price.	Smart Contract Vulnerability	Fintech	Cyber Crime	N/A		SafeMoon, Liquidity Pool
150	29/03/2023	Since at least 28/03/2023	28/03/2023	Money Message	Multiple organizations worldwide	Researchers from Zscaler discover a new ransomware gang named 'Money Message', targeting victims worldwide and demanding million-dollar ransoms not to leak data and release a decryptor.	Malware	Multiple Industries	Cyber Crime	>1		Zscaler, Money Message, ransomware
151	29/03/2023	21/02/2023	21/02/2023	LockBit 3.0	Washington County Sheriff’s Office	The LockBit ransomware group leaks data it stole from Washington County Sheriff’s Office in northeastern Florida.	Malware	Public admin and defence, social security	Cyber Crime	US		LockBit 3.0, LockBit, ransomware, Washington County Sheriff’s Office, Florida
152	29/03/2023	-	-	Play	BMW Local Dealer in France	The Play ransomware group claims to have hit BMW France, but in reality the victim turns out to be a local dealer.	Malware	Wholesale and retail	Cyber Crime	FR		Play, ransomware, BMW France
153	29/03/2023	During 2022	During 2022	Mustang Panda (AKA Earth Preta, RedDelta, and TA416)	Over 200 organizations worldwide	Researchers from Trend Micro disclose the details of multiple campaigns launched by the Chinese threat actor Mustang Panda, targeting over 200 organizations worldwide.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		Mustang Panda, Earth Preta, RedDelta, TA416, Trend Micro, China
154	29/03/2023	-	-	LockBit 3.0	South Korean National Tax Service (nts.go.kr)	The LockBit 3.0 ransomware gang claims to have breached the South Korean National Tax Service and threatens to leak the stolen data.	Malware	Public admin and defence, social security	Cyber Crime	KR		LockBit 3.0, LockBit, South Korean National Tax Service, nts.go.kr, ransomware
155	29/03/2023	29/03/2023	29/03/2023	NoName057(16)	French National Assembly	NoName057(16), an anti-Ukrainian hacktivist collective, takes down the website of the French National Assembly in retaliation for France’s support for Ukraine.	DDoS	Public admin and defence, social security	Hacktivism	FR		French National Assembly, NoName057(16), Russia, Ukraine
156	29/03/2023	29/03/2023	29/03/2023	NoName057(16)	Children’s Parliament	NoName057(16), an anti-Ukrainian hacktivist collective, takes down the website of the Children’s Parliament in retaliation for France’s support for Ukraine.	DDoS	Public admin and defence, social security	Hacktivism	FR		Children’s Parliament, NoName057(16), Russia, Ukraine
157	29/03/2023	Since November 2022	During February 2023	OpcJacker	Users in Iran	Researchers from Trend Micro discover a new information-stealing malware called OpcJacker, targeting users in Iran via fake VPN malvertising.	Malware	Individual	Cyber Crime	IR		Trend Micro, OpcJacker
158	29/03/2023	-	-	LummaC2	Multiple organizations	Researchers from Ahnlab discover a new Infostealer called “LummaC2”, distributed disguised as illegal programs such as cracks and keygens.	Malware	Multiple Industries	Cyber Crime	N/A		Ahnlab, LummaC2
159	29/03/2023	28/03/2023	28/03/2023	?	Newton Public Schools	The Newton Public Schools district cancels all classes after a computer network breach.	Unknown	Education	Cyber Crime	US		Newton Public Schools
160	29/03/2023	14/01/2023	14/01/2023	?	Meriton Suites	The hospitality giant in Australia, Meriton Suites, discloses that hackers had stolen nearly 36 gigabytes of data.	Unknown	Accommodation and food service	Cyber Crime	AU		Meriton Suites
161	30/03/2023	-	-	Cyber Resistance	Russian Colonel Serhii Atroshchenko	A group of hackers claims to have broken into the email accounts of a Russian colonel, revealing personal information and military secrets.	Account Takeover	Individual	Cyber Warfare	RU		Cyber Resistance, Serhii Atroshchenko, Russia, Ukraine
162	30/03/2023	-	-	?	Multiple organizations	Researchers from Sentinel One reveal the details of 'AlienFox', a new modular toolkit allowing threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services.	Misconfiguration	Multiple Industries	Cyber Crime	>1		Sentinel One, AlienFox
163	30/03/2023	-	-	Moobot	Vulnerable Cacti instances and RealTek devices	Researchers from Fortinet discover a new variant of the Moobot botnet targeting vulnerable Cacti instances and RealTek devices via respectively CVE-2022-46169 and CVE-2021-35394 vulnerabilities.	CVE-2022-46169 and CVE-2021-35394 Vulnerabilities	Multiple Industries	Cyber Crime	>1		Fortinet, Moobot, Cacti, RealTek, CVE-2022-46169, CVE-2021-35394
164	30/03/2023	Since January 2023	Since January 2023	ShellBot	Vulnerable Cacti instances	Researchers from Fortinet discover a new variant of the ShellBot botnet targeting vulnerable Cacti instances via respectively CVE-2022-46169	CVE-2022-46169 and CVE-2021-35394 Vulnerabilities	Multiple Industries	Cyber Crime	>1		Fortinet, ShellBot, Cacti, CVE-2022-46169
165	30/03/2023	-	-	?	Users in France, Spain, Poland, the Czech Republic, Portugal, and other European countries	Ukraine's cyber police arrests members of a fraud gang that stole roughly $4,300,000 from over a thousand victims across the EU.	Account Takeover	Individual	Cyber Crime	CZ ES FR PL PT EU		Ukraine
166	30/03/2023	Since February 2023	During February 2023	Winter Vivern AKA TA473	NATO-Aligned Governments in Europe	Researchers from Proofpoint discover a new campaign by the Russian hacking group tracked as TA473, aka 'Winter Vivern,' actively exploiting CVE-2022-27926 vulnerability in unpatched Zimbra endpoints to steal the emails of NATO officials, governments, military personnel, and diplomats.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	EU		Proofpoint, TA473, Winter Vivern, CVE-2022-27926, Zimbra, NATO
167	30/03/2023	Early December 2022	44970	?	TMX Finance	TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach that exposed the personal data of 4,822,580 customers.	Unknown	Finance and insurance	Cyber Crime	CA		TMX Finance,TitleMax, TitleBucks, InstaLoan
168	30/03/2023	-	-	?	Multiple e-commerce sites using WordPress	Researchers from Patchstack reveal that threat actors are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin, when using in conjunction with the WooCommerce plugin, used by over eleven million websites.	Vulnerability	Wholesale and retail	Cyber Crime	>1		Patchstack, Elementor Pro, WordPress, WooCommerce
169	30/03/2023	-	-	TACTICAL#OCTOPUS	Individuals in the US	Researchers from Securonix identify TACTICAL#OCTOPUS, an ongoing phishing campaign targeting individuals in the US using seemingly valid tax forms and contracts. Some of the lure documents observed contained employee W-2 tax documents, I-9, and real estate purchase contracts.	Account Takeover	Individual	Cyber Crime	US		Securonix, TACTICAL#OCTOPUS, W-2 tax documents, I-9
170	30/03/2023	During 2021 and 2022	-	RedGolf	Multiple organizations in the U.S.	Researchers from Recorded Future identify a new campaign using a custom Windows and Linux backdoor KEYPLUG attributed to a threat activity group tracked as RedGolf, overlapped with APT41 and BARIUM, which is highly likely to be a Chinese state-sponsored group	Targeted Attack	Multiple Industries	>1	US		Recorded Future, Windows, Linux, KEYPLUG, RedGolf, APT41, BARIUM, China
171	30/03/2023	'In the past couple of weeks'	'In the past couple of weeks'	?	Vinted Customers	Customers of the online second-hand fashion store Vinted report stolen funds and fraudulent activity on their accounts.	Account Takeover	Wholesale and retail	Cyber Crime	>1		Vinted
172	30/03/2023	-	-	?	Piletilevi Group	Unknown attackers post an advert on a Lithuanian IT community forum, claiming to have found an exploit to access user information on ticket-selling platforms in Estonia, Latvia, and Lithuania owned by Piletilevi Group.	Unknown	Arts entertainment, recreation	Cyber Crime	EE		Piletilevi Group
173	30/03/2023	Since at least January 2023	During January 2023	Xloader	Multiple organizations	Researchers from Zscaler identify a new variant of Xloader with several modifications including additional obfuscation.	Malware	Multiple Industries	Cyber Crime	>1		Zscaler, Xloader
174	30/03/2023	-	-	?	Burns Science and Technology Charter	The principal of Burns Science and Technology Charter, a Florida science and technology charter school has resigned after allegedly writing a $100,000 check to an Elon Musk impersonator using school funds.	Internet Scam	Education	Cyber Crime	US		Burns Science and Technology Charter, Elon Musk
175	30/03/2023	During March 2023	During March 2023	PayMe100USD	Multiple organizations	Researchers from Fortinet discover PayMe100USD, a new ransomware variant written in Python.	Malware	Multiple Industries	Cyber Crime	>1		Fortinet, PayMe100USD, ransomware, Python
176	30/03/2023	-	-	?	Santa Clara Family Health Plan (SCFHP)	Santa Clara Family Health Plan (SCFHP) files a notice of data breach after learning that confidential consumer information in the company’s possession was subject to unauthorized access.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Human health and social work	Cyber Crime	US		Santa Clara Family Health Plan, SCFHP, CVE-2023-0669, Fortra GoAnywhere MFT
177	31/03/2023	03/03/2023	Between 07/03/2023 and 24/03/2023	Vice Society	Lewis & Clark College	Lewis & Clark College in Oregon is the victim of a ransomware attack by Vice Society.	Malware	Education	Cyber Crime	US		Lewis & Clark College, ransomware, Vice Society.
178	31/03/2023	-	24/03/2023	?	Blauw	Blauw, a dutch marketing firm suffers a data breach affecting 1.5 million individuals.	Unknown	Professional, scientific and technical	Cyber Crime	NL		Blauw
179	31/03/2023	05/11/2021	-	?	Adelanto HealthCare Ventures	At least eight new healthcare providers reveal to have been involved in the breach of Adelanto HealthCare Ventures, a consulting firm supporting healthcare organizations.	Account Takeover	Professional, scientific and technical	Cyber Crime	US		Adelanto HealthCare Ventures
180	31/03/2023	-	-	Cylance	Multiple organizations	Researchers at Palo Alto Networks discover a new ransomware strain dubbed Cylance, targeting Linux and Windows devices.	Malware	Multiple Industries	Cyber Crime	>1		Palo Alto Networks, ransomware, Cylance, Linux, Windows
181	31/03/2023	-	30/08/2022	?	Our Lady of the Lake University (OLLU)	Our Lady of the Lake University (OLLU) posts a notice of data breach on its website after the institution learned that an unauthorized party was able to access and remove files containing confidential student information from its computer system.	Unknown	Education	Cyber Crime	US		Our Lady of the Lake University, OLLU
182	31/03/2023	'Recently'	'Recently'	?	Southwest Healthcare Services	Southwest Healthcare Services files a notice of data breach after the organization learned that an unauthorized party was able to access confidential patient information stored on its computer system.	Unknown	Human health and social work	Cyber Crime	US		Southwest Healthcare Services
183	31/03/2023	-	-	Stormous	Instituto De Educación Secundaria Ies Emilio Canalejo Olmeda (IESCO)	The Instituto De Educación Secundaria Ies Emilio Canalejo Olmeda (IESCO) is hit by the pro-Russian Stormous ransomware group.	Malware	Education	Cyber Crime	ES		Instituto De Educación Secundaria Ies Emilio Canalejo Olmeda, IESCO, Stormous, ransomware
184	31/03/2023	'Recently'	'Recently'	?	Undisclosed organization	Researchers at CrowdStrike discover a campaign abusing WinRAR SFX archives	Malware	Unknown	Cyber Crime	N/A		Crowdstrike, WinRAR, SFX
185	31/03/2023	29/03/2023	29/03/2023	Medusa	SONDA	The Chilean IT multinational SONDA, which has a presence in 11 countries, is placed on the leaks page of the ransomware threat actor Medusa Locker.	Malware	Professional, scientific and technical	Cyber Crime	CL		SONDA, Medusa, ransomware
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

April 2023 Cyber Attacks Timeline
After the cyber attacks timelines, it’s time to publish the statistics of April 2023 where I collected...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
Q1 2023 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published in the first three months of 2023. In total...
16-30 April 2023 Cyber Attacks Timeline
In the second half of April 2023 I collected 180 events (corresponding to 12 events/day), a sharp increase compared to...
Leaky Buckets in 2023
Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...