Attack Distribution April H1 2023

No Data Found

Attack Techniques March H2 2023

No Data Found

In the first half of April 2023 I collected 157 events (corresponding to 10.47 events/day). Despite the number is decreasing compared to the second timeline of March (a side effect of the exploitation at scale of the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability), the values remain quite high.

As an obvious consequence, the percentage of events caused by ransomware attacks went down to 27.38% (43 out of 157 events) vs. 30.1% (54 out of 179 events) of the  previous timeline.

And as an additional obvious consequence, the impact of vulnerabilities played a part in 18 out of 157 events corresponding to 11.46%, half the value of the previous timeline, 23.7% corresponding to 42 out of 177 events, and close to the first timeline of March.

Multi-million losses continued to plague the fintech sector, it is impossible to summarize all the entities that suffered losses in this fortnight (browse the timeline for the details), but the good news is that in some cases the attackers returned the stolen funds in exchange of a reward.

In terms of  mega breaches there is just one remarkable event, and is the compromise of the details of 55 million Thai citizens, after the breach of an unnamed government agency by a threat actor calling themselves 9Near.

The Cyber Espionage front was always hot, with multiple campaigns unearthed also in the first half of April, and carried out by known threat actors such as the usual APT29, APT36, APT41, Archipelago (a subset of APT43), Vixen Panda, Mantis, and other unidentified or less known groups such as UAC-0145, which targeted an undisclosed Ukrainian utility company.

And as always, this brief summary is closed by a quick mention to the DDos attacks launched by the pro-Russian hacktivists of NoName057(16) and Killnet that were directed respectively against several government websites in Finland, and Rheinmetall, a German automotive and arms manufacturer. But also Anonymous Sudan launched some DDoS attacks against targets in Israel and India, and finally the

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map April H1 2023

No Data Found


Creating the timelines is a very time-consuming task.

Any little helps!


No Data Found

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.


No Data Found

  • Image by Cliff Hang from Pixabay1-15 August 2023 Cyber Attacks Timeline

    In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July...

  • Photo by Towfiqu barbhuiya on UnsplashThe Biggest Data Breaches of 2023

    Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...

  • August 2016 Cyber Attacks Statistics

    It's time to publish the statistics derived from the cyber attacks timelines of August (Part I and Part II), a month particularly active from an Information Security perspective, despite the Summer time. As always, let’s start from the Daily Trend Chart, which shows obviously an ...

  • July 2023 Cyber Attacks Statistics

    After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...

  • Leaky Buckets in 2023

    Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.