Attack Distribution April H1 2023

No Data Found

Attack Techniques March H2 2023

No Data Found

In the first half of April 2023 I collected 157 events (corresponding to 10.47 events/day). Despite the number is decreasing compared to the second timeline of March (a side effect of the exploitation at scale of the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability), the values remain quite high.

As an obvious consequence, the percentage of events caused by ransomware attacks went down to 27.38% (43 out of 157 events) vs. 30.1% (54 out of 179 events) of the  previous timeline.

And as an additional obvious consequence, the impact of vulnerabilities played a part in 18 out of 157 events corresponding to 11.46%, half the value of the previous timeline, 23.7% corresponding to 42 out of 177 events, and close to the first timeline of March.

Multi-million losses continued to plague the fintech sector, it is impossible to summarize all the entities that suffered losses in this fortnight (browse the timeline for the details), but the good news is that in some cases the attackers returned the stolen funds in exchange of a reward.

In terms of  mega breaches there is just one remarkable event, and is the compromise of the details of 55 million Thai citizens, after the breach of an unnamed government agency by a threat actor calling themselves 9Near.

The Cyber Espionage front was always hot, with multiple campaigns unearthed also in the first half of April, and carried out by known threat actors such as the usual APT29, APT36, APT41, Archipelago (a subset of APT43), Vixen Panda, Mantis, and other unidentified or less known groups such as UAC-0145, which targeted an undisclosed Ukrainian utility company.

And as always, this brief summary is closed by a quick mention to the DDos attacks launched by the pro-Russian hacktivists of NoName057(16) and Killnet that were directed respectively against several government websites in Finland, and Rheinmetall, a German automotive and arms manufacturer. But also Anonymous Sudan launched some DDoS attacks against targets in Israel and India, and finally the

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map April H1 2023

No Data Found


Creating the timelines is a very time-consuming task.

Any little helps!


No Data Found

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.


No Data Found

  • Free cyber security concept background1-15 March 2024 Cyber Attacks Timeline

    In the first timeline of March 2024, I collected 98 events, once again characterized malware and ransomware attacks. State-sponsored threat actor were equally quite active, but the timeline also features some interesting events related to cyberwarfare.

  • 2023 Stats Featrured Image2024 Cyber Attacks Statistics

    In 2023, there was a 35% increase in cyber attacks to 4,128 events, with the MOVEit CVE-2023-34362 vulnerability being heavily exploited. Cybercrime dominated as the main motivation at 79%, while malware led attack techniques with 35.9%. Healthcare remained a top target for ransomware. The data ...

  • December 2014 Cyber Attacks Statistics

    The new year has just begun, and here we are with the last blog post for the 2014 just gone related to the Cyber Attacks statistics derived from the timelines of December (Part I and Part II). As usual, the US dominate the Country Distribution Chart ...

  • The Biggest Data Breaches of 2021

    With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.

  • network servers on an enclosureCVEs Targeting Remote Access Technologies

    In this first quarter of 2024, threat actors have been particularly busy in exploiting vulnerabilities (0-days but also old unpatched flaws) targeting traditional remote access technologies. In this blog post I summarized the main CVEs exploited so far in 2024.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.