In the first half of April 2023 I collected 157 events (corresponding to 10.47 events/day). Despite the number is decreasing compared to the second timeline of March (a side effect of the exploitation at scale of the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability), the values remain quite high.
As an obvious consequence, the percentage of events caused by ransomware attacks went down to 27.38% (43 out of 157 events) vs. 30.1% (54 out of 179 events) of the previous timeline.
And as an additional obvious consequence, the impact of vulnerabilities played a part in 18 out of 157 events corresponding to 11.46%, half the value of the previous timeline, 23.7% corresponding to 42 out of 177 events, and close to the first timeline of March.
Multi-million losses continued to plague the fintech sector, it is impossible to summarize all the entities that suffered losses in this fortnight (browse the timeline for the details), but the good news is that in some cases the attackers returned the stolen funds in exchange of a reward.
In terms of mega breaches there is just one remarkable event, and is the compromise of the details of 55 million Thai citizens, after the breach of an unnamed government agency by a threat actor calling themselves 9Near.
The Cyber Espionage front was always hot, with multiple campaigns unearthed also in the first half of April, and carried out by known threat actors such as the usual APT29, APT36, APT41, Archipelago (a subset of APT43), Vixen Panda, Mantis, and other unidentified or less known groups such as UAC-0145, which targeted an undisclosed Ukrainian utility company.
And as always, this brief summary is closed by a quick mention to the DDos attacks launched by the pro-Russian hacktivists of NoName057(16) and Killnet that were directed respectively against several government websites in Finland, and Rheinmetall, a German automotive and arms manufacturer. But also Anonymous Sudan launched some DDoS attacks against targets in Israel and India, and finally the
My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Geo Map April H1 2023
No Data Found
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/04/2023
During October 2022
During October 2022
APT41 AKA HOODOO
Taiwanese media organization
Researchers from Google discover a campaign carried out by the Chinese Threat Actor APT41 targeting a Taiwanese media organization.
Malware
Information and Communication
Cyber Espionage
TW
APT41, HOODOO, Google
2
01/04/2023
During Q4 2022
During Q4 2022
Ursnif
Multiple organizations
Researchers from Google’s Mandiant observed a campaign distributing the URSNIF banking trojan from Google Drive
Malware
Multiple Industries
Cyber Crime
>1
Google, Mandiant, URSNIF, Google Drive
3
01/04/2023
During Q4 2022
During Q4 2022
Diceloader
Multiple organizations
Researchers from Google’s Mandiant observed a campaign distributing the DICELOADER malware from Google Drive
Malware
Multiple Industries
Cyber Crime
>1
Google, Mandiant, DICELOADER, Google Drive
4
01/04/2023
Since at least 16/03/2023
Since at least 16/03/2023
?
Multiple organizations in the U.S.
Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid.
Scam
Multiple Industries
Cyber Crime
US
Scam
5
01/04/2023
-
-
9Near
Unnamed Thai Government Agency
A threat actor named "9Near" claims to have stolen the personal data of 55 million Thai citizens from an unnamed Government agency.
Unknown
Public admin and defence, social security
Hacktivism
TH
9Near
6
01/04/2023
01/03/2023
28/02/2023
D0nut Leaks
Montgomery General Hospital
Montgomery General Hospital is forced to take its systems offline after it was breached and hit by a ransomware attack.
Malware
Human health and social work
Cyber Crime
US
Montgomery General Hospital, ransomware, D9nut Leaks
7
02/04/2023
-
-
?
Alpi Aviation
Alpi Aviation, an Italian aircraft manufacturer, has some customer data dumped in the XSS underground forum.
Unknown
Manufacturing
Cyber Crime
IT
Alpi Aviation, XSS
8
03/04/2023
26/03/2023
26/03/2023
?
Western Digital
Western Digital announces that its network has been breached and an unauthorized party gained access to multiple company systems. The statement suggests a possible ransomware attack.
Unknown
Manufacturing
Cyber Crime
US
Western Digital
9
03/04/2023
31/03/2023
31/03/2023
?
Capita
British outsourcing services provider Capita announces that a cyberattack is preventing access to its internal Microsoft Office 365 applications.
Unknown
Professional, scientific and technical
Cyber Crime
UK
Capita
10
03/04/2023
-
29/03/2023
North Korean state-backed hacking group? (Labyrinth Collima AKA Lazarus Group, Covellite, UNC4034, Zinc, Nickel Academy)
Multiple organizations in the cryptocurrency sector
Researchers from Kaspersky reveal that some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware, with the threat actors specifically targeting cryptocurrency companies with this additional malicious payload.
Researchers from Mandiant observe an ALPHV/BlackCat ransomware affiliate exploiting three vulnerabilities (CVE-2021-27876, CVE-2021-27877 and CVE-2021-27878) impacting the Veritas Backup product for initial access to the target network.
Genova Burns, a mid-sized law firm representing Uber notifies an unknown number of its drivers that sensitive data was exposed and stolen due to a cyber-attack.
Unknown
Professional, scientific and technical
Cyber Crime
US
Genova Burns, Uber
13
03/04/2023
During the Spring break
During the Spring break
?
Jefferson County School System
The Jefferson County School System discloses it was the victim of a ransomware computer attack during Spring Break.
Malware
Education
Cyber Crime
US
Jefferson County School System, ransomware
14
03/04/2023
-
-
Black Basta
Corporate Technologies,
The Black Basta ransomware gang claims to have breached Corporate Technologies, a US-based IT consultancy and cybersecurity firm.
Malware
Professional, scientific and technical
Cyber Crime
US
Black Basta, ransomware, Corporate Technologies
15
03/04/2023
30/03/2023
30/03/2023
?
Ripple Users
Researchers from BitDefender discover a phishing campaign impersonating crypto solutions provider Ripple.
Account Takeover
Fintech
Cyber Crime
AU
DE
DK
IE
JP
KR
UK
US
ZA
BitDefender, Ripple
16
03/04/2023
-
-
Stormous
Cameron Memorial Community Hospital
The Stormous Ransomware adds Cameron Memorial Community Hospital to their leak site, despite they do not provide any proof of claims.
Malware
Human health and social work
Cyber Crime
US
Stormous, ransomware, Cameron Memorial Community Hospital
17
03/04/2023
-
-
ALPHV AKA BlackCat AKA UNC4466
Mutual de Seguros de Chile
Mutual de Seguros de Chile is added to the BlackCat ransomware leak site.
Malware
Finance and insurance
Cyber Crime
CL
ALPHV, BlackCat, UNC4466, Mutual de Seguros de Chile, ransomware
18
03/04/2023
During the previous week
During the previous week
?
Palmeiras Club of Brazil
The Palmeiras Club of Brazil is the target of a cyberattack.
Unknown
Arts entertainment, recreation
Cyber Crime
BR
Palmeiras Club of Brazil
19
03/04/2023
01/04/2023
01/04/2023
?
Isaac Regional Council
The Isaac Regional Council, a local government body in the central Queensland area of Australia, discloses that a ransomware attack targeted its internal systems and resulted in reduced customer service capabilities.
Malware
Public admin and defence, social security
Cyber Crime
AU
Isaac Regional Council, ransomware
20
03/04/2023
02/04/2023
02/04/2023
?
Allbridge
A hacker returned assets worth $465,000 stolen from Allbridge, taking up the multichain token bridge's offer of a white hat bounty and no legal proceedings. The compensation plan came into place after the hacker drained $573,000 by manipulating Allbridge's swap price function.
Vulnerability
Fintech
Cyber Crime
N/A
Allbridge
21
03/04/2023
-
-
?
Ethereum
One of the major Ethereum MEV bots is targeted in an attack, apparently by one of the blockchain's validators, resulting in the loss of almost $20 million.
Mev bot attack
Fintech
Cyber Crime
N/A
Ethereum, MEV bot
22
04/04/2023
04/04/2023
04/04/2023
Noname 057(16)
Finnish Parliament
The pro-Russia hacker group Noname 057(16) announces to be behind a series of DDoS attacks on the Finnish parliament's website as Finland prepares to join the Nato military alliance at a ceremony in Brussels.
DDoS
Public admin and defence, social security
Hacktivism
FI
Noname 057(16), Finnish Parliament, NATO
23
04/04/2023
04/04/2023
04/04/2023
Noname 057(16)
Personal website of outgoing Finnish PM Sanna Marin
The Noname 057(16) group is also believed to be behind a similar attack on at least one other official website as well as the personal website of outgoing Finnish PM Sanna Marin (SDP).
DDoS
Public admin and defence, social security
Hacktivism
FI
Noname 057(16), Sanna Marin
24
04/04/2023
Since at least 17/03/2023
17/03/2023
?
Taxpayers in the U.S.
eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware.
Malicious Script Injection
Individual
Cyber Crime
US
eFile.com, IRS, JavaScript
25
04/04/2023
'Recently'
'Recently'
Rorschach
Undisclosed U.S.-based company
Researchers from Check Point discover a new ransomware strain dubbed Rorschach with the fastest encryptor seen so far.
Malware
Unknown
Cyber Crime
US
Check Point, Rorschach, ransomware
26
04/04/2023
31/01/2023
31/01/2023
lernaean_hydra0
Multiple organizations
Researchers from Cisco Talos discover a new version of the Typhon Reborn malware dubbed Typhon Reborn V2 characterized by improvements designed to thwart analysis via anti-virtualization mechanisms.
Malware
Multiple Industries
Cyber Crime
>1
Cisco Talos, Typhon Reborn, Typhon Reborn V2
27
04/04/2023
-
-
Rilide
Individuals
Researchers from Trustwave discover a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and Microsoft Edge in disguise of a fake Google Drive extension advertised via Google Ad.
Malware
Individual
Cyber Crime
>1
Trustwave, Rilide, Google Chrome, Brave, Opera, Microsoft Edge, Google Drive, Google Ad
28
04/04/2023
Since at least 04/04/2023
04/04/2023
Qbot AKA Qakbot, Pinkslipbot
Multiple organizations
Security researchers reveal that the QBot malware is now distributed in phishing campaigns utilizing PDFs and Windows Script Files (WSF) to infect Windows devices.
Malware
Multiple Industries
Cyber Crime
>1
QBot, Qakbot, PDF, Windows Script Files, WSF
29
04/04/2023
From September 2022 until at least February 2023
During February 2023
Mantis (AKA Arid Viper, Desert Falcon, APT-C-23)
Organizations within the Palestinian territories
Researchers from Symantec/Broadcom discover a new campaign by the Palestinian cyber espionage group Mantis, targeting organizations within the Palestinian territories with updated versions of their custom Arid Gopher and Micropsia backdoors.
Researchers from Sysdig uncover a new form of attack, called “proxyjacking,” in which hackers leverage the Log4j vulnerability to gain initial access to a system or device before selling off its IP information to proxyware services.
Log4j Vulnerability
Multiple Industries
Cyber Crime
>1
Sysdig, proxyjacking, Log4j
31
04/04/2023
-
-
LockBit 3.0
KNVB (Governing Body for Soccer in the Netherlands)
KNVB, the governing body for soccer in the Netherlands, discloses that hackers were able to steal the personal information of its employees during a cyberattack. The LockBit ransomware gangs claims responsibility for the attack.
Unknown
Arts entertainment, recreation
Cyber Crime
NL
KNVB, LockBit, ransomware
32
04/04/2023
04/04/2023
04/04/2023
Anonymous Sudan
Check Point
The web site of Check Point, one of Israel's largest cybersecurity companies, is taken down by Anonymous Sudan.
DDoS
Professional, scientific and technical
Hacktivism
IL
Check Point, Anonymous Sudan
33
04/04/2023
04/04/2023
04/04/2023
Anonymous Sudan
Websites of multiple major universities in Israel
The websites of multiple major universities in Israel, including Tel Aviv University, the Hebrew University of Jerusalem, Ben-Gurion University of the Negev, Haifa University, Weizmann Institute of Science, Open University of Israel and Reichman University, are taken down by Anonymous Sudan.
DDoS
Education
Hacktivism
IL
Tel Aviv University, Hebrew University of Jerusalem, Ben-Gurion University of the Negev, Haifa University, Weizmann Institute of Science, Open University of Israel, Reichman University
34
04/04/2023
Between March and April 2023
Between March and April 2023
?
Multiple organizations
Researchers from Checkmarx reveal that a threat actor launched multiple campaigns exploiting the npm registry to deliver malware and crypto scams.
>1
Multiple Industries
Cyber Crime
>1
Checkmarx, npm
35
04/04/2023
04/04/2023
04/04/2023
TurkHackTeam
Banks and Government Agencies in Denmark
In name of OpDenmark, a group of Turkish hacktivists dubbed TurkHackTeam defaces several Banks and Government agencies in Denmark.
Defacement
Multiple Industries
Hacktivism
DK
OpDenmark, TurkHackTeam
36
04/04/2023
-
During November 2022
?
TAFE South Australia (TAFE SA)
The personal information of more than 2,000 TAFE SA students is stolen in a serious data breach, when the South Australia police finds a USB drive containing students' data.
Unknown
Education
Cyber Crime
AU
TAFE South Australia, TAFE SA
37
04/04/2023
Since March 2023
During March 2023
Threat actors from Romania
Multiple organizations
Researchers from Tehtris discover a cryptojacking campaign targeting Linux machines, dubbed Color1337, and involving the use of a bot called uhQCCSpB that installs and launches a Monero miner on the infected machine.
Malware
Multiple Industries
Cyber Crime
>1
Tehtris, Linux, Color1337, uhQCCSB, Monero
38
04/04/2023
Between 19/01/2023 and 22/03/2023
During January 2023
UAC-0145
Undisclosed Ukrainian Utility Company
The Computer Emergency Response Team of Ukraine (CERT-UA) reveals that an Ukrainian utility company was breached with the DarkCrystal after installing a pirated version of Microsoft Office downloaded from a torrent website.
UnitedLex, a legal consulting firm, is hit by the D0nut ransomware gang.
Malware
Administration and support service
Cyber Crime
US
UnitedLex, ransomware, D9nut Leaks
40
04/04/2023
End of March 2023
End of March 2023
Royal
More than 1,000 organizations worldwide
Researchers from Red Sense reveal that the Royal ransomware group appears to have targeted more than 1,000 organizations with a social engineering attack designed to trick victims into trusting the attackers, and installing ransomware.
Malware
Multiple Industries
Cyber Crime
>1
Red Sense, Royal, ransomware
41
04/04/2023
-
-
LockBit 3.0
Errebielle
The LockBit 3.0 ransomware gang claims to have breached Errebielle, an Italian company specialized in the production of doors and furniture accessories, and dumps 34 gb of data.
Malware
Manufacturing
Cyber Crime
IT
LockBit, LockBit 3.0, Errebielle
42
05/04/2023
Since at least 03/04/2023
03/04/2023
?
YouTube users
YouTube warns users of a new phishing scam that has been using authentic email addresses to lure users into giving away their login credentials.
Account Takeover
Individual
Cyber Crime
>1
YouTube
43
05/04/2023
During Late 2022
During Late 2022
ARCHIPELAGO
Government and military personnel, think thanks, policy makers, academics, and researchers in South Korea, and the U.S.
Researchers from Google warn of the North Korea-linked ARCHIPELAGO (subset of the APT43 group) targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea, the US and elsewhere.
Targeted Attack
Individual
Cyber Espionage
KR
US
Google, ARCHIPELAGO, APT43
44
05/04/2023
Recently'
Recently'
?
Crypto users in Portugal
Researchers from Palo Alto Networks reveal that crypto users in Portugal are being targeted by a new malware codenamed CryptoClippy that's capable of stealing cryptocurrency as part of a SEO poisoning malvertising campaign in theme with searches for 'WhatsApp Web'.
Malware
Fintech
Cyber Crime
PT
Palo Alto Networks, CryptoClippy, SEO poisoning, malvertising, WhatsApp Web
45
05/04/2023
05/04/2023
05/04/2023
?
Israel Postal Company
The Israel Postal Company detects a cyber attack from a "hostile party" targeting their computer servers, and shuts down part of its computer systems in response to the attack.
Unknown
Public admin and defence, social security
Hacktivism
IL
Israel Postal Company
46
05/04/2023
09/07/2022
09/07/2022
Rektengle
Rogers Communications
Attackers post an ad on a mostly Russian-speaking hacker forum, putting on sale a database allegedly belonging to Rogers Communications, a Canadian company providing wireless, cable, and internet services.
Unknown
Information and communication
Cyber Crime
CA
Rogers Communications
47
05/04/2023
Between 26/10/2022 and 29/10/2022
'Recently'
?
Prescott College
Prescott College files a notice of data breach after the school learned that an unauthorized party had gained access to and removed certain files that were stored on its computer system.
Unknown
Education
Cyber Crime
US
Prescott College
48
05/04/2023
Earlier in 2022
'Recently'
?
Woodward Communications
Woodward Communications files a notice of data breach after experiencing a cybersecurity event that compromised the security of consumer data in the company’s possession.
Unknown
Information and communication
Cyber Crime
US
Woodward Communications
49
05/04/2023
Between 28/02/2023 and 01/03/2023
01/03/2023
?
Chippewa County
The Chippewa County Human Resources Division notifies that the laptop computer of an employee was compromised and 25-35MB of data was stolen from the device, including information protected under HIPAA.
Unknown
Public admin and defence, social security
Cyber Crime
US
Chippewa County Human Resources Division
50
05/04/2023
-
-
LockBit 3.0
Olympia CUSD (Olympia Community Unified School District 16)
The LockBit 3.0 ransomware gang claims to have hit the Olympia CUSD (Olympia Community Unified School District 16) in Illinois, and post 4 files with personal information as proof.
Malware
Education
Cyber Crime
US
LockBit, LockBit 3.0, Olympia CUSD, Olympia Community Unified School District 16, ransomware
51
05/04/2023
24/03/2023
24/03/2023
BlackCat
Noteboom
The BlackCat ransomware gang claims to have breached Noteboom, a law firm.
Malware
Professional, scientific and technical
Cyber Crime
US
BlackCat, ransomware, Noteboom
52
06/04/2023
27/03/2023
27/03/2023
Medusa
Open University of Cyprus (OUC)
The Medusa ransomware gang claims responsibility for a cyberattack on the Open University of Cyprus (OUC), which caused severe disruptions of the organization's operations.
Malware
Education
Cyber Crime
CY
Medusa, ransomware, Open University of Cyprus, OUC
53
06/04/2023
Since 17/01/2023
17/01/2023
?
UK's Criminal Records Office (ACRO)
The UK's Criminal Records Office (ACRO) confirms that online portal issues experienced resulted from what it described as a "cyber security incident."
Unknown
Public admin and defence, social security
Cyber Crime
UK
UK's Criminal Records Office, ACRO
54
06/04/2023
-
-
?
Taxpayers in the U.S.
Researchers from Avanan discover a series of campaign exploiting Quickbooks to harvest credentials.
Account Takeover
Individual
Cyber Crime
US
Quickbooks, Avanan
55
06/04/2023
-
-
Muòtiple threat actors
Multiple organizations
Adobe sends out password reset emails to users informing them that the company has changed the password associated with their Adobe ID, which may have been compromised in data breaches from other online sources. services.
Unknown
Multiple Industries
Cyber Crime
>1
Adobe
56
06/04/2023
Between 12/10/2023 and 28/10/2023
-
?
Killer Instinct
Killer Instinct, a company that trades high-tech modern adaptations of the archaic long-range weapon, discloses a data breach affecting over 800 users.
Account Takeover
Manufacturing
Cyber Crime
US
Killer Instinct
57
06/04/2023
-
-
Cyber Resistance Group
Putin supporter Mikhail Luchin
Hacktivists from the Pro-Ukraine Cyber Resistance Group break into the account of Putin supporter Mikhail Luchin, and spend $25,000, the funds he had planned to use purchase Chinese drones on tens of thousands of dollars worth of dildos and strap-ons.
Account Takeover
Individual
Hacktivism
RU
Cyber Resistance Group, Putin, Mikhail Luchin, Ukraine, Russia
58
06/04/2023
Mid-February 2023
Mid-February 2023
?
University of Hawaii Maui College (UH Hawaii College)
University of Hawaii Maui College (UH Hawaii College) posted notice of a data breach on its website following a February cyberattack.
Unknown
Education
Cyber Crime
US
University of Hawaii Maui College, UH Hawaii College
59
06/04/2023
Between early November 2022 and Late February 2023
Late February 2023
?
Thermea Spa
Customers who purchased gift certificates from Thermea spa between early November and late February are told in an email that their credit card information may have been compromised, alongside their full names, phone numbers and email and street addresses.
Unknown
Arts entertainment, recreation
Cyber Crime
CA
Thermea spa
60
06/04/2023
04/04/2023
04/04/2023
?
Sentiment
Lending protocol Sentiment manages to recover the stolen funds from a recent hack by offering the hacker a bounty worth $95,000.
Vulnerability
Fintech
Cyber Crime
US
Sentiment
61
06/04/2023
-
-
LockBit 3.0
OMS Components
The LockBit 3.0 ransomware gang claims to have breached OMS Components, an Italian company manufacturing office chairs components.
Malware
Manufacturing
Cyber Crime
IT
LockBit, LockBit 3.0, ransomware, OMS Components
62
06/04/2023
-
-
ALPHV AKA BlackCat AKA UNC4466
Electronic System
The BlackCat ransomware gang claims to have breached Electronic System, an Italian manufacturer of components for automations systems,
Malware
Manufacturing
Cyber Crime
IT
ALPHV, BlackCat, UNC4466, ransomware, Electronic System
63
06/04/2023
04/04/2023
04/04/2023
Akira
BridgeValley Community and Technical College
BridgeValley Community and Technical College suffers an Akira ransomware attck.
Malware
Education
Cyber Crime
US
BridgeValley Community and Technical College, Akira, ransomware
64
07/04/2023
-
-
For-profit companies
Individuals in the U.S.
The FBI warns that for-profit companies reportedly linked to sextortion activity are targeting victims using various deceptive tactics to pressure them into paying for "assistance" services.
Sextortion Scam
Individual
Cyber Crime
US
FBI, sextortion
65
07/04/2023
Since 2017
-
Balada Injector
More than one million WordPress websites
Researchers from Sucuri estimate that one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered theme and plugin vulnerabilities" to inject a Linux backdoor via Balada Injector.
Multiple vulnerabilities
Multiple Industries
Cyber Crime
>1
Sucuri, WordPress, Linux backdoor, Balada Injector
66
07/04/2023
-
-
Multiple threat actors
Multiple organization(s) in the U.S.
Apple releases emergency security updates to address two new zero-day vulnerabilities (CVE-2023-28205 and CVE-2023-28206) exploited in attacks to compromise iPhones, Macs, and iPads.
CISA adds CVE-2019-1388, a Microsoft Windows Certificate Dialog vulnerability to its list of exploited vulnerabilities.
CVE-2019-1388 vulnerability
Unknown
N/A
US
CISA, CVE-2019-1388, Microsoft Windows Certificate Dialog
68
07/04/2023
-
During Mach 2023
?
Multiple organization(s) in the U.S.
CISA adds CVE-2023-26083, an information disclosure flaw in Arm Mali GPU Kernel Driver, exploited by a spyware vendor, to its list of exploited vulnerabilities.
CVE-2023-26083 vulnerability
Multiple Industries
Cyber Espionage
US
CISA adds CVE-2023-26083, Arm Mali GPU Kernel Driver, spyware
69
07/04/2023
13/03/2023
06/04/2023
?
Police Department in Camden County
The police department in Camden County, New Jersey confirmed that it was hit with a ransomware attack and is still investigating the incident.
Malware
Public admin and defence, social security
Cyber Crime
US
Police Department in Camden County, ransomware
70
07/04/2023
Late during the same week
Late during the same week
?
Rochester Public Schools
The Rochester Public Schools announces that it is canceling classes for all 42 schools it operates after it was hit by a suspected cyberattack.
Unknown
Education
Cyber Crime
US
Rochester Public Schools
71
07/04/2023
30/03/2023
30/03/2023
?
Sarah D. Culbertson Memorial Hospital
Sarah D. Culbertson Memorial Hospital informs the public that staff had discovered a “network disruption” on March 30.
Unknown
Human health and social work
Cyber Crime
US
Sarah D. Culbertson Memorial Hospital
72
07/04/2023
06/04/2023
06/04/2023
?
Evotec
German drug development giant Evotec discloses it suffered a cyberattack that forced it to take all of its IT systems offline.
Unknown
Professional, scientific and technical
Cyber Crime
DE
Evotec
73
07/04/2023
-
-
MuddyWater (AKA MERCURY, Mango Sandstorm, Seedworm, and Static Kitten) and DEV-1084 (AKA Storm-1084)
Multiple organizations
Researchers from Microsoft reveal that Iranian advanced persistent threat (APT) actors MuddyWater and DEV-1084 have been observed launching destructive cyberattacks disguised as ransomware against on-prem and cloud infrastructures.
The municipality of Herselt in Belgium has been hit by a cyberattack
Unknown
Public admin and defence, social security
Cyber Crime
BE
Municipality of Herselt
75
07/04/2023
'Recently'
12/12/2022
?
HawaiiUSA Federal Credit Union (HawaiiUSA)
HawaiiUSA Federal Credit Union (HawaiiUSA) files a notice of data breach after a phishing incident leaks the personal information of more than 20,000 bank customers.
Account Takeover
Finance and insurance
Cyber Crime
US
HawaiiUSA Federal Credit Union, HawaiiUSA
76
07/04/2023
Between 05/12/2022 and 11/12/2022
10/12/2022
?
Minnesota and Wisconsin locations of 90 Degree Benefits
Minnesota and Wisconsin locations of 90 Degree Benefits files a notice of data breach after the company confirmed that certain files containing confidential consumer data were accessed by an unauthorized party following a cyberattack.
Unknown
Finance and insurance
Cyber Crime
US
Minnesota and Wisconsin locations of 90 Degree Benefits
77
07/04/2023
Between 07/02/2023 and 25/02/2023
25/02/2023
?
Baldor Specialty Foods
Baldor Specialty Foods files a notice of data breach after a malicious actor carried out a cyberattack against the company resulting in confidential consumer information being compromised.
Unknown
Wholesale and retail
Cyber Crime
US
Baldor Specialty Foods
78
07/04/2023
Between 24/01/2023 and 08/02/2023
08/02/2023
?
La Clinica de La Raza
La Clinica de La Raza files a notice of data breach after learning that certain employee email accounts containing confidential patient information were accessed by an unauthorized party over the course of a two-week period.
Account Takeover
Human health and social work
Cyber Crime
US
La Clinica de La Raza
79
07/04/2023
13/01/2023
13/01/2023
?
Charter Foods
Charter Foods files a notice of data breach following a “criminal cyberattack” that compromised highly sensitive consumer information in the company’s possession
Unknown
Accommodation and food service
Cyber Crime
US
Charter Foods
80
07/04/2023
Since November 2022
Since November 2022
?
Healthcare organizations in the U.S.
The U.S. Department of Health and Human Services (HHS) warns the healthcare sector of an ongoing DNS NXDOMAIN flood DDoS campaign.
DDoS
Human health and social work
Cyber Crime
US
U.S. Department of Health and Human Services, HHS, DNS, NXDOMAIN
81
07/04/2023
07/03/2023
-
Abyss
7×7 Dental Implant & Oral Surgery Specialists
A leak site called “Abyss” adds 7×7 Dental Implant & Oral Surgery Specialists of San Francisco (7×7) to their site and claims to have leaked 114 GB of the dental practice’s files.
Malware
Human health and social work
Cyber Crime
US
Abyss, 7×7 Dental Implant & Oral Surgery Specialists, ransomware
82
07/04/2023
Between February 2022 and August 2022.
06/04/2023
?
Aspire Public Schools
Aspire Public Schools submits notifications, according to which, it learned that an unauthorized party gained access to one Aspire email account at various times between February 2022 and August 2022.
Account Takeover
Education
Cyber Crime
US
Aspire Public Schools
83
08/04/2023
During 2023
During 2023
?
Kodi
The Kodi Foundation discloses a data breach after hackers stole the organization's MyBB forum database containing user data and private messages and attempted to sell it online.
Account Takeover
Arts entertainment, recreation
Cyber Crime
N/A
Kodi, Kodi Foundation
84
08/04/2023
28/03/2023
08/04/2023
Money Message
BrightSpring Health
BrightSpring Health is listed among the victims of the Money Message ransomware in their leak site.
Malware
Human health and social work
Cyber Crime
US
BrightSpring Health, Money Message, ransomware
85
08/04/2023
28/03/2023
08/04/2023
Money Message
PharMerica Corporation
PharMerica Corporation is listed among the victims of the Money Message ransomware in their leak site.
Malware
Wholesale and retail
Cyber Crime
US
PharMerica Corporation, Money Message, ransomware
86
08/04/2023
15/02/2023
-
Zarya
Canadian gas pipeline
Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline
Unknown
Electricity, gas steam, air conditioning
Cyber Warfare
CA
Russia, Zarya
87
09/04/2023
Since November 2022
Since November 2022
FusionCore
Multiple organizations
Researchers from Cyfirma discover a new cybercrime group, dubbed FusionCore, specialized in offering Malware-as-a-Service (MaaS) and other hacking services.
Malware
Multiple Industries
Cyber Crime
>1
Cyfirma, FusionCore
88
09/04/2023
09/04/2023
09/04/2023
?
Automated irrigation systems in the Jordan Valley
In name of OpIsrael, automated irrigation systems in the Jordan Valley in Israel are briefly disrupted.
DDoS
Water supply, waste mgmt, remediation
Hacktivism
IL
OpIsrael, Jordan Valley
89
09/04/2023
09/04/2023
09/04/2023
?
Galil Sewage Corporation
In name of OpIsrael, automated irrigation systems of Galil Sewage Corporation are briefly disrupted.
DDoS
Water supply, waste mgmt, remediation
Hacktivism
IL
OpIsrael, Galil Sewage Corporation
90
09/04/2023
09/04/2023
09/04/2023
?
SushiSwap
A bug on a smart contract on the decentralized finance (DeFi) protocol SushiSwap leads to over $3M in losses.
Vulnerability
Fintech
Cyber Crime
N/A
SushiSwap
91
09/04/2023
09/04/2023
09/04/2023
?
GDAC
South Korean cryptocurrency exchange GDAC is the target of attackers, with the platform losing nearly $13M during the attack.
Vulnerability
Fintech
Cyber Crime
KR
GDAC
92
09/04/2023
End of March 2023
End of March 2023
?
Neue Zürcher Zeitung (NZZ)
The Neue Zürcher Zeitung (NZZ) shuts down the newspaper production system after a ransomware attack.
Malware
Information and communication
Cyber Crime
CH
Neue Zürcher Zeitung, NZZ, ransomware
93
09/04/2023
Early April 2023
Early April 2023
?
San Bernardino County Sheriff’s Department
Southern California’s San Bernardino County Sheriff’s Department says it experienced a “network disruption” to its electronic systems and has referred the problem to the FBI and Department of Homeland Security.
Unknown
Public admin and defence, social security
Cyber Crime
US
San Bernardino County Sheriff’s Department
94
09/04/2023
-
-
BlackByte
Cementos Bio-Bio
Cementos Bio-Bio, a Chilean cement company, is added to the BlackByte ransomware leaks site.
Ukrainian hacktivist group Cyber Resistance claims to have hacked the email, social media, and personal accounts of Russian GRU officer Lieutenant Colonel Sergey Alexandrovich Morgachev, the alleged leader of the APT28 threat group (AKA Pawn Storm and Fancy Bear).
Belgian HR and payroll giant SD Worx suffers a cyberattack causing them to shut down all IT systems for its UK and Ireland services.
Unknown
Administration and support service
Cyber Crime
UK
IE
SD Worx
97
10/04/2023
-
-
?
Chinese nationals based in the U.S.
The FBI warns that cyber criminals posing as members of China’s government are targeting Chinese nationals based in the United States.
Scam
Individual
Cyber Crime
US
FBI, China
98
10/04/2023
During March 2023
During March 2023
?
Organizations in the financial sector in the U.S.
Researchers from eSentire discover a new campaign deploying the malware loader known as GuLoader, targeting the US financial sector using phishing emails with a tax-themed lure.
Malware
Finance and insurance
Cyber Crime
US
eSentire, GuLoader
99
10/04/2023
22/08/2022
22/08/2022
?
Elmbrook School District
A breach exposes the names and Social Security numbers of current and former Elmbrook School District employees.
Unknown
Education
Cyber Crime
US
Elmbrook School District
100
10/04/2023
Between 27/11/2022 and 22/01/2023
26/01/2023
?
Guardian Analytics
Webster Bank files a notice of data breach after learning of a third-party data breach at Guardian Analytics, one of Webster Bank’s vendors.
Unknown
Professional, scientific and technical
Cyber Crime
US
Webster Bank, Guardian Analytics
101
10/04/2023
Between 12/12/2022 and 27/12/2022
27/12/2022
?
Harrington Raceway and Casino
Harrington Raceway and Casino files a notice of data breach with the Maine Attorney General after learning that hackers were able to access confidential consumer information located on the company’s servers for a period of two weeks.
Unknown
Arts entertainment, recreation
Cyber Crime
US
Harrington Raceway and Casino
102
10/04/2023
01/02/2023
01/02/2023
?
Retina & Vitreous of Texas
Retina & Vitreous of Texas files a notice of data breach after learning that confidential patient information that had been entrusted to the company was accessible to unauthorized parties following a cybersecurity incident.
Unknown
Human health and social work
Cyber Crime
US
Retina & Vitreous of Texas
103
10/04/2023
Between 28/06/2022 and 29/06/2022
29/06/2022
?
Stroud Area Regional Police Department (SARPD)
Stroud Area Regional Police Department (SARPD) announces that it has taken action after learning of a data security incident which may have impacted certain individuals' personal information.
Unknown
Public admin and defence, social security
Cyber Crime
US
Stroud Area Regional Police Department, SARPD
104
10/04/2023
-
-
LockBit 3.0
Euromotors
The Peruvian company Euromotors, a car dealership network, is added to the LockBit ransomware leak site.
Malware
Wholesale and retail
Cyber Crime
PE
Euromotors, LockBit, LockBit 3.0, ransomware
105
10/04/2023
-
01/02/2023
?
WellBe Senior Medical
WellBe Senior Medical joins the list of the victims of the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
The National Security Agency reveals that Russian threat actors have logged into private security cameras in Ukraine coffee shops to collect intelligence on aid convoys.
Unknown
Arts entertainment, recreation
Cyber Warfare
UA
National Security Agency, Russia, Ukraine
107
11/04/2023
Between January 2021 and November 202
-
?
At least five civil society victims in North America, Central Asia, Southeast Asia, Europe, and the Middle East
Microsoft and Citizen Lab discover a commercial spyware made by an Israel-based company QuaDream used to compromise the iPhones of high-risk individuals using a zero-click exploit named ENDOFDAYS.
Microsoft patches CVE-2023-28252, a zero-day vulnerability in the Windows Common Log File System (CLFS), actively exploited by cybercriminals to escalate privileges and deploy the Nokoyawa ransomware payloads.
Malware
Multiple Industries
Cyber Crime
>1
Microsoft, CVE-2023-28252, Windows Common Log File System, CLFS, Nokoyawa, ransomware
109
11/04/2023
Since November 2022
Since November 2022
?
Users speaking Japanese, Korean, and Spanish.
Researchers from NTT discover a campaign where attackers are compromising websites to inject scripts that display fake Google Chrome automatic update errors that distribute malware to unaware visitors.
Malicious Script Injection
Individual
Cyber Crime
JP
KR
ES
NTT, Google Chrome
110
11/04/2023
-
-
?
Hyundai Italy and France
Hyundai discloses a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data.
Unknown
Manufacturing
Cyber Crime
FR
IT
Hyundai
111
11/04/2023
11/04/2023
11/04/2023
?
Cornwall Community Hospital
Cornwall Community Hospital, a healthcare facility serving the residents of Cornwall and several other counties in Canada, says it discovered a “network issue” that was later revealed to be a cyberattack.
Malware
Human health and social work
Cyber Crime
CA
Cornwall Community Hospital
112
11/04/2023
During March 2023
During March 2023
idklmao
Multiple organizations
Researchers from Sonatype discover microsoft-helper, a malicious PyPI package, copycat of the popular W4SP stealer.
Malware
Multiple Industries
Cyber Crime
>1
Sonatype, microsoft-helper, PyPI, W4SP stealer
113
11/04/2023
During March 2023
During March 2023
SylexSquad
Multiple organizations in Spain
Researchers from Sonatype discover reverse-shell, a PyPI package malware-as-a-service for the Spanish market.
Malware
Multiple Industries
Cyber Crime
ES
Sonatype, reverse-shell, PyPI, SylexSquad
114
11/04/2023
During January 2023
During January 2023
?
Multiple organizations
Researchers from Veriti discover a campaign where attackers are posting what appear to be legitimate sponsored ads on hijacked Facebook business and community pages, which promise free downloads of AI chatbots such as ChatGPT and Google Bard and instead distribute the well-known, info-stealing malware RedLine Stealer.
Malware
Multiple Industries
Cyber Crime
AR
BD
ES
GR
IN
LB
MX
PK
TO
US
Veriti, Facebook, ChatGPT, Google Bard, RedLine Stealer
115
11/04/2023
-
-
?
Multiple organizations in Ukraine
Researchers from Fortinet discover a new multi-staged attack leveraging a malicious document spoofed to look like the Ukrainian state enterprise Energoatom, responsible for managing four nuclear power plants in Ukraine, and using the Havoc C2 framework to deliver multiple payloads at different stages.
Targeted Attack
Multiple Industries
Cyber Espionage
UA
Fortinet, Ukraine, Energoatom, Havoc C2
116
11/04/2023
-
15/03/2023
?
Harding, Shymanski & Company
Harding, Shymanski & Company files a notice of data breach after learning that an employee’s credentials were used to access customer 2021 tax returns, leading to fraudulent 2022 tax returns being filed on behalf of certain patients.
Account Takeover
Professional, scientific and technical
Cyber Crime
US
Harding, Shymanski & Company
117
11/04/2023
-
-
BlackByte
City of Collegedale
Data from the city of Collegedale is leaked after the city's computer systems were hacked by the BlackByte ransomware gang.
Malware
Public admin and defence, social security
Cyber Crime
US
City of Collegedale, BlackByte, ransomware
118
12/04/2023
-
-
Goldoson
Android users in South Korea
Researchers from McAfee discover a new Android malware named 'Goldoson' infiltrated on Google Play and ONE Store through 60 legitimate apps that collectively have 100 million downloads.
Malware
Individual
Cyber Crime
KR
McAfee, Android, Goldoson, Google Play, ONE Store
119
12/04/2023
-
-
Monti
Multiple organizations
Security researchers warn that cybercriminals from the Monti ransomware group are using the Action1 remote access software for persistence on compromised networks and to execute commands, scripts, and binaries.
Malware
Multiple Industries
Cyber Crime
>1
Monti, ransomware, Action1
120
12/04/2023
During the first week of April 2023
During the first week of April 2023
?
Lürssen
Lürssen, a German manufacturer of military vessels and luxury yachts reportedly suffered a ransomware attack over the Easter holiday.
Malware
Manufacturing
Cyber Crime
DE
Lürssen, ransomware
121
12/04/2023
Since 2019
-
Lazarus Group (AKA Labyrinth Collima, Covellite, UNC4034, Zinc, Nickel Academy)
Multiple organizations in the cryptocurrency space
Researchers from Kaspersky discover a new cluster of activity, dubbed DeathNote, part of the Operation DreamJob or NukeSped, carried out by the North Korean threat actor Lazarus Group.
Several hospitals and healthcare institutes in Hyderabad
Anonymous Sudan targets several top hospitals and healthcare institutes in Hyderabad.
DDoS
Human health and social work
Hacktivism
IN
Anonymous Sudan, Hyderabad
123
12/04/2023
Mid-April 2023
Mid-April 2023
Vixen Panda
Foreign Ministries in Multiple Countries
Chinese threat actors from Vixen Panda are suspected of allegedly targeting the Foreign Ministries in multiple countries in a new recent campaign.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
>1
Vixen Panda
124
12/04/2023
16/02/2023
16/02/2023
?
Unlimited Care
Unlimited Care files a notice of data breach after learning that a “network disruption” resulted in confidential employee information being compromised.
Unknown
Human health and social work
Cyber Crime
US
Unlimited Care
125
12/04/2023
-
-
Karakurt
Medicalodges
The Karakurt ransomware gang is back and adds Medicalodges to their leak site.
Malware
Human health and social work
Cyber Crime
US
Karakurt, ransomware, Medicalodges
126
12/04/2023
-
-
Karakurt
Petaluma Health Center
The Karakurt ransomware gang also adds Petaluma Health Center to their leak site.
Malware
Human health and social work
Cyber Crime
US
Karakurt, ransomware, Petaluma Health Center
127
12/04/2023
-
-
LockBit 3.0
Comacchio
The LockBit 3.0 ransomware gang claims to have breached Comacchio, an Italian drilling company, and as a proof dumps some data online.
Malware
Professional, scientific and technical
Cyber Crime
IT
LockBit, LockBit 3.0, ransomware, Comacchio
128
12/04/2023
-
13/03/2023
Cl0p AKA Clop
Kannact
Kannact discloses to have suffered a cyber attack, allegedly carried out by the Cl0p ransomware ganga exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
The Federal Security Service of the Russian Federation (FSB) accuses the United States and other NATO countries of launching over 5,000 cyberattacks against critical infrastructure in the country since the beginning of 2022.
>1
Electricity, gas steam, air conditioning
Cyber Warfare
RU
Federal Security Service of the Russian Federation, FSB, NATO, U.S.
130
13/04/2023
Since 24-26/10/2022
Since 24-26/10/2022
APT29 AKA Cozy Bear and NOBELIUM
NATO and European Union countries
Poland's Military Counterintelligence Service and its Computer Emergency Response Team discover a campaign carried out by the APT29 state-sponsored threat actors, part of the Russian government's Foreign Intelligence Service (SVR), targeting NATO and European Union countries, via three malware samples dubbed SNOWYAMBER, QUARTERRIG and HALFRIG.
Researchers from Cado Security discover a new Python-based credential harvester and SMTP hijacking tool named ‘Legion’, sold on Telegram, and targeting online email services for phishing and spam attacks.
Malware
Multiple Industries
Cyber Crime
>1
Cado Security, Python, Forza Tools, Legion’, Telegram
132
13/04/2023
Between 2019 and 2021
-
Five Individuals
Individuals
Europol and Eurojust announce the arrest of five individuals believed to be part of a massive online investment fraud ring with at least 33,000 victims who lost an estimated €89 million (roughly $98 million).
Investment Scam
Individual
Cyber Crime
>1
Europol, Eurojust
133
13/04/2023
During April 2023
During April 2023
?
Accounting Firms and Tax Preparers in the U.S.
With the end of the U.S. tax annual season reaching, Microsoft warns of a phishing campaign targeting accounting firms and tax preparers with the Remcos remote access malware allowing initial access to corporate networks.
Malware
Professional, scientific and technical
Cyber Crime
US
Microsoft, Remcos
134
13/04/2023
Since Early 2023
'Recently'
Vice Society
Multiple organizations
Researchers from Palo Alto Networks reveal that the Vice Society ransomware gang is deploying a new, rather sophisticated PowerShell script to automate data theft from compromised networks.
Researchers from Cyble discover a new Android trojan called ‘Chameleon’, targeting users in Australia and Poland, mimicking the CoinSpot cryptocurrency exchange, an Australian government agency, and the IKO bank.
Malware
Finance and insurance
Cyber Crime
AU
PL
Cyble, Android, Chameleon, CoinSpot, IKO PKO Bank
136
13/04/2023
06/04/2023
06/04/2023
?
Affinity
UK-based photo editing, graphic design and publishing software developer Affinity informs its forum members of a data breach.
Account Takeover
Professional, scientific and technical
Cyber Crime
UK
Affinity
137
13/04/2023
-
-
Read The Manual (RTM) Locker
Multiple organizations
Researchers from Trellix detail the tactics, techniques, and procedures of an emerging cybercriminal gang called ‘Read The Manual (RTM) Locker. The group provides a ransomware-as-a-service (RaaS) and provides its malicious code to a network of affiliates by imposing strict rules.
Malware
Multiple Industries
Cyber Crime
>1
Trellix, Read The Manual (RTM) Locker, ransomware
138
13/04/2023
14/03/2023
14/03/2023
Killnet?
Rheinmetall
German automotive and arms manufacturer Rheinmetall suffers a cyberattack. The Pro-Russia hacktivist group Killnet claims responsibility for the attack after the company's talks of constructing a new tank factory in Ukraine.
DDoS
Manufacturing
Hacktivism
DE
Rheinmetall, Killnet, Russia, Ukraine
139
13/04/2023
Since at least 21/03/2023
21/03/2023
?
Unknown organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns CVE-2023-20963, of a high-severity Android vulnerability believed to have been exploited by the Chinese e-commerce app Pinduoduo as a zero-day to spy on its users.
CVE-2023-20963 Vulnerability
Unknown
Cyber Crime
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2023-20963, Android, Pinduoduo
140
13/04/2023
-
-
?
Unknown organization(s) in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2023-29492, a Novi Survey Insecure Deserialization Vulnerability, to the list of its Known Exploited Vulnerabilities catalog.
CVE-2023-29492 Vulnerability
Unknown
N/A
US
The U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2023-29492, Novi Survey
141
13/04/2023
-
-
Multiple threat actors
Unknown organization(s)
Google releases an emergency Chrome security update to address CVE-2023-2033, the first zero-day vulnerability exploited in attacks since the start of the year.
CVE-2023-2033 Vulnerability
Unknown
N/A
N/A
Google, Chrome, CVE-2023-2033
142
13/04/2023
14/03/2023
14/03/2023
?
Bitrue
Singapore-based cryptocurrency trading platform Bitrue says that $23 million was stolen from one of its own digital wallets.
Hot Wallet Vulnerability
Fintech
Cyber Crime
SG
Bitrue
143
13/04/2023
Since at least October 2022
During February 2023
Conti and FIN7
Multiple organizations
Researchers from IBM discover a campaign distributing 'Minodo', a recently identified backdoor revealing a partnership between former members of the Conti ransomware group and the FIN7 financial criminal group.
Malware
Multiple Industries
Cyber Crime
>1
IBM, Minodo', Conti, FIN7
144
13/04/2023
Since at least the end of March 2023
End of March 2023
APT36 AKA Transparent Tribe
Education Sector in India
Researchers from Sentinel One discover a new campaign by the Pakistani threat actor known as APT36 or Transparent Tribe targeting the education sector in India with malicious Office documents distributing Crimson RAT.
Targeted Attack
Education
Cyber Espionage
IN
APT36, Transparent Tribe, Sentinel One, Crimson RAT
145
13/04/2023
Since at least October 2022
During October 2022
?
Zelle End Users
Researchers from Avanan reveal that threat actors successfully impersonate Zelle to swipe money from unsuspecting users.
Account Takeover
Individual
Cyber Crime
>1
Zelle
146
13/04/2023
During April 2023
During early April 2023
Qbot AKA Qakbot, Pinkslipbot
Users in South Korea
Researchers from AhnLab identify a new campaign distributing Qbot via malicious PDF files attached to replies or forwards to existing emails.
Malware
Individual
Cyber Crime
KR
AhnLab, Qbot, Qakbot, Pinkslipbot
147
13/04/2023
13/04/2023
13/04/2023
?
Yearn
Decentralized Finance protcolo Yearn loses over $10M after attackers exploit a misconfiguration.
Misconfiguration
Fintech
Cyber Crime
N/A
Yearn
148
13/04/2023
-
-
?
NationsBenefits Holding
NationsBenefits Holding files a notice of data breach after learning that the company and its customers were affected by the third-party data breach at Fortra.
Apro, a Chilean company that sells personal protection and industrial safety items, is added to LockBit’s leak site.
Malware
Wholesale and retail
Cyber Crime
CL
Apro, ransomware, LockBit, LockBit 3.0
150
13/04/2023
-
-
BlackByte
Mexico’s National Water Commission (Conagua)
Mexico’s National Water Commission (Conagua), which manages, protects, and controls national waters in Mexico, is reportedly attacked by the BlackByte ransomware gang.
Malware
Water supply, waste mgmt, remediation
Cyber Crime
MX
Mexico’s National Water Commission, Conagua, BlackByte, ransomware
151
13/04/2023
24/03/2023
24/03/2023
Play
CH Media
The Play ransomware group threatens to dump personal and confidential data, projects and employee payroll information of Switzerland-based CH Media if its ransom demands are not met.
Malware
Information and communication
Cyber Crime
CH
Play, ransomware, CH Media
152
13/04/2023
-
-
?
Caremar (Campania Regionale Marittima)
Caremar (Compagnia Regionale Marittima) has some data dumped in the XSS underground forum.
Unknown
Transportation and storage
Cyber Crime
IT
Caremar, XSS, Compagnia Regionale Marittima
153
14/04/2023
Since the Summer 2022
Since the Summer 2022
?
Senior individuals
Researchers from Malwarebytes detect a specific malvertising campaign via Google ads aimed at seniors, where the actor creates hundreds of fake websites via the Weebly platform to host decoy content to fool search engines and crawlers while redirecting victims to a fake computer alert.
Scam
Individual
Cyber Crime
>1
Malwarebytes, Google ads, Weebly
154
14/04/2023
-
-
?
Multiple organizations
Researchers from Uptycs identify a new variant of credential stealing malware, dubbed Zaraza (Russian word for infection), using Telegram as its command and control and targeting a large number of web browsers.
Malware
Multiple Industries
Cyber Crime
>1
Uptycs, Zaraza,Telegram
155
14/04/2023
08/02/2023
08/02/2023
?
Kimco Realty Corporation
Kimco Realty Corporation files a notice of data breach after a company Kimco had acquired, Weingarten Realty Investors, experienced a cyberattack resulting in confidential consumer data being exposed to unauthorized access.
Unknown
Real estate
Cyber Crime
US
Kimco Realty, Weingarten Realty Investors
156
14/04/2023
Between 16/06/2022 and 18/07/2022
'Recently'
?
United Steelworkers Local 286
United Steelworkers Local 286 files a notice of data breach after the organization learned that an unauthorized party had gained access to confidential member information through an employee’s compromised email account.
Account Takeover
Other service activities
Cyber Crime
US
United Steelworkers Local 286
157
14/04/2023
From 14/09/2022 to 08/11/2022
09/11/2022
?
Two Rivers Public Health Department
Two Rivers Public Health Department confirms that the protected health information of 15,168 patients was stored in an employee Office 365 account that was accessed by an unauthorized third party.
Account Takeover
Public admin and defence, social security
Cyber Crime
US
Two Rivers Public Health Department
158
14/04/2023
Between August 2021 and February 2023
During February 2021
?
Consensys
The email addresses of thousands of MetaMask users who raised customer support tickets between Aug. 1 and Feb. 10 may have been compromised in a third-party cybersecurity incident suffered by the parent company ConsenSys.
Unknown
Fintech
Cyber Crime
US
Consensys, MetaMask
159
14/04/2023
Between 05/05/2022 and 08/09/2022
31/08/2022
?
Ethan Health
Ethan Health confirms that the protected health information of 4,047 individuals was contained in employee email accounts that were accessed by unauthorized individuals.
Account Takeover
Human health and social work
Cyber Crime
US
Ethan Health
160
14/04/2023
-
-
Electronic Tiger Unit
SCADA water regulatory systems in Israel
A hacktivist group known as "Electronic Tiger Unit" shares a screenshot on their Telegram channel, claiming to have accessed the SCADA water regulatory systems.
Unknown
Water supply, waste mgmt, remediation
Hacktivism
IL
Electronic Tiger Unit, OpIsrael, SCADA
161
15/04/2023
-
13/04/2023
ALPHV AKA BlackCat AKA UNC4466
NCR
NCR suffers an outage on its Aloha point of sale platform after being hit by an ransomware attack claimed by the BlackCat/ALPHV gang.
Malware
Professional, scientific and technical
Cyber Crime
US
ALPHV, BlackCat, UNC4466, NCR, ransomware
162
15/04/2023
-
27/03/2023
Vice Society
CommScope
Network infrastructure provider CommScope confirms that it suffered a ransomware attack and is investigating claims of stolen information leaked on the dark web by the Vice Society ransomware gang.
Malware
Manufacturing
Cyber Crime
US
CommScope, Vice Society, ransomware
163
15/04/2023
15/04/2023
15/04/2023
?
Hundred Finance
Multi-chain lending protocol Hundred Finance suffers a security breach, which results in the theft of approximately $7M worth of assets.
Vulnerability
Fintech
Cyber Crime
N/A
Hundred Finance
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK! MAKE A DONATION
Creating the timelines is a very time-consuming task.
Any little helps!
BREACHOMETER
No Data Found
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July...
It's time to publish the statistics derived from the cyber attacks timelines of August (Part I and Part II), a month particularly active from an Information Security perspective, despite the Summer time. As always, let’s start from the Daily Trend Chart, which shows obviously an ...
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...