Attack Distribution April H1 2023

No Data Found

Attack Techniques March H2 2023

No Data Found

In the first half of April 2023 I collected 157 events (corresponding to 10.47 events/day). Despite the number is decreasing compared to the second timeline of March (a side effect of the exploitation at scale of the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability), the values remain quite high.

As an obvious consequence, the percentage of events caused by ransomware attacks went down to 27.38% (43 out of 157 events) vs. 30.1% (54 out of 179 events) of the  previous timeline.

And as an additional obvious consequence, the impact of vulnerabilities played a part in 18 out of 157 events corresponding to 11.46%, half the value of the previous timeline, 23.7% corresponding to 42 out of 177 events, and close to the first timeline of March.

Multi-million losses continued to plague the fintech sector, it is impossible to summarize all the entities that suffered losses in this fortnight (browse the timeline for the details), but the good news is that in some cases the attackers returned the stolen funds in exchange of a reward.

In terms of  mega breaches there is just one remarkable event, and is the compromise of the details of 55 million Thai citizens, after the breach of an unnamed government agency by a threat actor calling themselves 9Near.

The Cyber Espionage front was always hot, with multiple campaigns unearthed also in the first half of April, and carried out by known threat actors such as the usual APT29, APT36, APT41, Archipelago (a subset of APT43), Vixen Panda, Mantis, and other unidentified or less known groups such as UAC-0145, which targeted an undisclosed Ukrainian utility company.

And as always, this brief summary is closed by a quick mention to the DDos attacks launched by the pro-Russian hacktivists of NoName057(16) and Killnet that were directed respectively against several government websites in Finland, and Rheinmetall, a German automotive and arms manufacturer. But also Anonymous Sudan launched some DDoS attacks against targets in Israel and India, and finally the

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map April H1 2023

No Data Found


Creating the timelines is a very time-consuming task.

Any little helps!


No Data Found

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.


No Data Found

  • Photo by Towfiqu barbhuiya on UnsplashThe Biggest Data Breaches of 2023

    Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...

  • November 2023 MotivationsNovember 2023 Cyber Attacks Statistics

    November 2023 saw a rise to 39 events, with Cyber Crime remaining dominant at 78.7%. Cyber Espionage increased to 9.7%, while Hacktivism fell to 5.4%. Malware was the leading attack technique at 42.1%, and Multiple Organizations were the most targeted at 17.7%.

  • Leaky Buckets in 2023

    Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...

  • Image by wastedgeneration from Pixabay1-15 December 2023 Cyber Attacks Timeline

    In early December 2023, event recordings decreased significantly to 135, with ransomware dominating 35.5% of incidents. The period saw a notable data breach at ESO Solutions, affecting 2.7 million patients, and a $2.7 million crypto theft at OKX. Geopolitical tensions spurred active cyber espionage, with ...

  • The Biggest Data Breaches of 2021

    With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.