1-15 April 2023 Cyber Attacks Timeline

Last modified: May 9, 2023

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Attack Distribution April H1 2023

Attack Techniques March H2 2023

Follow me on Twitter

Connect on Linkedin

Connect on Mastodon

In the first half of April 2023 I collected 157 events (corresponding to 10.47 events/day). Despite the number is decreasing compared to the second timeline of March (a side effect of the exploitation at scale of the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability), the values remain quite high.

As an obvious consequence, the percentage of events caused by ransomware attacks went down to 27.38% (43 out of 157 events) vs. 30.1% (54 out of 179 events) of the previous timeline.

And as an additional obvious consequence, the impact of vulnerabilities played a part in 18 out of 157 events corresponding to 11.46%, half the value of the previous timeline, 23.7% corresponding to 42 out of 177 events, and close to the first timeline of March.

16-31 March 2023 Cyber Attacks Timeline

The sustained trend of cyber attacks continued in the second half of March, where I collected…

Multi-million losses continued to plague the fintech sector, it is impossible to summarize all the entities that suffered losses in this fortnight (browse the timeline for the details), but the good news is that in some cases the attackers returned the stolen funds in exchange of a reward.

In terms of mega breaches there is just one remarkable event, and is the compromise of the details of 55 million Thai citizens, after the breach of an unnamed government agency by a threat actor calling themselves 9Near.

The Cyber Espionage front was always hot, with multiple campaigns unearthed also in the first half of April, and carried out by known threat actors such as the usual APT29, APT36, APT41, Archipelago (a subset of APT43), Vixen Panda, Mantis, and other unidentified or less known groups such as UAC-0145, which targeted an undisclosed Ukrainian utility company.

And as always, this brief summary is closed by a quick mention to the DDos attacks launched by the pro-Russian hacktivists of NoName057(16) and Killnet that were directed respectively against several government websites in Finland, and Rheinmetall, a German automotive and arms manufacturer. But also Anonymous Sudan launched some DDoS attacks against targets in Israel and India, and finally the

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map April H1 2023

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/04/2023	During October 2022	During October 2022	APT41 AKA HOODOO	Taiwanese media organization	Researchers from Google discover a campaign carried out by the Chinese Threat Actor APT41 targeting a Taiwanese media organization.	Malware	Information and Communication	Cyber Espionage	TW		APT41, HOODOO, Google
2	01/04/2023	During Q4 2022	During Q4 2022	Ursnif	Multiple organizations	Researchers from Google’s Mandiant observed a campaign distributing the URSNIF banking trojan from Google Drive	Malware	Multiple Industries	Cyber Crime	>1		Google, Mandiant, URSNIF, Google Drive
3	01/04/2023	During Q4 2022	During Q4 2022	Diceloader	Multiple organizations	Researchers from Google’s Mandiant observed a campaign distributing the DICELOADER malware from Google Drive	Malware	Multiple Industries	Cyber Crime	>1		Google, Mandiant, DICELOADER, Google Drive
4	01/04/2023	Since at least 16/03/2023	Since at least 16/03/2023	?	Multiple organizations in the U.S.	Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid.	Scam	Multiple Industries	Cyber Crime	US		Scam
5	01/04/2023	-	-	9Near	Unnamed Thai Government Agency	A threat actor named "9Near" claims to have stolen the personal data of 55 million Thai citizens from an unnamed Government agency.	Unknown	Public admin and defence, social security	Hacktivism	TH		9Near
6	01/04/2023	01/03/2023	28/02/2023	D0nut Leaks	Montgomery General Hospital	Montgomery General Hospital is forced to take its systems offline after it was breached and hit by a ransomware attack.	Malware	Human health and social work	Cyber Crime	US		Montgomery General Hospital, ransomware, D9nut Leaks
7	02/04/2023	-	-	?	Alpi Aviation	Alpi Aviation, an Italian aircraft manufacturer, has some customer data dumped in the XSS underground forum.	Unknown	Manufacturing	Cyber Crime	IT		Alpi Aviation, XSS
8	03/04/2023	26/03/2023	26/03/2023	?	Western Digital	Western Digital announces that its network has been breached and an unauthorized party gained access to multiple company systems. The statement suggests a possible ransomware attack.	Unknown	Manufacturing	Cyber Crime	US		Western Digital
9	03/04/2023	31/03/2023	31/03/2023	?	Capita	British outsourcing services provider Capita announces that a cyberattack is preventing access to its internal Microsoft Office 365 applications.	Unknown	Professional, scientific and technical	Cyber Crime	UK		Capita
10	03/04/2023	-	29/03/2023	North Korean state-backed hacking group? (Labyrinth Collima AKA Lazarus Group, Covellite, UNC4034, Zinc, Nickel Academy)	Multiple organizations in the cryptocurrency sector	Researchers from Kaspersky reveal that some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware, with the threat actors specifically targeting cryptocurrency companies with this additional malicious payload.	Malware	Fintech	Cyber Crime	>1		Labyrinth Collima, Lazarus Group, Covellite, UNC4034, Zinc, Nickel Academy, Kaspersky, 3CX, Gopuram
11	03/04/2023	Since October 2022	Since October 2022	ALPHV AKA BlackCat AKA UNC4466	Multiple organizations	Researchers from Mandiant observe an ALPHV/BlackCat ransomware affiliate exploiting three vulnerabilities (CVE-2021-27876, CVE-2021-27877 and CVE-2021-27878) impacting the Veritas Backup product for initial access to the target network.	Malware	Multiple Industries	Cyber Crime	>1		Mandiant, ALPHV, BlackCat, UNC4466, ransomware, CVE-2021-27876, CVE-2021-27877 and CVE-2021-27878, Veritas Backup
12	03/04/2023	Between 23/01/2023 and 31/01/2023	31/01/2023	?	Genova Burns	Genova Burns, a mid-sized law firm representing Uber notifies an unknown number of its drivers that sensitive data was exposed and stolen due to a cyber-attack.	Unknown	Professional, scientific and technical	Cyber Crime	US		Genova Burns, Uber
13	03/04/2023	During the Spring break	During the Spring break	?	Jefferson County School System	The Jefferson County School System discloses it was the victim of a ransomware computer attack during Spring Break.	Malware	Education	Cyber Crime	US		Jefferson County School System, ransomware
14	03/04/2023	-	-	Black Basta	Corporate Technologies,	The Black Basta ransomware gang claims to have breached Corporate Technologies, a US-based IT consultancy and cybersecurity firm.	Malware	Professional, scientific and technical	Cyber Crime	US		Black Basta, ransomware, Corporate Technologies
15	03/04/2023	30/03/2023	30/03/2023	?	Ripple Users	Researchers from BitDefender discover a phishing campaign impersonating crypto solutions provider Ripple.	Account Takeover	Fintech	Cyber Crime	AU DE DK IE JP KR UK US ZA		BitDefender, Ripple
16	03/04/2023	-	-	Stormous	Cameron Memorial Community Hospital	The Stormous Ransomware adds Cameron Memorial Community Hospital to their leak site, despite they do not provide any proof of claims.	Malware	Human health and social work	Cyber Crime	US		Stormous, ransomware, Cameron Memorial Community Hospital
17	03/04/2023	-	-	ALPHV AKA BlackCat AKA UNC4466	Mutual de Seguros de Chile	Mutual de Seguros de Chile is added to the BlackCat ransomware leak site.	Malware	Finance and insurance	Cyber Crime	CL		ALPHV, BlackCat, UNC4466, Mutual de Seguros de Chile, ransomware
18	03/04/2023	During the previous week	During the previous week	?	Palmeiras Club of Brazil	The Palmeiras Club of Brazil is the target of a cyberattack.	Unknown	Arts entertainment, recreation	Cyber Crime	BR		Palmeiras Club of Brazil
19	03/04/2023	01/04/2023	01/04/2023	?	Isaac Regional Council	The Isaac Regional Council, a local government body in the central Queensland area of Australia, discloses that a ransomware attack targeted its internal systems and resulted in reduced customer service capabilities.	Malware	Public admin and defence, social security	Cyber Crime	AU		Isaac Regional Council, ransomware
20	03/04/2023	02/04/2023	02/04/2023	?	Allbridge	A hacker returned assets worth $465,000 stolen from Allbridge, taking up the multichain token bridge's offer of a white hat bounty and no legal proceedings. The compensation plan came into place after the hacker drained $573,000 by manipulating Allbridge's swap price function.	Vulnerability	Fintech	Cyber Crime	N/A		Allbridge
21	03/04/2023	-	-	?	Ethereum	One of the major Ethereum MEV bots is targeted in an attack, apparently by one of the blockchain's validators, resulting in the loss of almost $20 million.	Mev bot attack	Fintech	Cyber Crime	N/A		Ethereum, MEV bot
22	04/04/2023	04/04/2023	04/04/2023	Noname 057(16)	Finnish Parliament	The pro-Russia hacker group Noname 057(16) announces to be behind a series of DDoS attacks on the Finnish parliament's website as Finland prepares to join the Nato military alliance at a ceremony in Brussels.	DDoS	Public admin and defence, social security	Hacktivism	FI		Noname 057(16), Finnish Parliament, NATO
23	04/04/2023	04/04/2023	04/04/2023	Noname 057(16)	Personal website of outgoing Finnish PM Sanna Marin	The Noname 057(16) group is also believed to be behind a similar attack on at least one other official website as well as the personal website of outgoing Finnish PM Sanna Marin (SDP).	DDoS	Public admin and defence, social security	Hacktivism	FI		Noname 057(16), Sanna Marin
24	04/04/2023	Since at least 17/03/2023	17/03/2023	?	Taxpayers in the U.S.	eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware.	Malicious Script Injection	Individual	Cyber Crime	US		eFile.com, IRS, JavaScript
25	04/04/2023	'Recently'	'Recently'	Rorschach	Undisclosed U.S.-based company	Researchers from Check Point discover a new ransomware strain dubbed Rorschach with the fastest encryptor seen so far.	Malware	Unknown	Cyber Crime	US		Check Point, Rorschach, ransomware
26	04/04/2023	31/01/2023	31/01/2023	lernaean_hydra0	Multiple organizations	Researchers from Cisco Talos discover a new version of the Typhon Reborn malware dubbed Typhon Reborn V2 characterized by improvements designed to thwart analysis via anti-virtualization mechanisms.	Malware	Multiple Industries	Cyber Crime	>1		Cisco Talos, Typhon Reborn, Typhon Reborn V2
27	04/04/2023	-	-	Rilide	Individuals	Researchers from Trustwave discover a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and Microsoft Edge in disguise of a fake Google Drive extension advertised via Google Ad.	Malware	Individual	Cyber Crime	>1		Trustwave, Rilide, Google Chrome, Brave, Opera, Microsoft Edge, Google Drive, Google Ad
28	04/04/2023	Since at least 04/04/2023	04/04/2023	Qbot AKA Qakbot, Pinkslipbot	Multiple organizations	Security researchers reveal that the QBot malware is now distributed in phishing campaigns utilizing PDFs and Windows Script Files (WSF) to infect Windows devices.	Malware	Multiple Industries	Cyber Crime	>1		QBot, Qakbot, PDF, Windows Script Files, WSF
29	04/04/2023	From September 2022 until at least February 2023	During February 2023	Mantis (AKA Arid Viper, Desert Falcon, APT-C-23)	Organizations within the Palestinian territories	Researchers from Symantec/Broadcom discover a new campaign by the Palestinian cyber espionage group Mantis, targeting organizations within the Palestinian territories with updated versions of their custom Arid Gopher and Micropsia backdoors.	Targeted Attack	Multiple Industries	Cyber Espionage	PS		Mantis, Arid Viper, Desert Falcon, APT-C-23, Symantec, Broadcom, Arid Gopher, Micropsia
30	04/04/2023	-	-	?	Multiple organizations	Researchers from Sysdig uncover a new form of attack, called “proxyjacking,” in which hackers leverage the Log4j vulnerability to gain initial access to a system or device before selling off its IP information to proxyware services.	Log4j Vulnerability	Multiple Industries	Cyber Crime	>1		Sysdig, proxyjacking, Log4j
31	04/04/2023	-	-	LockBit 3.0	KNVB (Governing Body for Soccer in the Netherlands)	KNVB, the governing body for soccer in the Netherlands, discloses that hackers were able to steal the personal information of its employees during a cyberattack. The LockBit ransomware gangs claims responsibility for the attack.	Unknown	Arts entertainment, recreation	Cyber Crime	NL		KNVB, LockBit, ransomware
32	04/04/2023	04/04/2023	04/04/2023	Anonymous Sudan	Check Point	The web site of Check Point, one of Israel's largest cybersecurity companies, is taken down by Anonymous Sudan.	DDoS	Professional, scientific and technical	Hacktivism	IL		Check Point, Anonymous Sudan
33	04/04/2023	04/04/2023	04/04/2023	Anonymous Sudan	Websites of multiple major universities in Israel	The websites of multiple major universities in Israel, including Tel Aviv University, the Hebrew University of Jerusalem, Ben-Gurion University of the Negev, Haifa University, Weizmann Institute of Science, Open University of Israel and Reichman University, are taken down by Anonymous Sudan.	DDoS	Education	Hacktivism	IL		Tel Aviv University, Hebrew University of Jerusalem, Ben-Gurion University of the Negev, Haifa University, Weizmann Institute of Science, Open University of Israel, Reichman University
34	04/04/2023	Between March and April 2023	Between March and April 2023	?	Multiple organizations	Researchers from Checkmarx reveal that a threat actor launched multiple campaigns exploiting the npm registry to deliver malware and crypto scams.	>1	Multiple Industries	Cyber Crime	>1		Checkmarx, npm
35	04/04/2023	04/04/2023	04/04/2023	TurkHackTeam	Banks and Government Agencies in Denmark	In name of OpDenmark, a group of Turkish hacktivists dubbed TurkHackTeam defaces several Banks and Government agencies in Denmark.	Defacement	Multiple Industries	Hacktivism	DK		OpDenmark, TurkHackTeam
36	04/04/2023	-	During November 2022	?	TAFE South Australia (TAFE SA)	The personal information of more than 2,000 TAFE SA students is stolen in a serious data breach, when the South Australia police finds a USB drive containing students' data.	Unknown	Education	Cyber Crime	AU		TAFE South Australia, TAFE SA
37	04/04/2023	Since March 2023	During March 2023	Threat actors from Romania	Multiple organizations	Researchers from Tehtris discover a cryptojacking campaign targeting Linux machines, dubbed Color1337, and involving the use of a bot called uhQCCSpB that installs and launches a Monero miner on the infected machine.	Malware	Multiple Industries	Cyber Crime	>1		Tehtris, Linux, Color1337, uhQCCSB, Monero
38	04/04/2023	Between 19/01/2023 and 22/03/2023	During January 2023	UAC-0145	Undisclosed Ukrainian Utility Company	The Computer Emergency Response Team of Ukraine (CERT-UA) reveals that an Ukrainian utility company was breached with the DarkCrystal after installing a pirated version of Microsoft Office downloaded from a torrent website.	Malware	Water supply, waste mgmt, remediation	Cyber Espionage	UA		Ukraine Computer Emergency Response Team, CERT-UA, DarkCrystal, UAC-0145
39	04/04/2023	-	-	D0nut Leaks	UnitedLex	UnitedLex, a legal consulting firm, is hit by the D0nut ransomware gang.	Malware	Administration and support service	Cyber Crime	US		UnitedLex, ransomware, D9nut Leaks
40	04/04/2023	End of March 2023	End of March 2023	Royal	More than 1,000 organizations worldwide	Researchers from Red Sense reveal that the Royal ransomware group appears to have targeted more than 1,000 organizations with a social engineering attack designed to trick victims into trusting the attackers, and installing ransomware.	Malware	Multiple Industries	Cyber Crime	>1		Red Sense, Royal, ransomware
41	04/04/2023	-	-	LockBit 3.0	Errebielle	The LockBit 3.0 ransomware gang claims to have breached Errebielle, an Italian company specialized in the production of doors and furniture accessories, and dumps 34 gb of data.	Malware	Manufacturing	Cyber Crime	IT		LockBit, LockBit 3.0, Errebielle
42	05/04/2023	Since at least 03/04/2023	03/04/2023	?	YouTube users	YouTube warns users of a new phishing scam that has been using authentic email addresses to lure users into giving away their login credentials.	Account Takeover	Individual	Cyber Crime	>1		YouTube
43	05/04/2023	During Late 2022	During Late 2022	ARCHIPELAGO	Government and military personnel, think thanks, policy makers, academics, and researchers in South Korea, and the U.S.	Researchers from Google warn of the North Korea-linked ARCHIPELAGO (subset of the APT43 group) targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea, the US and elsewhere.	Targeted Attack	Individual	Cyber Espionage	KR US		Google, ARCHIPELAGO, APT43
44	05/04/2023	Recently'	Recently'	?	Crypto users in Portugal	Researchers from Palo Alto Networks reveal that crypto users in Portugal are being targeted by a new malware codenamed CryptoClippy that's capable of stealing cryptocurrency as part of a SEO poisoning malvertising campaign in theme with searches for 'WhatsApp Web'.	Malware	Fintech	Cyber Crime	PT		Palo Alto Networks, CryptoClippy, SEO poisoning, malvertising, WhatsApp Web
45	05/04/2023	05/04/2023	05/04/2023	?	Israel Postal Company	The Israel Postal Company detects a cyber attack from a "hostile party" targeting their computer servers, and shuts down part of its computer systems in response to the attack.	Unknown	Public admin and defence, social security	Hacktivism	IL		Israel Postal Company
46	05/04/2023	09/07/2022	09/07/2022	Rektengle	Rogers Communications	Attackers post an ad on a mostly Russian-speaking hacker forum, putting on sale a database allegedly belonging to Rogers Communications, a Canadian company providing wireless, cable, and internet services.	Unknown	Information and communication	Cyber Crime	CA		Rogers Communications
47	05/04/2023	Between 26/10/2022 and 29/10/2022	'Recently'	?	Prescott College	Prescott College files a notice of data breach after the school learned that an unauthorized party had gained access to and removed certain files that were stored on its computer system.	Unknown	Education	Cyber Crime	US		Prescott College
48	05/04/2023	Earlier in 2022	'Recently'	?	Woodward Communications	Woodward Communications files a notice of data breach after experiencing a cybersecurity event that compromised the security of consumer data in the company’s possession.	Unknown	Information and communication	Cyber Crime	US		Woodward Communications
49	05/04/2023	Between 28/02/2023 and 01/03/2023	01/03/2023	?	Chippewa County	The Chippewa County Human Resources Division notifies that the laptop computer of an employee was compromised and 25-35MB of data was stolen from the device, including information protected under HIPAA.	Unknown	Public admin and defence, social security	Cyber Crime	US		Chippewa County Human Resources Division
50	05/04/2023	-	-	LockBit 3.0	Olympia CUSD (Olympia Community Unified School District 16)	The LockBit 3.0 ransomware gang claims to have hit the Olympia CUSD (Olympia Community Unified School District 16) in Illinois, and post 4 files with personal information as proof.	Malware	Education	Cyber Crime	US		LockBit, LockBit 3.0, Olympia CUSD, Olympia Community Unified School District 16, ransomware
51	05/04/2023	24/03/2023	24/03/2023	BlackCat	Noteboom	The BlackCat ransomware gang claims to have breached Noteboom, a law firm.	Malware	Professional, scientific and technical	Cyber Crime	US		BlackCat, ransomware, Noteboom
52	06/04/2023	27/03/2023	27/03/2023	Medusa	Open University of Cyprus (OUC)	The Medusa ransomware gang claims responsibility for a cyberattack on the Open University of Cyprus (OUC), which caused severe disruptions of the organization's operations.	Malware	Education	Cyber Crime	CY		Medusa, ransomware, Open University of Cyprus, OUC
53	06/04/2023	Since 17/01/2023	17/01/2023	?	UK's Criminal Records Office (ACRO)	The UK's Criminal Records Office (ACRO) confirms that online portal issues experienced resulted from what it described as a "cyber security incident."	Unknown	Public admin and defence, social security	Cyber Crime	UK		UK's Criminal Records Office, ACRO
54	06/04/2023	-	-	?	Taxpayers in the U.S.	Researchers from Avanan discover a series of campaign exploiting Quickbooks to harvest credentials.	Account Takeover	Individual	Cyber Crime	US		Quickbooks, Avanan
55	06/04/2023	-	-	Muòtiple threat actors	Multiple organizations	Adobe sends out password reset emails to users informing them that the company has changed the password associated with their Adobe ID, which may have been compromised in data breaches from other online sources. services.	Unknown	Multiple Industries	Cyber Crime	>1		Adobe
56	06/04/2023	Between 12/10/2023 and 28/10/2023	-	?	Killer Instinct	Killer Instinct, a company that trades high-tech modern adaptations of the archaic long-range weapon, discloses a data breach affecting over 800 users.	Account Takeover	Manufacturing	Cyber Crime	US		Killer Instinct
57	06/04/2023	-	-	Cyber Resistance Group	Putin supporter Mikhail Luchin	Hacktivists from the Pro-Ukraine Cyber Resistance Group break into the account of Putin supporter Mikhail Luchin, and spend $25,000, the funds he had planned to use purchase Chinese drones on tens of thousands of dollars worth of dildos and strap-ons.	Account Takeover	Individual	Hacktivism	RU		Cyber Resistance Group, Putin, Mikhail Luchin, Ukraine, Russia
58	06/04/2023	Mid-February 2023	Mid-February 2023	?	University of Hawaii Maui College (UH Hawaii College)	University of Hawaii Maui College (UH Hawaii College) posted notice of a data breach on its website following a February cyberattack.	Unknown	Education	Cyber Crime	US		University of Hawaii Maui College, UH Hawaii College
59	06/04/2023	Between early November 2022 and Late February 2023	Late February 2023	?	Thermea Spa	Customers who purchased gift certificates from Thermea spa between early November and late February are told in an email that their credit card information may have been compromised, alongside their full names, phone numbers and email and street addresses.	Unknown	Arts entertainment, recreation	Cyber Crime	CA		Thermea spa
60	06/04/2023	04/04/2023	04/04/2023	?	Sentiment	Lending protocol Sentiment manages to recover the stolen funds from a recent hack by offering the hacker a bounty worth $95,000.	Vulnerability	Fintech	Cyber Crime	US		Sentiment
61	06/04/2023	-	-	LockBit 3.0	OMS Components	The LockBit 3.0 ransomware gang claims to have breached OMS Components, an Italian company manufacturing office chairs components.	Malware	Manufacturing	Cyber Crime	IT		LockBit, LockBit 3.0, ransomware, OMS Components
62	06/04/2023	-	-	ALPHV AKA BlackCat AKA UNC4466	Electronic System	The BlackCat ransomware gang claims to have breached Electronic System, an Italian manufacturer of components for automations systems,	Malware	Manufacturing	Cyber Crime	IT		ALPHV, BlackCat, UNC4466, ransomware, Electronic System
63	06/04/2023	04/04/2023	04/04/2023	Akira	BridgeValley Community and Technical College	BridgeValley Community and Technical College suffers an Akira ransomware attck.	Malware	Education	Cyber Crime	US		BridgeValley Community and Technical College, Akira, ransomware
64	07/04/2023	-	-	For-profit companies	Individuals in the U.S.	The FBI warns that for-profit companies reportedly linked to sextortion activity are targeting victims using various deceptive tactics to pressure them into paying for "assistance" services.	Sextortion Scam	Individual	Cyber Crime	US		FBI, sextortion
65	07/04/2023	Since 2017	-	Balada Injector	More than one million WordPress websites	Researchers from Sucuri estimate that one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered theme and plugin vulnerabilities" to inject a Linux backdoor via Balada Injector.	Multiple vulnerabilities	Multiple Industries	Cyber Crime	>1		Sucuri, WordPress, Linux backdoor, Balada Injector
66	07/04/2023	-	-	Multiple threat actors	Multiple organization(s) in the U.S.	Apple releases emergency security updates to address two new zero-day vulnerabilities (CVE-2023-28205 and CVE-2023-28206) exploited in attacks to compromise iPhones, Macs, and iPads.	CVE-2023-28205 and CVE-2023-28206 vulnerabilities	Unknown	N/A	US		Apple, CVE-2023-28205, CVE-2023-28206, iPhones, Macs, iPads
67	07/04/2023	-	-	Multiple threat actors	Multiple organization(s) in the U.S.	CISA adds CVE-2019-1388, a Microsoft Windows Certificate Dialog vulnerability to its list of exploited vulnerabilities.	CVE-2019-1388 vulnerability	Unknown	N/A	US		CISA, CVE-2019-1388, Microsoft Windows Certificate Dialog
68	07/04/2023	-	During Mach 2023	?	Multiple organization(s) in the U.S.	CISA adds CVE-2023-26083, an information disclosure flaw in Arm Mali GPU Kernel Driver, exploited by a spyware vendor, to its list of exploited vulnerabilities.	CVE-2023-26083 vulnerability	Multiple Industries	Cyber Espionage	US		CISA adds CVE-2023-26083, Arm Mali GPU Kernel Driver, spyware
69	07/04/2023	13/03/2023	06/04/2023	?	Police Department in Camden County	The police department in Camden County, New Jersey confirmed that it was hit with a ransomware attack and is still investigating the incident.	Malware	Public admin and defence, social security	Cyber Crime	US		Police Department in Camden County, ransomware
70	07/04/2023	Late during the same week	Late during the same week	?	Rochester Public Schools	The Rochester Public Schools announces that it is canceling classes for all 42 schools it operates after it was hit by a suspected cyberattack.	Unknown	Education	Cyber Crime	US		Rochester Public Schools
71	07/04/2023	30/03/2023	30/03/2023	?	Sarah D. Culbertson Memorial Hospital	Sarah D. Culbertson Memorial Hospital informs the public that staff had discovered a “network disruption” on March 30.	Unknown	Human health and social work	Cyber Crime	US		Sarah D. Culbertson Memorial Hospital
72	07/04/2023	06/04/2023	06/04/2023	?	Evotec	German drug development giant Evotec discloses it suffered a cyberattack that forced it to take all of its IT systems offline.	Unknown	Professional, scientific and technical	Cyber Crime	DE		Evotec
73	07/04/2023	-	-	MuddyWater (AKA MERCURY, Mango Sandstorm, Seedworm, and Static Kitten) and DEV-1084 (AKA Storm-1084)	Multiple organizations	Researchers from Microsoft reveal that Iranian advanced persistent threat (APT) actors MuddyWater and DEV-1084 have been observed launching destructive cyberattacks disguised as ransomware against on-prem and cloud infrastructures.	Multiple vulnerabilities	Multiple Industries	Cyber Crime	>1		MuddyWater, MERCURY, Mango Sandstorm, Seedworm, Static Kitten, DEV-1084, Storm-1084, Azure
74	07/04/2023	07/04/2023	07/04/2023	?	Municipality of Herselt	The municipality of Herselt in Belgium has been hit by a cyberattack	Unknown	Public admin and defence, social security	Cyber Crime	BE		Municipality of Herselt
75	07/04/2023	'Recently'	12/12/2022	?	HawaiiUSA Federal Credit Union (HawaiiUSA)	HawaiiUSA Federal Credit Union (HawaiiUSA) files a notice of data breach after a phishing incident leaks the personal information of more than 20,000 bank customers.	Account Takeover	Finance and insurance	Cyber Crime	US		HawaiiUSA Federal Credit Union, HawaiiUSA
76	07/04/2023	Between 05/12/2022 and 11/12/2022	10/12/2022	?	Minnesota and Wisconsin locations of 90 Degree Benefits	Minnesota and Wisconsin locations of 90 Degree Benefits files a notice of data breach after the company confirmed that certain files containing confidential consumer data were accessed by an unauthorized party following a cyberattack.	Unknown	Finance and insurance	Cyber Crime	US		Minnesota and Wisconsin locations of 90 Degree Benefits
77	07/04/2023	Between 07/02/2023 and 25/02/2023	25/02/2023	?	Baldor Specialty Foods	Baldor Specialty Foods files a notice of data breach after a malicious actor carried out a cyberattack against the company resulting in confidential consumer information being compromised.	Unknown	Wholesale and retail	Cyber Crime	US		Baldor Specialty Foods
78	07/04/2023	Between 24/01/2023 and 08/02/2023	08/02/2023	?	La Clinica de La Raza	La Clinica de La Raza files a notice of data breach after learning that certain employee email accounts containing confidential patient information were accessed by an unauthorized party over the course of a two-week period.	Account Takeover	Human health and social work	Cyber Crime	US		La Clinica de La Raza
79	07/04/2023	13/01/2023	13/01/2023	?	Charter Foods	Charter Foods files a notice of data breach following a “criminal cyberattack” that compromised highly sensitive consumer information in the company’s possession	Unknown	Accommodation and food service	Cyber Crime	US		Charter Foods
80	07/04/2023	Since November 2022	Since November 2022	?	Healthcare organizations in the U.S.	The U.S. Department of Health and Human Services (HHS) warns the healthcare sector of an ongoing DNS NXDOMAIN flood DDoS campaign.	DDoS	Human health and social work	Cyber Crime	US		U.S. Department of Health and Human Services, HHS, DNS, NXDOMAIN
81	07/04/2023	07/03/2023	-	Abyss	7×7 Dental Implant & Oral Surgery Specialists	A leak site called “Abyss” adds 7×7 Dental Implant & Oral Surgery Specialists of San Francisco (7×7) to their site and claims to have leaked 114 GB of the dental practice’s files.	Malware	Human health and social work	Cyber Crime	US		Abyss, 7×7 Dental Implant & Oral Surgery Specialists, ransomware
82	07/04/2023	Between February 2022 and August 2022.	06/04/2023	?	Aspire Public Schools	Aspire Public Schools submits notifications, according to which, it learned that an unauthorized party gained access to one Aspire email account at various times between February 2022 and August 2022.	Account Takeover	Education	Cyber Crime	US		Aspire Public Schools
83	08/04/2023	During 2023	During 2023	?	Kodi	The Kodi Foundation discloses a data breach after hackers stole the organization's MyBB forum database containing user data and private messages and attempted to sell it online.	Account Takeover	Arts entertainment, recreation	Cyber Crime	N/A		Kodi, Kodi Foundation
84	08/04/2023	28/03/2023	08/04/2023	Money Message	BrightSpring Health	BrightSpring Health is listed among the victims of the Money Message ransomware in their leak site.	Malware	Human health and social work	Cyber Crime	US		BrightSpring Health, Money Message, ransomware
85	08/04/2023	28/03/2023	08/04/2023	Money Message	PharMerica Corporation	PharMerica Corporation is listed among the victims of the Money Message ransomware in their leak site.	Malware	Wholesale and retail	Cyber Crime	US		PharMerica Corporation, Money Message, ransomware
86	08/04/2023	15/02/2023	-	Zarya	Canadian gas pipeline	Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline	Unknown	Electricity, gas steam, air conditioning	Cyber Warfare	CA		Russia, Zarya
87	09/04/2023	Since November 2022	Since November 2022	FusionCore	Multiple organizations	Researchers from Cyfirma discover a new cybercrime group, dubbed FusionCore, specialized in offering Malware-as-a-Service (MaaS) and other hacking services.	Malware	Multiple Industries	Cyber Crime	>1		Cyfirma, FusionCore
88	09/04/2023	09/04/2023	09/04/2023	?	Automated irrigation systems in the Jordan Valley	In name of OpIsrael, automated irrigation systems in the Jordan Valley in Israel are briefly disrupted.	DDoS	Water supply, waste mgmt, remediation	Hacktivism	IL		OpIsrael, Jordan Valley
89	09/04/2023	09/04/2023	09/04/2023	?	Galil Sewage Corporation	In name of OpIsrael, automated irrigation systems of Galil Sewage Corporation are briefly disrupted.	DDoS	Water supply, waste mgmt, remediation	Hacktivism	IL		OpIsrael, Galil Sewage Corporation
90	09/04/2023	09/04/2023	09/04/2023	?	SushiSwap	A bug on a smart contract on the decentralized finance (DeFi) protocol SushiSwap leads to over $3M in losses.	Vulnerability	Fintech	Cyber Crime	N/A		SushiSwap
91	09/04/2023	09/04/2023	09/04/2023	?	GDAC	South Korean cryptocurrency exchange GDAC is the target of attackers, with the platform losing nearly $13M during the attack.	Vulnerability	Fintech	Cyber Crime	KR		GDAC
92	09/04/2023	End of March 2023	End of March 2023	?	Neue Zürcher Zeitung (NZZ)	The Neue Zürcher Zeitung (NZZ) shuts down the newspaper production system after a ransomware attack.	Malware	Information and communication	Cyber Crime	CH		Neue Zürcher Zeitung, NZZ, ransomware
93	09/04/2023	Early April 2023	Early April 2023	?	San Bernardino County Sheriff’s Department	Southern California’s San Bernardino County Sheriff’s Department says it experienced a “network disruption” to its electronic systems and has referred the problem to the FBI and Department of Homeland Security.	Unknown	Public admin and defence, social security	Cyber Crime	US		San Bernardino County Sheriff’s Department
94	09/04/2023	-	-	BlackByte	Cementos Bio-Bio	Cementos Bio-Bio, a Chilean cement company, is added to the BlackByte ransomware leaks site.	Malware	Professional, scientific and technical	Cyber Crime	CL		Cementos Bio-Bio, BlackByte, ransomware
95	10/04/2023	-	-	Cyber Resistance	Russian GRU officer Lieutenant Colonel Sergey Alexandrovich Morgachev	Ukrainian hacktivist group Cyber Resistance claims to have hacked the email, social media, and personal accounts of Russian GRU officer Lieutenant Colonel Sergey Alexandrovich Morgachev, the alleged leader of the APT28 threat group (AKA Pawn Storm and Fancy Bear).	Unknown	Public admin and defence, social security	Hacktivism	RU		Cyber Resistance, GRU, Lieutenant Colonel Sergey Alexandrovich Morgachev, APT28, Pawn Storm, Fancy Bear
96	10/04/2023	10/04/2023	10/04/2023	?	SD Worx	Belgian HR and payroll giant SD Worx suffers a cyberattack causing them to shut down all IT systems for its UK and Ireland services.	Unknown	Administration and support service	Cyber Crime	UK IE		SD Worx
97	10/04/2023	-	-	?	Chinese nationals based in the U.S.	The FBI warns that cyber criminals posing as members of China’s government are targeting Chinese nationals based in the United States.	Scam	Individual	Cyber Crime	US		FBI, China
98	10/04/2023	During March 2023	During March 2023	?	Organizations in the financial sector in the U.S.	Researchers from eSentire discover a new campaign deploying the malware loader known as GuLoader, targeting the US financial sector using phishing emails with a tax-themed lure.	Malware	Finance and insurance	Cyber Crime	US		eSentire, GuLoader
99	10/04/2023	22/08/2022	22/08/2022	?	Elmbrook School District	A breach exposes the names and Social Security numbers of current and former Elmbrook School District employees.	Unknown	Education	Cyber Crime	US		Elmbrook School District
100	10/04/2023	Between 27/11/2022 and 22/01/2023	26/01/2023	?	Guardian Analytics	Webster Bank files a notice of data breach after learning of a third-party data breach at Guardian Analytics, one of Webster Bank’s vendors.	Unknown	Professional, scientific and technical	Cyber Crime	US		Webster Bank, Guardian Analytics
101	10/04/2023	Between 12/12/2022 and 27/12/2022	27/12/2022	?	Harrington Raceway and Casino	Harrington Raceway and Casino files a notice of data breach with the Maine Attorney General after learning that hackers were able to access confidential consumer information located on the company’s servers for a period of two weeks.	Unknown	Arts entertainment, recreation	Cyber Crime	US		Harrington Raceway and Casino
102	10/04/2023	01/02/2023	01/02/2023	?	Retina & Vitreous of Texas	Retina & Vitreous of Texas files a notice of data breach after learning that confidential patient information that had been entrusted to the company was accessible to unauthorized parties following a cybersecurity incident.	Unknown	Human health and social work	Cyber Crime	US		Retina & Vitreous of Texas
103	10/04/2023	Between 28/06/2022 and 29/06/2022	29/06/2022	?	Stroud Area Regional Police Department (SARPD)	Stroud Area Regional Police Department (SARPD) announces that it has taken action after learning of a data security incident which may have impacted certain individuals' personal information.	Unknown	Public admin and defence, social security	Cyber Crime	US		Stroud Area Regional Police Department, SARPD
104	10/04/2023	-	-	LockBit 3.0	Euromotors	The Peruvian company Euromotors, a car dealership network, is added to the LockBit ransomware leak site.	Malware	Wholesale and retail	Cyber Crime	PE		Euromotors, LockBit, LockBit 3.0, ransomware
105	10/04/2023	-	01/02/2023	?	WellBe Senior Medical	WellBe Senior Medical joins the list of the victims of the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Human health and social work	Cyber Crime	US		WellBe Senior Medical, CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
106	11/04/2023	-	-	Russian threat actors	Ukraine Coffee Shops	The National Security Agency reveals that Russian threat actors have logged into private security cameras in Ukraine coffee shops to collect intelligence on aid convoys.	Unknown	Arts entertainment, recreation	Cyber Warfare	UA		National Security Agency, Russia, Ukraine
107	11/04/2023	Between January 2021 and November 202	-	?	At least five civil society victims in North America, Central Asia, Southeast Asia, Europe, and the Middle East	Microsoft and Citizen Lab discover a commercial spyware made by an Israel-based company QuaDream used to compromise the iPhones of high-risk individuals using a zero-click exploit named ENDOFDAYS.	Targeted Attack	Individual	Cyber Espionage	>1		Microsoft, Citizen Lab, QuaDream, iPhone, ENDOFDAYS
108	11/04/2023	Since June 2022	During February 2022	Nokoyawa	Multiple organizations	Microsoft patches CVE-2023-28252, a zero-day vulnerability in the Windows Common Log File System (CLFS), actively exploited by cybercriminals to escalate privileges and deploy the Nokoyawa ransomware payloads.	Malware	Multiple Industries	Cyber Crime	>1		Microsoft, CVE-2023-28252, Windows Common Log File System, CLFS, Nokoyawa, ransomware
109	11/04/2023	Since November 2022	Since November 2022	?	Users speaking Japanese, Korean, and Spanish.	Researchers from NTT discover a campaign where attackers are compromising websites to inject scripts that display fake Google Chrome automatic update errors that distribute malware to unaware visitors.	Malicious Script Injection	Individual	Cyber Crime	JP KR ES		NTT, Google Chrome
110	11/04/2023	-	-	?	Hyundai Italy and France	Hyundai discloses a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data.	Unknown	Manufacturing	Cyber Crime	FR IT		Hyundai
111	11/04/2023	11/04/2023	11/04/2023	?	Cornwall Community Hospital	Cornwall Community Hospital, a healthcare facility serving the residents of Cornwall and several other counties in Canada, says it discovered a “network issue” that was later revealed to be a cyberattack.	Malware	Human health and social work	Cyber Crime	CA		Cornwall Community Hospital
112	11/04/2023	During March 2023	During March 2023	idklmao	Multiple organizations	Researchers from Sonatype discover microsoft-helper, a malicious PyPI package, copycat of the popular W4SP stealer.	Malware	Multiple Industries	Cyber Crime	>1		Sonatype, microsoft-helper, PyPI, W4SP stealer
113	11/04/2023	During March 2023	During March 2023	SylexSquad	Multiple organizations in Spain	Researchers from Sonatype discover reverse-shell, a PyPI package malware-as-a-service for the Spanish market.	Malware	Multiple Industries	Cyber Crime	ES		Sonatype, reverse-shell, PyPI, SylexSquad
114	11/04/2023	During January 2023	During January 2023	?	Multiple organizations	Researchers from Veriti discover a campaign where attackers are posting what appear to be legitimate sponsored ads on hijacked Facebook business and community pages, which promise free downloads of AI chatbots such as ChatGPT and Google Bard and instead distribute the well-known, info-stealing malware RedLine Stealer.	Malware	Multiple Industries	Cyber Crime	AR BD ES GR IN LB MX PK TO US		Veriti, Facebook, ChatGPT, Google Bard, RedLine Stealer
115	11/04/2023	-	-	?	Multiple organizations in Ukraine	Researchers from Fortinet discover a new multi-staged attack leveraging a malicious document spoofed to look like the Ukrainian state enterprise Energoatom, responsible for managing four nuclear power plants in Ukraine, and using the Havoc C2 framework to deliver multiple payloads at different stages.	Targeted Attack	Multiple Industries	Cyber Espionage	UA		Fortinet, Ukraine, Energoatom, Havoc C2
116	11/04/2023	-	15/03/2023	?	Harding, Shymanski & Company	Harding, Shymanski & Company files a notice of data breach after learning that an employee’s credentials were used to access customer 2021 tax returns, leading to fraudulent 2022 tax returns being filed on behalf of certain patients.	Account Takeover	Professional, scientific and technical	Cyber Crime	US		Harding, Shymanski & Company
117	11/04/2023	-	-	BlackByte	City of Collegedale	Data from the city of Collegedale is leaked after the city's computer systems were hacked by the BlackByte ransomware gang.	Malware	Public admin and defence, social security	Cyber Crime	US		City of Collegedale, BlackByte, ransomware
118	12/04/2023	-	-	Goldoson	Android users in South Korea	Researchers from McAfee discover a new Android malware named 'Goldoson' infiltrated on Google Play and ONE Store through 60 legitimate apps that collectively have 100 million downloads.	Malware	Individual	Cyber Crime	KR		McAfee, Android, Goldoson, Google Play, ONE Store
119	12/04/2023	-	-	Monti	Multiple organizations	Security researchers warn that cybercriminals from the Monti ransomware group are using the Action1 remote access software for persistence on compromised networks and to execute commands, scripts, and binaries.	Malware	Multiple Industries	Cyber Crime	>1		Monti, ransomware, Action1
120	12/04/2023	During the first week of April 2023	During the first week of April 2023	?	Lürssen	Lürssen, a German manufacturer of military vessels and luxury yachts reportedly suffered a ransomware attack over the Easter holiday.	Malware	Manufacturing	Cyber Crime	DE		Lürssen, ransomware
121	12/04/2023	Since 2019	-	Lazarus Group (AKA Labyrinth Collima, Covellite, UNC4034, Zinc, Nickel Academy)	Multiple organizations in the cryptocurrency space	Researchers from Kaspersky discover a new cluster of activity, dubbed DeathNote, part of the Operation DreamJob or NukeSped, carried out by the North Korean threat actor Lazarus Group.	Targeted Attack	Fintech	Cyber Crime	>1		Kaspersky, DeathNote, Operation DreamJob, NukeSped, Lazarus Group, Labyrinth Collima, Covellite, UNC4034, Zinc, Nickel Academy
122	12/04/2023	12/04/2023	12/04/2023	Anonymous Sudan	Several hospitals and healthcare institutes in Hyderabad	Anonymous Sudan targets several top hospitals and healthcare institutes in Hyderabad.	DDoS	Human health and social work	Hacktivism	IN		Anonymous Sudan, Hyderabad
123	12/04/2023	Mid-April 2023	Mid-April 2023	Vixen Panda	Foreign Ministries in Multiple Countries	Chinese threat actors from Vixen Panda are suspected of allegedly targeting the Foreign Ministries in multiple countries in a new recent campaign.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	>1		Vixen Panda
124	12/04/2023	16/02/2023	16/02/2023	?	Unlimited Care	Unlimited Care files a notice of data breach after learning that a “network disruption” resulted in confidential employee information being compromised.	Unknown	Human health and social work	Cyber Crime	US		Unlimited Care
125	12/04/2023	-	-	Karakurt	Medicalodges	The Karakurt ransomware gang is back and adds Medicalodges to their leak site.	Malware	Human health and social work	Cyber Crime	US		Karakurt, ransomware, Medicalodges
126	12/04/2023	-	-	Karakurt	Petaluma Health Center	The Karakurt ransomware gang also adds Petaluma Health Center to their leak site.	Malware	Human health and social work	Cyber Crime	US		Karakurt, ransomware, Petaluma Health Center
127	12/04/2023	-	-	LockBit 3.0	Comacchio	The LockBit 3.0 ransomware gang claims to have breached Comacchio, an Italian drilling company, and as a proof dumps some data online.	Malware	Professional, scientific and technical	Cyber Crime	IT		LockBit, LockBit 3.0, ransomware, Comacchio
128	12/04/2023	-	13/03/2023	Cl0p AKA Clop	Kannact	Kannact discloses to have suffered a cyber attack, allegedly carried out by the Cl0p ransomware ganga exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Administration and support service	Cyber Crime	US		Cl0p, Clop, Kannact, CVE-2023-0669, Fortra GoAnywhere MFT Vulnerability
129	13/04/2023	Since the beginning of 2022	Since the beginning of 2022	U.S. and Other NATO Countries	Critical Infrastructures in Russia	The Federal Security Service of the Russian Federation (FSB) accuses the United States and other NATO countries of launching over 5,000 cyberattacks against critical infrastructure in the country since the beginning of 2022.	>1	Electricity, gas steam, air conditioning	Cyber Warfare	RU		Federal Security Service of the Russian Federation, FSB, NATO, U.S.
130	13/04/2023	Since 24-26/10/2022	Since 24-26/10/2022	APT29 AKA Cozy Bear and NOBELIUM	NATO and European Union countries	Poland's Military Counterintelligence Service and its Computer Emergency Response Team discover a campaign carried out by the APT29 state-sponsored threat actors, part of the Russian government's Foreign Intelligence Service (SVR), targeting NATO and European Union countries, via three malware samples dubbed SNOWYAMBER, QUARTERRIG and HALFRIG.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	>1		Poland's Military Counterintelligence Service, CERT-PL, APT29, Cozy Bear, NOBELIUM, NATO, SNOWYAMBER, QUARTERRIG, HALFRIG
131	13/04/2023	-	-	Forza Tools	Multiple organizations	Researchers from Cado Security discover a new Python-based credential harvester and SMTP hijacking tool named ‘Legion’, sold on Telegram, and targeting online email services for phishing and spam attacks.	Malware	Multiple Industries	Cyber Crime	>1		Cado Security, Python, Forza Tools, Legion’, Telegram
132	13/04/2023	Between 2019 and 2021	-	Five Individuals	Individuals	Europol and Eurojust announce the arrest of five individuals believed to be part of a massive online investment fraud ring with at least 33,000 victims who lost an estimated €89 million (roughly $98 million).	Investment Scam	Individual	Cyber Crime	>1		Europol, Eurojust
133	13/04/2023	During April 2023	During April 2023	?	Accounting Firms and Tax Preparers in the U.S.	With the end of the U.S. tax annual season reaching, Microsoft warns of a phishing campaign targeting accounting firms and tax preparers with the Remcos remote access malware allowing initial access to corporate networks.	Malware	Professional, scientific and technical	Cyber Crime	US		Microsoft, Remcos
134	13/04/2023	Since Early 2023	'Recently'	Vice Society	Multiple organizations	Researchers from Palo Alto Networks reveal that the Vice Society ransomware gang is deploying a new, rather sophisticated PowerShell script to automate data theft from compromised networks.	Malware	Multiple Industries	Cyber Crime	>1		Palo Alto Networks, Vice Society, Ransomware, PowerShell
135	13/04/2023	Since January 2023	During January 2023	Chamaleon	Android Banking Users in Australia and Poland	Researchers from Cyble discover a new Android trojan called ‘Chameleon’, targeting users in Australia and Poland, mimicking the CoinSpot cryptocurrency exchange, an Australian government agency, and the IKO bank.	Malware	Finance and insurance	Cyber Crime	AU PL		Cyble, Android, Chameleon, CoinSpot, IKO PKO Bank
136	13/04/2023	06/04/2023	06/04/2023	?	Affinity	UK-based photo editing, graphic design and publishing software developer Affinity informs its forum members of a data breach.	Account Takeover	Professional, scientific and technical	Cyber Crime	UK		Affinity
137	13/04/2023	-	-	Read The Manual (RTM) Locker	Multiple organizations	Researchers from Trellix detail the tactics, techniques, and procedures of an emerging cybercriminal gang called ‘Read The Manual (RTM) Locker. The group provides a ransomware-as-a-service (RaaS) and provides its malicious code to a network of affiliates by imposing strict rules.	Malware	Multiple Industries	Cyber Crime	>1		Trellix, Read The Manual (RTM) Locker, ransomware
138	13/04/2023	14/03/2023	14/03/2023	Killnet?	Rheinmetall	German automotive and arms manufacturer Rheinmetall suffers a cyberattack. The Pro-Russia hacktivist group Killnet claims responsibility for the attack after the company's talks of constructing a new tank factory in Ukraine.	DDoS	Manufacturing	Hacktivism	DE		Rheinmetall, Killnet, Russia, Ukraine
139	13/04/2023	Since at least 21/03/2023	21/03/2023	?	Unknown organization(s) in the U.S.	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns CVE-2023-20963, of a high-severity Android vulnerability believed to have been exploited by the Chinese e-commerce app Pinduoduo as a zero-day to spy on its users.	CVE-2023-20963 Vulnerability	Unknown	Cyber Crime	US		U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2023-20963, Android, Pinduoduo
140	13/04/2023	-	-	?	Unknown organization(s) in the U.S.	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2023-29492, a Novi Survey Insecure Deserialization Vulnerability, to the list of its Known Exploited Vulnerabilities catalog.	CVE-2023-29492 Vulnerability	Unknown	N/A	US		The U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2023-29492, Novi Survey
141	13/04/2023	-	-	Multiple threat actors	Unknown organization(s)	Google releases an emergency Chrome security update to address CVE-2023-2033, the first zero-day vulnerability exploited in attacks since the start of the year.	CVE-2023-2033 Vulnerability	Unknown	N/A	N/A		Google, Chrome, CVE-2023-2033
142	13/04/2023	14/03/2023	14/03/2023	?	Bitrue	Singapore-based cryptocurrency trading platform Bitrue says that $23 million was stolen from one of its own digital wallets.	Hot Wallet Vulnerability	Fintech	Cyber Crime	SG		Bitrue
143	13/04/2023	Since at least October 2022	During February 2023	Conti and FIN7	Multiple organizations	Researchers from IBM discover a campaign distributing 'Minodo', a recently identified backdoor revealing a partnership between former members of the Conti ransomware group and the FIN7 financial criminal group.	Malware	Multiple Industries	Cyber Crime	>1		IBM, Minodo', Conti, FIN7
144	13/04/2023	Since at least the end of March 2023	End of March 2023	APT36 AKA Transparent Tribe	Education Sector in India	Researchers from Sentinel One discover a new campaign by the Pakistani threat actor known as APT36 or Transparent Tribe targeting the education sector in India with malicious Office documents distributing Crimson RAT.	Targeted Attack	Education	Cyber Espionage	IN		APT36, Transparent Tribe, Sentinel One, Crimson RAT
145	13/04/2023	Since at least October 2022	During October 2022	?	Zelle End Users	Researchers from Avanan reveal that threat actors successfully impersonate Zelle to swipe money from unsuspecting users.	Account Takeover	Individual	Cyber Crime	>1		Zelle
146	13/04/2023	During April 2023	During early April 2023	Qbot AKA Qakbot, Pinkslipbot	Users in South Korea	Researchers from AhnLab identify a new campaign distributing Qbot via malicious PDF files attached to replies or forwards to existing emails.	Malware	Individual	Cyber Crime	KR		AhnLab, Qbot, Qakbot, Pinkslipbot
147	13/04/2023	13/04/2023	13/04/2023	?	Yearn	Decentralized Finance protcolo Yearn loses over $10M after attackers exploit a misconfiguration.	Misconfiguration	Fintech	Cyber Crime	N/A		Yearn
148	13/04/2023	-	-	?	NationsBenefits Holding	NationsBenefits Holding files a notice of data breach after learning that the company and its customers were affected by the third-party data breach at Fortra.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Finance and insurance	Cyber Crime	US		NationsBenefits Holding, Fortra, CVE-2023-0669 GoAnywhere MFT
149	13/04/2023	-	-	LockBit 3.0	Apro	Apro, a Chilean company that sells personal protection and industrial safety items, is added to LockBit’s leak site.	Malware	Wholesale and retail	Cyber Crime	CL		Apro, ransomware, LockBit, LockBit 3.0
150	13/04/2023	-	-	BlackByte	Mexico’s National Water Commission (Conagua)	Mexico’s National Water Commission (Conagua), which manages, protects, and controls national waters in Mexico, is reportedly attacked by the BlackByte ransomware gang.	Malware	Water supply, waste mgmt, remediation	Cyber Crime	MX		Mexico’s National Water Commission, Conagua, BlackByte, ransomware
151	13/04/2023	24/03/2023	24/03/2023	Play	CH Media	The Play ransomware group threatens to dump personal and confidential data, projects and employee payroll information of Switzerland-based CH Media if its ransom demands are not met.	Malware	Information and communication	Cyber Crime	CH		Play, ransomware, CH Media
152	13/04/2023	-	-	?	Caremar (Campania Regionale Marittima)	Caremar (Compagnia Regionale Marittima) has some data dumped in the XSS underground forum.	Unknown	Transportation and storage	Cyber Crime	IT		Caremar, XSS, Compagnia Regionale Marittima
153	14/04/2023	Since the Summer 2022	Since the Summer 2022	?	Senior individuals	Researchers from Malwarebytes detect a specific malvertising campaign via Google ads aimed at seniors, where the actor creates hundreds of fake websites via the Weebly platform to host decoy content to fool search engines and crawlers while redirecting victims to a fake computer alert.	Scam	Individual	Cyber Crime	>1		Malwarebytes, Google ads, Weebly
154	14/04/2023	-	-	?	Multiple organizations	Researchers from Uptycs identify a new variant of credential stealing malware, dubbed Zaraza (Russian word for infection), using Telegram as its command and control and targeting a large number of web browsers.	Malware	Multiple Industries	Cyber Crime	>1		Uptycs, Zaraza,Telegram
155	14/04/2023	08/02/2023	08/02/2023	?	Kimco Realty Corporation	Kimco Realty Corporation files a notice of data breach after a company Kimco had acquired, Weingarten Realty Investors, experienced a cyberattack resulting in confidential consumer data being exposed to unauthorized access.	Unknown	Real estate	Cyber Crime	US		Kimco Realty, Weingarten Realty Investors
156	14/04/2023	Between 16/06/2022 and 18/07/2022	'Recently'	?	United Steelworkers Local 286	United Steelworkers Local 286 files a notice of data breach after the organization learned that an unauthorized party had gained access to confidential member information through an employee’s compromised email account.	Account Takeover	Other service activities	Cyber Crime	US		United Steelworkers Local 286
157	14/04/2023	From 14/09/2022 to 08/11/2022	09/11/2022	?	Two Rivers Public Health Department	Two Rivers Public Health Department confirms that the protected health information of 15,168 patients was stored in an employee Office 365 account that was accessed by an unauthorized third party.	Account Takeover	Public admin and defence, social security	Cyber Crime	US		Two Rivers Public Health Department
158	14/04/2023	Between August 2021 and February 2023	During February 2021	?	Consensys	The email addresses of thousands of MetaMask users who raised customer support tickets between Aug. 1 and Feb. 10 may have been compromised in a third-party cybersecurity incident suffered by the parent company ConsenSys.	Unknown	Fintech	Cyber Crime	US		Consensys, MetaMask
159	14/04/2023	Between 05/05/2022 and 08/09/2022	31/08/2022	?	Ethan Health	Ethan Health confirms that the protected health information of 4,047 individuals was contained in employee email accounts that were accessed by unauthorized individuals.	Account Takeover	Human health and social work	Cyber Crime	US		Ethan Health
160	14/04/2023	-	-	Electronic Tiger Unit	SCADA water regulatory systems in Israel	A hacktivist group known as "Electronic Tiger Unit" shares a screenshot on their Telegram channel, claiming to have accessed the SCADA water regulatory systems.	Unknown	Water supply, waste mgmt, remediation	Hacktivism	IL		Electronic Tiger Unit, OpIsrael, SCADA
161	15/04/2023	-	13/04/2023	ALPHV AKA BlackCat AKA UNC4466	NCR	NCR suffers an outage on its Aloha point of sale platform after being hit by an ransomware attack claimed by the BlackCat/ALPHV gang.	Malware	Professional, scientific and technical	Cyber Crime	US		ALPHV, BlackCat, UNC4466, NCR, ransomware
162	15/04/2023	-	27/03/2023	Vice Society	CommScope	Network infrastructure provider CommScope confirms that it suffered a ransomware attack and is investigating claims of stolen information leaked on the dark web by the Vice Society ransomware gang.	Malware	Manufacturing	Cyber Crime	US		CommScope, Vice Society, ransomware
163	15/04/2023	15/04/2023	15/04/2023	?	Hundred Finance	Multi-chain lending protocol Hundred Finance suffers a security breach, which results in the theft of approximately $7M worth of assets.	Vulnerability	Fintech	Cyber Crime	N/A		Hundred Finance
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Creating the timelines is a very time-consuming task.

Any little helps!

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

1-15 August 2023 Cyber Attacks Timeline
In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
August 2016 Cyber Attacks Statistics
It's time to publish the statistics derived from the cyber attacks timelines of August (Part I and Part II), a month particularly active from an Information Security perspective, despite the Summer time. As always, let’s start from the Daily Trend Chart, which shows obviously an ...
July 2023 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...
Leaky Buckets in 2023
Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...