Motivations April H2 2023

No Data Found

Attack Techniques April H2 2023

No Data Found

In the second half of April 2023 I collected 180 events (corresponding to 12 events/day), a sharp increase compared to the first timeline of April where the recorded events were 161.

The percentage of events caused by ransomware attacks is stable to 27.22% (49 out of 180 events, similar to  27.3% of the previous timeline (44 out of 161 events). The impact of vulnerabilities played a part in 26 out of 180 events corresponding to 14.4%, slihtly up from 12.4% of the first fortnight of April (20 out of 161 events).

Unsurprisingly, multi-million losses continued to plague the fintech sector: Both Merlin and 0VIX suffered a cyber heist leading to the theft of $2M worth in cryptocurrency (and they are not the only ones hit in this timeline, despite the other attacks did not achieve the same impact).

In terms of  mega breaches there is one remarkable event, despite it is not completely clear, and it is the sale, on a Russian forum, of the details of 360 Chinese citizens. Other interesting event concern the arrest of an Ukrainian individual who stole the details of 360 European citizens, and the breaches of Terravision (2 million records compromised), the American Bar Association (1.5 million records compromised), and also NextGen Healthcare, victim of a ransomware attack compromising the details of 1.05 million users.

The Cyber Espionage front was always hot, with multiple campaigns unearthed also in the first half of April, and carried out by known threat actors such as the usual APT28, APT29, APT36, and also Sandworm tarketing Ukraine. Additionally it looks like Lazarus Group was also very active after the remarkable supply-chain attack to 3CX (and it looks like that even 3CX was compromised via a supply-chain attack).

And as always, this brief summary is closed by a quick mention to the attacks launched by the pro-Russian hacktivists of NoName057(16) and Killnet that were directed respectively against several websites in Italy, and individuals close to the NATO Last but not least, the collective Anonymous Sudan continued its campaign against Israel.

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map April H1 2023

No Data Found


Creating the timelines is a very time-consuming task.

Any little helps!


No Data Found

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.


No Data Found

  • network servers on an enclosureCVEs Targeting Remote Access Technologies

    In this first quarter of 2024, threat actors have been particularly busy in exploiting vulnerabilities (0-days but also old unpatched flaws) targeting traditional remote access technologies. In this blog post I summarized the main CVEs exploited so far in 2024.

  • Free cyber security concept background1-15 March 2024 Cyber Attacks Timeline

    In the first timeline of March 2024, I collected 98 events, once again characterized malware and ransomware attacks. State-sponsored threat actor were equally quite active, but the timeline also features some interesting events related to cyberwarfare.

  • 2023 Stats Featrured Image2024 Cyber Attacks Statistics

    In 2023, there was a 35% increase in cyber attacks to 4,128 events, with the MOVEit CVE-2023-34362 vulnerability being heavily exploited. Cybercrime dominated as the main motivation at 79%, while malware led attack techniques with 35.9%. Healthcare remained a top target for ransomware. The data ...

  • February 2024 Statistics Featured ImageFebruary 2024 Cyber Attacks Statistics

    In February 2024 I collected and analyzed 239 events. Cyber Crime continued to lead the Motivations chart with 68.6%. Operations driven by Cyber Espionage ranked at number two with 16.7%, ahead of Cyber Warfare (4.6%) and Hacktivism (3.3%).

  • blue and red galaxy artwork16-29 February 2024 Cyber Attacks Timeline

    In the second timeline of February 2024 I collected 100 events characterized by a majority of malware and ransomware attacks and by a plethora of cyber espionage and cyber warfare campaigns.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.