1-15 May 2023 Cyber Attacks Timeline

Last modified: June 22, 2023

Follow me on Twitter

Connect on Linkedin

Connect on Mastodon

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Motivations May H1 2023

Attack Techniques May H1 2023

In the first half of May 2023 I collected 173 events (corresponding to 11.53 events/day), a value that, despite slightly lower than the second timeline of April (182 events collected) confirms the sustained trend that is characterizing this year from an information security perspective.

The percentage of events caused by ransomware attacks is stable at 26.5% (46 out of 173 events), very close to 26.9% of the second timeline of April. The impact of vulnerabilities played a part in 20 out of 173 events corresponding to 11.6%, again slightly lower than 14.4% of the previous timeline.

16-30 April 2023 Cyber Attacks Timeline

In the second half of April 2023 I collected 180 events (corresponding to 12 events/day), a sharp increase compared to…

The crypto hacks continued, despite apparently at slower pace than the previous month. The only noteworthy to mention affected Level Finance, which suffered the loss of $1.1M worth of crypto assets, following the exploitation of a smart contract vulnerability.

In terms of mega breaches there were two remarkable events: software maker Brightly confirmed that hackers stole close to 3 million accounts from its platform SchoolDude, and PharMerica, one of the largest pharmacy service providers in the United States had the personal data of almost six million patients exfiltrated by the Money Message ransomware gang.

The Cyber Espionage front was always hot, with multiple campaigns unearthed also in the first half of April, and carried out by known threat actors from China, North Korea, Iran, India and Pakistan; such as ScarCruft (aka APT37) and Kimsuky (both from North Korea), APT35 and Muddywater (Iran), Patchwork (India) and Sidecopy (Pakistan). But the list of cyber espionage operations is too long and the involved actors too many to mention in a few words.

And as always, this brief summary is closed by a quick mention to the attacks launched by the pro-Russian hacktivists of NoName057(16) directed against multiple government targets in France and Italy in retaliation for the support to Ukraine.

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map May H1 2023

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/05/2023	-	-	Russia?	Public opinion in Ukraine	The Security Service of Ukraine seizes operations of an illicit VPN allegedly been used by Russians to conduct disinformation operations.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	UA		Security Service of Ukraine, VPN, Russia
2	01/05/2023	01/05/2023	01/05/2023	Royal	City of Dallas	The City of Dallas suffers a Royal ransomware attack, causing it to shut down some of its IT systems to prevent the attack's spread.	Malware	Public admin and defence, social security	Cyber Crime	US		Royal, ransomware, City of Dallas
3	01/05/2023	Since 26/04/2023	Since 26/04/2023	Multiple threat actors	Vulnerable TBK DVR devices	Researchers from Fortinet reveal that attackers are actively exploiting CVE-2018-9995, an unpatched 2018 authentication bypass vulnerability in exposed TBK DVR (digital video recording) devices.	CVE-2018-9995 vulnerability	Multiple Industries	Cyber Crime	>1		Fortinet, CVE-2018-9995, TBK DVR
4	01/05/2023	Since 29/04/2023	Since 29/04/2023	Multiple threat actors	Vulnerable MVPower TV-7104HE and TV-7108HE DVRs	Researchers from Fortinet discover a peak of attempts to exploit CVE-2016-20016, an old vulnerability impacting MVPower TV-7104HE and TV-7108HE DVRs devices.	CVE-2016-20016 vulnerability	Multiple Industries	Cyber Crime	>1		Fortinet, CVE-2016-20016, MVPower TV-7104HE, TV-7108HE DVRs
5	01/05/2023	01/05/2023	01/05/2023	?	Level Finance	Attackers exploit a Level Finance smart contract vulnerability to drain approximately $1,100,000 worth of cryptocurrency.	Smart Contract vulnerability	Fintech	Cyber Crime	N/A		Level Finance
6	01/05/2023	29/04/2023	29/04/2023	?	Penncrest School District	Penncrest School District announces a ransomware attack over the weekend that disrupted their systems.	Malware	Education	Cyber Crime	US		Penncrest School District, ransomware
7	01/05/2023	During 2022	During 2022	ScarCruft APT group (aka APT37, Reaper, and Group123)	Korean-speaking individuals	Researchers from Check Point reveal the details of a new campaign by the Korea-linked ScarCruft APT group (aka APT37, Reaper, and Group123) delivering the ROKRAT and Amadey payloads.	Targeted Attack	Individual	Cyber Espionage	KR		Check Point, North Korea, ScarCruft APT, APT37, Reaper, Group123, ROKRAT, Amadey
8	01/05/2023	01/02/2023	01/02/2023	?	University Urology (UU)	University Urology (UU) posts a notice about an incident on their website when an unauthorized actor had gained access to protected health information stored in UU’s system.	Unknown	Education	Cyber Crime	US		University Urology, UU
9	01/05/2023	During January 2023	During January 2023	?	Heritage Group	Heritage Group files a notice of data breach after an unauthorized party gained access to the company’s computer network and was able to access confidential information belonging to certain current and former employees and their dependents.	Unknown	Administration and support service	Cyber Crime	US		Heritage Group
10	01/05/2023	Between 29/03/2023 and 04/04/2023	04/04/2023	?	Link Audiology	Link Audiology, a provider of audiology services,confirms that the protected health information of up to 7,200 current and former patients has been exposed due to the hacking of an employee email account.	Account Takeover	Professional, scientific and technical	Cyber Crime	US		Link Audiology
11	01/05/2023	-	16/04/2023	CrossLock	Valid Certificadora	Valid Certificadora is a Brazilian firm that issues digital certificates used by both businesses and public entities, is added to the CrossLock ransomware leak site.	Malware	Professional, scientific and technical	Cyber Crime	BR		Valid Certificadora is a Brazilian, CrossLock, ransomware
12	01/05/2023	30/04/2023	30/04/2023	NoName057(16)	Italian Ministry of Infrastructure and Transport	The NoName057(16) Russian collective takes down the Italian Ministry of Infrastructure and Transport.	DDoS	Public admin and defence, social security	Hacktivism	IT		The NoName057(16), Russia, Italian Ministry of Infrastructure and Transport
13	02/05/2023	Since at least January 2023	-	?	Unknown organization(s)	The US Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2023-21839, an Oracle WebLogic flaw patched by the vendor in January, to its known exploited vulnerabilities catalog.	CVE-2023-21839 Vulnerability	Unknown	N/A	US		Cybersecurity and Infrastructure Security Agency, CISA, CVE-2023-21839, Oracle WebLogic
14	02/05/2023	'Recently'	'Recently'	Earth Longzhi	Organizations in the Philippines, Taiwan, Thailand, and Fiji	Researchers from Trend Micro discover a new campaign by Earth Longzhi (a subgroup of APT41) targeting organizations based in Taiwan, Thailand, the Philippines, and Fiji, and using “stack rumbling” via Image File Execution Options (IFEO), a new denial-of-service (DoS) technique to disable security software.	Targeted Attack	Multiple Industries	Cyber Espionage	FJ PH TW TH		Trend Micro, Earth Longzhi, APT41, China, Stack Rumbling, Image File Execution Options, IFEO, DoS
15	02/05/2023	End of April 2023	End of April 2023	ALPHV AKA BlackCat	HWL Ebsworth	The Australian commercial law firm HWL Ebsworth falls victim to a BlackCat, ransomware attack, with attackers claiming to have obtained client information and employee data.	Malware	Professional, scientific and technical	Cyber Crime	AU		HWL Ebsworth, BlackCat, ransomware
16	02/05/2023	-	26/05/2023	Royal	Edison Learning	The Royal Ransomware claims to have infiltrated public school management and virtual learning provider Edison Learning, posting on its dark web data leak site that it had stolen 20GB of the company’s data “including personal information of employees and students” and threatening to post the data “early next week.”	Malware	Professional, scientific and technical	Cyber Crime	US		Royal, Edison Learning
17	02/05/2023	-	During November 2022	?	Optima Tax Relief	Optima Tax Relief files a notice of data breach after learning that a recent data security incident exposed the confidential information of certain customers to an unauthorized party.	Unknown	Finance and insurance	Cyber Crime	US		Optima Tax Relief
18	02/05/2023	Since June 2022	Since June 2022	Multiple threat actors from Iran	Multiple countries	Researchers from Microsoft reveal that Iran is increasingly relying on cyber-enabled influence operations to ignite geopolitical change in the regions of interest for the Iranian regime.	Coordinated Inauthentic Behavior	Public admin and defence, social security	Cyber Warfare	>1		Microsoft, Iran
19	02/05/2023	Between 22/02/2023 and 09/03/2023	09/03/2023	?	Carvin Software	Carvin Software files a notice of data breach after learning that an unauthorized party was able to copy files containing confidential consumer information from the company’s computer network.	Unknown	Professional, scientific and technical	Cyber Crime	US		Carvin Software
20	02/05/2023	Between 28/01/2023, 30/01/2023	Between 28/01/2023, 30/01/2023	Clop AKA Cl0p	Northwest Health – La Porte	Northwest Health – La Porte confirms that the protected health information of 10,256 patients was compromised in the Clop ransomware group’s series of attacks exploiting the zero-day vulnerability in Fortra’s GoAnywhere file transfer.	CVE-2023-0669 Vulnerability	Human health and social work	Cyber Crime	US		Northwest Health – La Porte, Cl0p, Clop, ransomware, Fortra, GoAnywhere, CVE-2023-0669
21	02/05/2023	06/05/2023	06/05/2023	?	Wichita State University	Wichita State University takes proactive measures and disconnects several University systems to isolate an unauthorized attempt by a third party to access the University’s systems	Unknown	Education	Cyber Crime	US		Wichita State University
22	02/05/2023	02/05/2023	02/05/2023	?	Instituto Nacional de Tecnologia Agropecuaria (INTA)	The Argentinian Instituto Nacional de Tecnologia Agropecuaria (INTA), a public agency under the Ministry of Agriculture and Fisheries of the Nation, is hit with a cyber attack.	Unknown	Public admin and defence, social security	Cyber Crime	AR		Instituto Nacional de Tecnologia Agropecuaria, INTA
23	03/05/2023	-	-	Russia?	Public opinion in Ukraine	The Security Service and the National Police of Ukraine seize thousands of SIM cards, bank cards, GSM gateways and other specialized equipment used to support a network of 5,000 anonymous social media accounts on Facebook, Instagram and Twitter.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	UA		Security Service, National Police, Ukraine, Facebook, Instagram, Twitter
24	03/05/2023	SInce late January 2023	Late January 2023	Threat actors from Vietnam	Individuals	Researchers from Meta discover a new information-stealing malware distributed on Meta called 'NodeStealer,' allowing threat actors to steal browser cookies to hijack accounts on the platform, as well as Gmail and Outlook accounts.	Malware	Individual	Cyber Crime	>1		Facebook, NodeStealer, Meta, Gmail, Outlook
25	03/05/2023	-	-	DuckTail	Individuals	Researchers from Meta discover a new version of the DuckTail malware exploiting multiple cloud services to host the malicious payload.	Malware	Individual	Cyber Crime	>1		Meta, DuckTail
26	03/05/2023	-	During Q1 2023	Pakistan-based APT	Military personnel in India and the Pakistan Air Force	Researchers from Meta reveal that state-linked hackers in Pakistan have been spying on military personnel in India and the Pakistan Air Force using fake apps and websites to compromise their personal devices	Account Takeover	Public admin and defence, social security	Cyber Espionage	IN PK		Meta, India, Pakistan
27	03/05/2023	-	During Q1 2023	Bahamut APT	People in Pakistan and India, including the Kashmir region, with a particular interest in military personnel, government employees and activists.	Researchers from Meta take down about 110 accounts on Facebook and Instagram linked to the Bahamut APT, targeting people in Pakistan, India, including the Kashmir region, including military personnel, government employees, activists and others.	Account Takeover	Public admin and defence, social security	Cyber Espionage	IN PK		Meta, India, Pakistan, Bahamut APT
28	03/05/2023	-	During Q1 2023	Patchwork APT	People in Pakistan, India, Bangladesh, Sri Lanka, the Tibet region, and China, including military personnel, activists, and minority groups	Researchers from Meta take down around 50 accounts on Facebook and Instagram linked to a hacking group in India known in the security industry as Patchwork. It targeted people in Pakistan, India, Bangladesh, Sri Lanka, the Tibet region, and China, including military personnel, activists, and minority groups	Account Takeover	Public admin and defence, social security	Cyber Espionage	BD CN IN LK PK		Meta, Patchwork APT
29	03/05/2023	-	During Q1 2023	Threat actors from Iran	Individuals in israel, Bahrain, and France	Researchers from Meta remove 40 Facebook accounts, eight Pages and one Group for coordinated inauthentic behavior originating from Iran and targeting primarily Israel, and also Bahrain and France.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	BH FR IL		Meta, Iran
30	03/05/2023	-	During Q1 2023	Threat actors from China	Individuals in India and Tibet	Researchers from Meta remove 50 Facebook accounts, 46 Pages, 31 Groups and 10 accounts on Instagram, originated in China and targeting India and the Tibet region	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	IN TB		Meta, China
31	03/05/2023	-	During Q1 2023	Threat actors from China	Individuals in many regions around the world, including Taiwan, Sub-Saharan Africa, Japan, Central Asia and the Uyghur community	Researchers from Meta remove 107 Facebook accounts, 36 Pages, six Groups and 35 accounts on Instagram, originated in China and targeting many regions around the world, including Taiwan, Sub-Saharan Africa, Japan, Central Asia and the Uyghur community.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	JP TW		Meta, China
32	03/05/2023	-	During Q1 2023	Threat actors from Venezuela	Individuals in Guatemala and Honduras	Researchers from Meta remove 24 Facebook accounts, 54 Pages and four accounts on Instagram, originated in Venezuela and the United States, and targeting Guatemala and Honduras.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	HN GT		Meta, Venezuela
33	03/05/2023	-	During Q1 2023	Threat actors from Togo and Burkina Faso	Individuals in Burkina Faso	Researchers from Meta remove 134 Facebook accounts, 142 Pages and 20 accounts on Instagram, originated in Togo and Burkina Faso, and targeting Burkina Faso.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	BF TG		Meta, Togo, Burkina Faso
34	03/05/2023	-	During Q1 2023	Threat actors from Georgia	Individuals in Georgia	Researchers from Meta remove 80 Facebook accounts, 26 Pages, nine Groups and two accounts on Instagram, originated in Georgia, and targeting domesting audience.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	GE		Meta, Georgia
35	03/05/2023	-	-	Dragon Breath AKA Golden Eye Dog, or APT-Q-27	Chinese-speaking Windows users in China, Japan, Taiwan, Singapore, Hong Kong, and the Philippines.	Researchers from Sophos discover an APT group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection.	Targeted Attack	Multiple Industries	Cyber Espionage	CN HK JP PH SG TW		Sophos, Dragon Breath, Golden Eye Dog, APT-Q-27, DLL sideloading
36	03/05/2023	Since 14/01/2023	05/03/2023	?	Sysco	Sysco, a leading global food distribution company, confirms that its network was breached by attackers who stole sensitive information, including business, customer, and employee data.	Unknown	Accommodation and food service	Cyber Crime	US		Sysco
37	03/05/2023	During Q1 2023	During Q1 2023	Multiple threat actors	Multiple organizations	Researchers from Meta warn that attackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malicious code on devices and unearth 10 malware families only during Q1 2023	Malware	Multiple Industries	Cyber Crime	>1		Meta, ChatGPT
38	03/05/2023	02/05/2023	02/05/2023	KEKW	Multiple organizations	Researchers from Cyble uncover multiple malicious Python files distributing a new malware named ‘KEKW’.	Malware	Multiple Industries	Cyber Crime	>1		Cyble, Python, KEKW
39	03/05/2023	-	-	RansomHouse	AvidXchange	The RansomHouse ransomware gang publishes a trove of sensitive data stolen from payment software company AvidXchange after the company fell victim to ransomware for the second time this year.	Malware	Professional, scientific and technical	Cyber Crime	US		RansomHouse, ransomware, AvidXchange
40	03/05/2023	Since at least November 2022	Since at least November 2022	?	PostNord DK customers	Researchers from Heimdal discover a phishing campaign using the PostNord DK website as the forefront.	Account Takeover	Finance and insurance	Cyber Crime	DK		PostNord DK customers
41	03/05/2023	'Recently'	'Recently'	?	Veridian Credit Union	Veridian Credit Union files a notice of data breach after determining that a hacker successfully obtained access to Veridian’s online membership application process.	Unknown	Finance and insurance	Cyber Crime	US		Veridian Credit Union
42	03/05/2023	27/03/2023	07/04/2023	Trigona	Pacific Union College (PUC)	Pacific Union College (PUC) posts a data breach notice on its website after confirming that an April 2023 “cybersecurity issue” turned out to be a ransomware attack by the Trigona group.	Malware	Education	Cyber Crime	US		Pacific Union College, PUC, ransomware, Trigona
43	03/05/2023	27/01/2023	Between 24/01/2023 and 27/01/2023	?	Triad Business Bank	Triad Business Bank files a notice of data breach following a cybersecurity incident that compromised the confidential information of at least 8,235 individuals. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names and Social Security numbers	Account Takeover	Finance and insurance	Cyber Crime	US		Triad Business Bank
44	03/05/2023	-	02/05/2023	Snatch Team	Lawrence Family Development Charter School	Threat actors from the Snatch Team ransomware group add the Lawrence Family Development Charter School in Massachusetts to their leak site.	Malware	Education	Cyber Crime	US		Snatch Team, ransomware, Lawrence Family Development Charter School
45	03/05/2023	SInce at least December 2020	During December 2020 and January 2022	?	Eurasia Group	Eurasia Group discovers suspicious activity within its email system by a sophisticated threat actor in two different circumstances.	Targeted Attack	Professional, scientific and technical	Cyber Espionage	US		Eurasia Group
46	03/05/2023	-	-	?	Hillsborough County Supervisor of Elections Office	The Hillsborough County Supervisor of Elections Office discloses a security breach.	Unknown	Public admin and defence, social security	Cyber Crime	US		Hillsborough County Supervisor of Elections Office
47	03/05/2023	04/03/2023	06/03/2023	Avos Locker	Methodist Family Health (MFH)	Methodist Family Health (MFH) discloses to have suffered a security breach. The Avos Locker ransomware gang claims responsibility for the attack.	Malware	Human health and social work	Cyber Crime	US		Methodist Family Health, MFH, Avos Locker, Ransomware
48	03/05/2023	03/05/2023	03/05/2023	Monti	ASL 1 Abruzzo	The Monti ransomware gang hits the ASL 1 L'Aquila (the Italian National Health Department of the Abruzzo region) and leaks 522 GB of data.	Malware	Human health and social work	Cyber Crime	IT		Monti, ransomware, ASL1 Abruzzo
49	03/05/2023	-	-	ALPHV AKA BlackCat	AECO	The BlackCat ransomware gang lists the Italian sensor manufacturing company AECO in its leak site.	Malware	Manufacturing	Cyber Crime	IT		ALPHV, BlackCat, ransomware, AECO
50	03/05/2023	03/05/2023	03/05/2023	?	SECOP II	SECOP II, the Colombian transactional platform with accounts for state entities and contractors used for submitting, evaluating, and awarding contracts, is hit with a cyber attack.	Unknown	Public admin and defence, social security	Cyber Crime	CO		SECOP II
51	04/05/2023	-	-	Kimsuky	Think tanks, research universities, and government entities in the United States, Europe, and Asia	Researchers from Sentinel Labs reveal that the North Korean group Kimsuky has been observed employing a new version of its reconnaissance malware, now called 'ReconShark,' in an ongoing cyber espionage campaign with a global reach.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		Sentinel Labs, Kimsuky, ReconShark
52	04/05/2023	Since 2022	-	Fleckpe	Android users	Researchers from Kaspersky discover a new Android subscription malware named 'Fleckpe' on Google Play, the official Android app store, disguised as legitimate apps downloaded over 620,000 times.	Malware	Individual	Cyber Crime	>1		Kaspersky, Android, Fleckpe, Google Play
53	04/05/2023	03/04/2023	03/04/2023	ALPHV AKA BlackCat	Constellation Software	Canadian diversified software company Constellation Software confirmes that some of its systems were breached by threat actors who also stole personal information and business data. The BlackCat ransomware gangs claims responsibility for the attack.	Malware	Professional, scientific and technical	Cyber Crime	CA		Constellation Software, Ransomware, ALPHV, BlackCat
54	04/05/2023	Since May 2022	-	FluHorse	Users in Eastern Asia		Malware	Individual	Cyber Crime	>1		Check Point, Android, FluHorse
55	04/05/2023	22/04/2023	22/04/2023	?	Murfreesboro Medical Clinic & SurgiCenter	Murfreesboro Medical Clinic & SurgiCenter is forced offline after a cyberattack.	Unknown	Human health and social work	Cyber Crime	US		Murfreesboro Medical Clinic & SurgiCenter
56	04/05/2023	Since at least 2019	Since at least 2019	TA554?	Italian corporate banking clients	Researchers from Cleafy reveal that Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019.	Malware	Finance and insurance	Cyber Crime	IT		Cleafy, drIBAN, TA554, web-inject
57	04/05/2023	-	-	Medusa	Crown Princess Mary Cancer Centre	The Medusa ransomware gang adds the Crown Princess Mary Cancer Centre to the list of the victims in their leak site.	Malware	Human health and social work	Cyber Crime	AU		Medusa, ransomware, Crown Princess Mary Cancer Centre
58	04/05/2023	'Recently'	'Recently'	SideCopy APT	Entities aligned with Pakistan government interests	Researchers from Fortinet discover a new campaign by the suspected Pakistan-aligned threat actor known as SideCopy leveraging themes related to India's Defence Research and Development Organization (DRDO).	Targeted Attack	Public admin and defence, social security	Cyber Espionage	IN		Fortinet, SideCopy, India, Pakistan, India's Defence Research and Development Organization, DRDO
59	04/05/2023	'Recently'	'Recently'	?	Individuals	Researchers from Avanan discover a PayPal phishing campaign hoping to steal money that end-users think is headed to a fundraiser for firefighters.	Account Takeover	Individual	Cyber Crime	>1		Avanan, PayPal
60	04/05/2023	12/07/2022	12/07/2022	?	McPherson Hospital (McPherson Center for Health)	McPherson Hospital (McPherson Center for Health) files a notice of data breach after learning that a ransomware attack resulted in confidential patient information being accessible to unauthorized parties.	Malware	Human health and social work	Cyber Crime	US		McPherson Hospital, McPherson Center for Health, ransomware
61	04/05/2023	-	During April 2023	Trigona	Unique Imaging	Unique Imaging is listed in the Trigona ransomware leak site.	Malware	Professional, scientific and technical	Cyber Crime	US		Unique Imaging, Trigona, ransomware
62	04/05/2023	-	-	?	Adna School District	The Adna School District is defrauded of $346,000 through what school officials have called a “sophisticated phishing scam,”	Account Takeover	Education	Cyber Crime	US		Adna School District
63	04/05/2023	-	-	Bl00dy (AKA Ransomware Cult)	Movement School	The Bl00dy ransomware gang claims to have breached the Movement School	Malware	Education	Cyber Crime	US		Bl00dy, ransomware, Ransomware Cult, Movement School
64	04/05/2023	-	-	Bl00dy (AKA Ransomware Cult)	Socrates Academy	The Bl00dy ransomware gang claims to have breached the Socrates Academy	Malware	Education	Cyber Crime	US		Bl00dy, ransomware, Ransomware Cult, Socrates Academy
65	05/05/2023	05/05/2023	05/05/2023	NoName057(16)	French Website	Attackers from the pro-Russian collective NoName057(16) claim to have taken down the website of the French Senate.	DDoS	Public admin and defence, social security	Hacktivism	FR		Russia, NoName057(16), French Senate
66	05/05/2023	05/05/2023	05/05/2023	NoName057(16)	French National Institute of Labour, Employment and Vocational Training	Attackers from the pro-Russian collective NoName057(16) claim to have taken down the website of the French National Institute of Labour, Employment and Vocational Training.	DDoS	Public admin and defence, social security	Hacktivism	FR		Russia, NoName057(16), French National Institute of Labour, Employment and Vocational Training
67	05/05/2023	05/05/2023	05/05/2023	NoName057(16)	National Center for Space Research of France	Attackers from the pro-Russian collective NoName057(16) claim to have taken down the website of the National Center for Space Research of France.	DDoS	Public admin and defence, social security	Hacktivism	FR		Russia, NoName057(16), National Center for Space Research of France
68	05/05/2023	05/05/2023	05/05/2023	NoName057(16)	Naval Group	Attackers from the pro-Russian collective NoName057(16) claim to have taken down the website of the French defense company Naval Group.	DDoS	Manufacturing	Hacktivism	FR		Russia, NoName057(16), Naval Group
69	05/05/2023	Since April 2023	During May 2023	UAC-0006	Multiple organizations in Ukraine	The Computer Emergency Response Team of Ukraine (CERT-UA) warns of an ongoing phishing campaign distributing the SmokeLoader malware in the form of a polyglot file.	Malware	Multiple Industries	Cyber Crime	UA		Computer Emergency Response Team of Ukraine, CERT-UA, SmokeLoader
70	05/05/2023	-	-	?	Smashing Pumpkins	Smashing Pumpkins frontman Billy Corgan reveals he had to pay a hacker's ransom to prevent them leaking songs from the band's new three-part rock opera Atum.	Unknown	Arts entertainment, recreation	Cyber Crime	US		Smashing Pumpkins, Billy Corgan, Atum
71	05/05/2023	-	-	?	Undisclosed Dutch company	Authorities arrest a hacker in Purmerend, Netherlands on accusations that he stole data on hundreds of thousands of customers from a company then tried to blackmail the firm by threatening to publish the information.	Unknown	Unknown	Cyber Crime	NL		Purmerend
72	05/05/2023	Since at least 2021	During 2021	?	Crypto investors in Russia	Researchers from Cyble discover a phishing website imitating a renowned Russian website CryptoPro CSP, and used by attackers to spread the DarkWatchman RAT.	Malware	Fintech	Cyber Crime	RU		Cyble, Russia, CryptoPro CSP, DarkWatchman RAT
73	05/05/2023	Between 07/02/2023 and 13/02/2023	13/02/2023	?	Asian Health Services (AHS)	Asian Health Services (AHS) files a notice of data breach after learning that an unauthorized actor was able to access confidential patient information following a compromised employee email account.	Account Takeover	Human health and social work	Cyber Crime	US		Asian Health Services (AHS)
74	05/05/2023	Between 08/04/2023 and 09/04/2023	09/04/2023		PRGX Global	PRGX Global files a notice of data breach after discovering that an unauthorized party was able to access confidential consumer data stored on the company’s computer network.	Unknown	Administration and support service	Cyber Crime	US		PRGX Global
75	05/05/2023	Since at least 10/04/2023	10/04/2023	?	RoadSafe Traffic Systems	RoadSafe Traffic Systems files a notice of data breach after confirming that an unauthorized party was able to bypass the company’s data security system, accessing confidential consumer data.	Unknown	Wholesale and retail	Cyber Crime	US		RoadSafe Traffic Systems
76	05/05/2023	27/08/2022	Late March 2023	?	Minimum Data Set Consultants	Catholic Health posted notice of a third-party data breach following an incident at one of the organization’s vendors, Minimum Data Set Consultants.	Unknown	Administration and support service	Cyber Crime	US		Catholic Health, Minimum Data Set Consultants
77	06/05/2023	Since May 2022	During May 2023	Mango Sandstorm (aka Mercury or Muddywater)	Multiple organizations	Researchers from Microsoft reveal that Iranian state-backed hackers from Mango Sandstorm (aka Mercury or Muddywater) have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers.	CVE-2023-27350 Vulnerability	Multiple Industries	Cyber Espionage	>1		Microsoft, Iran, Mango Sandstorm, Mercury, Muddywater, PaperCut MF/NG, CVE-2023-27350
78	06/05/2023	Since May 2022	During May 2023	Mint Sandstorm (also known as Phosphorus or APT35)	Multiple organizations	Researchers from Microsoft reveal that Iranian state-backed hackers from Mint Sandstorm (also known as Phosphorus or APT35) have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers.	CVE-2023-27350 Vulnerability	Multiple Industries	Cyber Espionage	>1		Microsoft, Iran, Mint Sandstorm, Phosphorus, APT35, CVE-2023-27350
79	06/05/2023	19/12/2022	19/12/2022	?	Fairfax County Public Schools (FCPS)	Fairfax County Public Schools (FCPS) discloses a security breach where a threat actor accessed two FCPS business email accounts.	Account Takeover	Education	Cyber Crime	US		Fairfax County Public Schools, FCPS
80	07/05/2023	Since March 2023	During May 2023	Akira	Multiple organizations	A new ransomware operation called Akira has slowly been building a list of victims as they breach corporate networks worldwide, encrypt files, and then demand million-dollar ransoms.	Malware	Multiple Industries	Cyber Crime	US		Akira, ransomware
81	07/05/2023	-	-	?	Undisclosed woman in SIngapore	A Singapore-based woman loses $20,000 to an stealthy scam after visiting a bubble tea shop and scanning a QR code with her phone.	Account Takeover	Individual	Cyber Crime	SG		Singapore, QR Code
82	07/05/2023	06/05/2023	06/05/2023	?	Chattanooga State Community College	The Chattanooga State Community College is hit with a cyberattack, forcing the school to cancel classes and modify schedules for staff members.	Unknown	Education	Cyber Crime	US		Chattanooga State Community College
83	07/05/2023	Since March 2023	Since March 2023	Cactus	Large commercial entities	Researchers from Kroll discover Cactus, a new ransomware operation exploiting vulnerabilities in VPN appliances for initial access to networks of “large commercial entities.”	Malware	Multiple Industries	Cyber Crime	>1		Kroll, Cactus, ransomware
84	07/05/2023	07/05/2023	07/05/2023	?	Kabarak University	Canadian diversified software company Constellation Software confirms that some of its systems were breached by threat actors who also stole personal information and business data. The BlackCat ransomware gangs claims responsibility for the attack.	Account Takeover	Education	Cyber Crime	KE		Kabarak University
85	08/05/2023	During May 2023	During May 2023	?	Drivers across the US and UK	Scammers leave fake parking tickets on drivers' windshields across the US and UK.	Account Takeover	Individual	Cyber Crime	UK US		QR Code
86	08/05/2023	Since 26/04/2023	Since 26/04/2023	AndoryuBot	Vulnerable Ruckus devices	Researchers from Fortinet discover new malware botnet named 'AndoryuBot' targeting CVE-2023-25717, a critical-severity flaw in the Ruckus Wireless Admin panel to infect unpatched Wi-Fi access points for use in DDoS attacks.	CVE-2023-25717 Vulnerability	Multiple Industries	Cyber Crime	>1		Fortinet, AndoryuBot, CVE-2023-25717
87	08/05/2023	Since late November 2022	-	SideWinder	Pakistani government officials and individuals in Turkey,	Researchers from BlackBerry discover a new campaign by the SideWinder advanced persistent threat group targeting Pakistani government officials and individuals in Turkey, using polymorphism techniques to bypass traditional signature-based antivirus (AV) detection to deliver a next-stage payload.	Targeted Attack	Individual	Cyber Espionage	PK TR		BlackBerry, SideWinder
88	08/05/2023	06/05/2023	06/05/2023	?	Facebook users	A number of verified and well-established Facebook pages are compromised over the weekend and started distributing malware through ads approved by and purchased through the platform.	Malware	Individual	Cyber Crime	>1		Facebook
89	08/05/2023	04/05/2023	04/05/2023	?	OT&P Healthcare	The personal data and medical history of about 100,000 patients at OT&P Healthcare could have been leaked due to a cyberattack.	Unknown	Human health and social work	Cyber Crime	HK		OT&P Healthcare
90	08/05/2023	Since at least 09/03/2023	09/03/2023	?	ASAS Health	ASAS Health files a notice of data breach after determining that a security incident earlier this year compromised the confidential information of over 25,000 individuals.	Unknown	Human health and social work	Cyber Crime	US		ASAS Health
91	08/05/2023	-	-	Russia?	eCherga (Ukrainian electronic queuing system for trucks crossing the western border)	The Ministry for Communities, Territories and Infrastructure Development of Ukraine blames Russia for an attack on eCherga, its electronic queuing system for trucks crossing its western border.	Unknown	Public admin and defence, social security	Cyber Warfare	UA		eCherga, Russia, Ukraine
92	09/05/2023	-	-	Trinitarios (Trinitarians)	Individuals in Spain	The National Police of Spain arrests two hackers, 15 members of a criminal organization, and another 23 people involved in illegal financial operations in Madrid and Seville for alleged bank scams carried out via email and SMS against over 300,000 people and resulting in confirmed losses of at least 700,000 euros ($770k).	Account Takeover	Individual	Cyber Crime	ES		Trinitarios, Trinitarians
93	09/05/2023	Since early April 2023	During May 2023	?	Individuals	Researchers from Malwarebytes discover a malvertising campaign tricking users with an in-browser Windows update simulation to deliver the Aurora information stealing malware.	Malware	Individual	Cyber Crime	>1		Malwarebytes, Aurora
94	09/05/2023	Since January 2023	-	RapperBot	Multiple organizations	Researchers from Fortinet discover a new version of the RapperBot botnet malware adding cryptojacking capabilities to mine for cryptocurrency on compromised Intel x64 machines.	Malware	Multiple Industries	Cyber Crime	>1		Fortinet, RapperBot
95	09/05/2023	23/04/2023	23/04/2023	?	National Gallery of Canada	The National Gallery of Canada says it's 'recovering' following a ransomware attack.	Malware	Arts entertainment, recreation	Cyber Crime	CA		National Gallery of Canada, Ransomware
96	09/05/2023	-	-	Akira	Mercer University	Mercer University reveals to have suffered a cybersecurity incident, announcing that the attackers stole the sensitive information of students, parents and employees. The Akira ransomware gang claims responsibility for the attack.	Malware	Education	Cyber Crime	US		Mercer University, Akira, ransomware
97	09/05/2023	Since February 2021	-	Israel-based threat group	Multiple organizations	Researchers from Abnormal Security discover an Israel-based threat group carrying out a business email compromise (BEC) campaign primarily targeting large and multinational enterprises with an average annual revenue of over $10 billion.	Business Email Compromise	Multiple Industries	Cyber Crime	>1		Abnormal Security, Israel
98	09/05/2023	Since October 2021	Between Q4 2022 and Q1 2023	China-aligned threat actor	Gambling company in the Philippines	Researchers from ESET disclose the details of Operation ChattyGoblin, a campaign against a gambling company in the Philippines carried out by a China-aligned threat actor via trojanized chat applications Comm100 and LiveHelp100.	Targeted Attack	Arts entertainment, recreation	Cyber Espionage	PH		ESET, Operation ChattyGoblin, Comm100, LiveHelp100
99	09/05/2023	Since at least March 2023	By the end of March 2023	?	Multiple organizations	Researchers from Sucuri discover a new wave of SocGholish injections that used the intermediary xjquery[.]com domain.	Malware	Multiple Industries	Cyber Crime	>1		Sucuri, SocGholish, xjquery[.]com
100	09/05/2023	'Recently'	'Recently'	?	Multiple organizations	Researchers from McAfee discover a GuLoader campaign using NSIS-based installers.	Malware	Multiple Industries	Cyber Crime	>1		McAfee, GuLoader, NSIS
101	09/05/2023	-	-	?	Skybound Entertainment	Skybound Entertainment, the company behind The Walking Dead series, allegedly suffers a data breach with attackers selling sensitive data of users and employees on a criminal forum.	Unknown	Arts entertainment, recreation	Cyber Crime	US		Skybound Entertainment
102	09/05/2023	Between 30/08/2022 and 02/09/2022	'Recently'	?	Fontainebleau Florida Hotel	Fontainebleau Florida Hotel files a notice of data breach after learning that confidential consumer information stored on the company’s computer network was accessed by an unauthorized party.	Unknown	Accommodation and food service	Cyber Crime	US		Fontainebleau Florida Hotel
103	09/05/2023	-	-	Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the United Kingdom, and the United States	Snake (AKA Uroburos)	Cybersecurity and intelligence agencies from all Five Eyes member (Australia, Canada, New Zealand, the United Kingdom, and the United States) take down the infrastructure used by the Snake cyber-espionage malware (AKA Uroburos) operated by Russia's Federal Security Service (FSB) with a self-destructing malware.	Targeted Attack	Other service activities	Cyber Warfare	RU		FBI, Australia, Canada, New Zealand, United Kingdom, United States, Snake, Uroburos, Russia, Federal Security Service, FSB
104	10/05/2023	Since at least mid-2022	-	?	Organizations using Microsoft 365 in the United States, Canada, the U.K., Australia, and South Africa	Researchers from Cisco Talos reveal that the Phishing-as-a-Service (PhaaS) platform named 'Greatness' has seen a spike in activity as it targets organizations using Microsoft 365 in the United States, Canada, the U.K., Australia, and South Africa.	Account Takeover	Multiple Industries	Cyber Crime	AU CA US ZA		Cisco Talos, Phishing-as-a-Service, PhaaS, Greatness, Microsoft 365
105	10/05/2023	08/05/2023	08/05/2023	Black Basta?	Dragos	Industrial cybersecurity company Dragos discloses what it describes as a "cybersecurity event" after a known cybercrime gang attempted to breach its defenses and infiltrate the internal network to encrypt devices.	Account Takeover	Professional, scientific and technical	Cyber Crime	US		Dragos, Black Basta
106	10/05/2023	Between May and June 2021	-	North Korean threat actor (Kimsuky)	Seoul National University Hospital (SNUH)	The Korean National Police Agency (KNPA) warns that North Korean hackers had breached the network of one of the country's largest hospitals, Seoul National University Hospital (SNUH), to steal sensitive medical information and personal details.	Targeted Attack	Human health and social work	Cyber Espionage	KR		Korean National Police Agency, KNPA, Seoul National University Hospital, SNUH, Kimsuky
107	10/05/2023	'Recently'	'Recently'	BPFDoor	Multiple organizations	Researchers from Deep Instinct discover a new stealthier variant of the Linux malware BPFDoor, featuring more robust encryption and reverse shell communications.	Malware	Multiple Industries	Cyber Crime	>1		Deep Instinct, BPFDoor
108	10/05/2023	-	-	?	TechnologyOne	Australian enterprise resource planning solutions provider TechnologyOne halts trading for a couple of days after detecting unauthorized access to some of its systems.	Unknown	Professional, scientific and technical	Cyber Crime	AU		TechnologyOne
109	10/05/2023	Since at least late 2022	Late 2022	?	Government organizations in Central Asia	Researchers from Bitdefender discover DownEx, a targeted attack against government organizations in Central Asia.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	AF KZ		Bitdefender, DownEx
110	10/05/2023	-	-	?	Undisclosed victim	Researchers from Kaspersky reveal that a modified hardware wallet has been implicated in the theft of nearly $30,000 worth of cryptocurrency.	Modified cold hardware	Finance and insurance	Cyber Crime	N/A		Kaspersky, cold wallet
111	10/05/2023	21/04/2023	21/04/2023	?	WhizComms	About 24,000 customers of broadband service provider WhizComms have their personal information stolen by an external party.	Unknown	Information and communication	Cyber Crime	SG		WhizComms
112	10/05/2023	Since at least March 2023	Since at least March 2023	Multiple threat actors	Healthcare organizations in the U.S.	The Health Sector Cybersecurity Coordination Center (H3C) warns the healthcare sector of a rise in cyberattacks against the Veeam backup application.	CVE-2023-27532 Vulnerability	Human health and social work	Cyber Crime	US		Health Sector Cybersecurity Coordination Center, H3C, Veam, CVE-2023-27532
113	10/05/2023	-	19/04/2023	?	Amtel (dba Connectivity Source)	Amtel AKA Connectivity Source files a notice of data breach after learning that an unauthorized party had gained access to the company’s IT network and accessed sensitive information belonging to 17,835 current and former employees.	Unknown	Wholesale and retail	Cyber Crime	US		Amtel, Connectivity Source
114	10/05/2023	Between 25/10/2023 and 07/11/2023	07/04/2023	?	Uintah Basin Healthcare	Uintah Basin Healthcare notifies more than one hundred thousand individuals of a hacking incident involving health information of individuals that received care for over a decade-long period.	Unknown	Human health and social work	Cyber Crime	US		Uintah Basin Healthcare
115	10/05/2023	-	-	?	Individuals in the U.S.	The US Federal Trade Connection (FTC) warns of PayPal and MetaMask emails urging users to enter their account details.	Account Takeover	Individual	Cyber Crime	US		US Federal Trade Connection, FTC, PayPal, MetaMask
116	10/05/2023	Between 7/02/2022 and 30/03/2022	'Recently'	?	Conner Strong & Buckelew	Conner Strong & Buckelew files a notice of data breach after learning that an unauthorized party was able to access confidential consumer data after obtaining the login credentials to several employee email accounts.	Account Takeover	Finance and insurance	Cyber Crime	US		Conner Strong & Buckelew
117	10/05/2023	Between 12/01/2023 and 18/01/2023	15/01/2023	?	ARC Document Solutions	ARC Document Solutions files a notice of data breach after confirming that an unauthorized party was able to access files stored on the company’s computer network that contained confidential consumer information.	Unknown	Administration and support service	Cyber Crime	US		ARC Document Solutions
118	10/05/2023	09/05/2023	09/05/2023	?	Norton Healthcare	Norton Healthcare discovers "suspicious communication" and temporarily shuts down email and internet access as a precaution after a suspected ransomware attack.	Unknown	Human health and social work	Cyber Crime	US		Norton Healthcare
119	10/05/2023	-	-	Bianlian	Lifenet Healthcare	The Bianlian ransomware gang claims responsibility for a cyber attack against Lifenet Healthcare, an Italian company managing hospitals and clinics.	Malware	Administration and support service	Cyber Crime	IT		Bianlian, ransomware, Lifenet Healthcare
120	11/05/2023	11/05/2023	11/05/2023	Pro-Ukraine attackers	Surveillance cameras in multiple Russian countries	Unknown pro-Ukraine hacktivists compromise surveillance cameras in Russia, in Abakan, Samara, Irkutsk, Moscow, Makhachkala, Perm, Ramenskoye, and other cities, and transmit a message from Ukrainian President Volodymyr Zelensky in Russian, followed by a patriotic song..	Unknown	Unknown	Hacktivism	RU		Ukraine, Russia, Abakan, Samara, Irkutsk, Moscow, Makhachkala, Perm, Ramenskoye, Volodymyr Zelensky
121	11/05/2023	Through H2 2022 and H1 2023	Since H2 2022	Play, Mario, Conti POC, REvil aka Revix, Cylance ransomware, Dataf Locker, Rorschach aka BabLock, Lock4, RTM Locker	Multiple organizations	Researchers from Sentinel Labs reveal that an increasing number of ransomware operations are adopting the leaked Babuk ransomware source code to create Linux encryptors targeting VMware ESXi servers.	Malware	Multiple Industries	Cyber Crime	>1		Play, Mario, Conti POC, REvil, Revix, Cylance, Ransomware, Dataf Locker, Rorschach, BabLock, Lock4, RTM Locker, Sentinel Labs, Babuk, VMware ESXi
122	11/05/2023	20/04/2023	28/04/2023	?	Brightly Software	U.S. tech company and Siemens subsidiary Brightly Software notifies customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform.	Unknown	Professional, scientific and technical	Cyber Crime	US		Siemens, Brightly Software, SchoolDude
123	11/05/2023	07/05/2023	07/05/2023	Black Basta	ABB	Swiss multinational company ABB, a leading electrification and automation technology provider, suffers a Black Basta ransomware attack, reportedly impacting business operations.	Malware	Professional, scientific and technical	Cyber Crime	CH		ABB, Black Basta, ransomware
124	11/05/2023	Since early May 2023	Since early May 2023	Bl00dy	Educational organizations in the U.S.	The FBI and CISA issue a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting the PaperCut CVE-2023-27350 remote-code execution vulnerability to gain initial access to networks.	Malware	Education	Cyber Crime	US		FBI, CISA, Bl00dy, Ransomware, PaperCut, CVE-2023-27350
125	11/05/2023	Since at least 06/05/2023	Since at least 06/05/2023	?	Vulnerable WordPress sites	Researchers from Akamai reveal that attackers are actively exploiting CVE-2023-30777, a recently fixed vulnerability in the WordPress Advanced Custom Fields plugin roughly 24 hours after a proof-of-concept (PoC) exploit was made public.	CVE-2023-30777 Vulnerability	Multiple Industries	Cyber Crime	>1		Akamai, CVE-2023-30777, WordPress, Advanced Custom Fields
126	11/05/2023	After 11/05/2023	08/05/2023	?	Vulnerable WordPress sites	Researchers from Defiant warn that CVE-2023-32243, a critical vulnerability in the Essential Addons for Elementor WordPress plugin is being exploited immediately after a patch was released.	CVE-2023-32243 Vulnerability	Multiple Industries	Cyber Crime	>1		Defiant, CVE-2023-32243, Essential Addons for Elementor, WordPress
127	11/05/2023	04/05/2023	04/05/2023	?	Richmond University Medical Center (RUMC)	Richmond University Medical Center (RUMC) is hit with a ransomware attack.	Malware	Human health and social work	Cyber Crime	US		Richmond University Medical Center, RUMC, ransomware
128	11/05/2023	-	-	?	Multiple organizations	Researcher from Ahnlab discover a campaign targeting poorly managed Microsoft SQL (MS SQL) servers, designed to propagate a category of malware called CLR SqlShell that ultimately facilitates the deployment of cryptocurrency miners and ransomware.	Malware	Multiple Industries	Cyber Crime	>1		Ahnlab, Microsoft SQL, MS SQL, CLR SqlShell
129	11/05/2023	-	-	BianLain	Synergy Hematology Oncology Medical Associates	The BianLain ransomware group adds Synergy Hematology Oncology Medical Associates to their leak site.	Malware	Human health and social work	Cyber Crime	US		BianLain, ransomware, Synergy Hematology Oncology Medical Associates
130	11/05/2023	-	-	BianLain	North Shore Medical Labs.	The BianLain ransomware group adds North Shore Medical Labs to their leak site.	Malware	Human health and social work	Cyber Crime	US		BianLain, ransomware, North Shore Medical Labs
131	11/05/2023	-	-	BianLain	Earlens Corporation	The BianLain ransomware group adds Earlens Corporation to their leak site.	Malware	Human health and social work	Cyber Crime	US		BianLain, ransomware, Earlens Corporation
132	11/05/2023	-	06/04/2023	ALPHV AKA BlackCat	Essen Medical Associates	The ALPHV ransomware gang appears to have started leaking data from Essen Medical Associates on its leak site.	Malware	Human health and social work	Cyber Crime	US		ALPHV, BlackCat, ransomware, Essen Medical Associates
133	11/05/2023	-	-	LockBit 3.0	Metronotte Vigilanza	The LockBit ransomware gang claims responsibility for a cyber attack to Metronotte Vigilanza, an Italian private surveillance company.	Malware	Professional, scientific and technical	Cyber Crime	IT		LockBit, LockBit 3.0, Metronotte Vigilanza, ransomware
134	12/05/2023	28/03/2023	14/03/2023	Money Message	PharMerica	PharMerica, one of the largest pharmacy service providers in the United States has confirmed that hackers accessed the personal data of almost six million patients.	Malware	Wholesale and retail	Cyber Crime	US		PharMerica, Money Message, ransomware
135	12/05/2023	-	-	?	Discord	Discord notifies users of a data breach that occurred after the account of a third-party support agent was compromised.	Account Takeover	Professional, scientific and technical	Cyber Crime	US		Discord
136	12/05/2023	-	-	?	Unknown organizations(s)	U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2021-3560, a RedHat vulnerability, to its Known Exploited Vulnerabilities catalog.	CVE-2021-3560 Vulnerability	Unknown	N/A	US		U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2021-3560, RedHat
137	12/05/2023	-	-	?	Unknown organizations(s)	U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2014-0196, a Linux Kernel vulnerability, to its Known Exploited Vulnerabilities catalog.	CVE-2014-0196 Vulnerability	Unknown	N/A	US		U.S. Cybersecurity and Infrastructure Security Agency, CISA, Linux, CVE-2014-0196
138	12/05/2023	-	-	?	Unknown organizations(s)	U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2010-3904, a Linux Kernel vulnerability, to its Known Exploited Vulnerabilities catalog.	CVE-2010-3904 Vulnerability	Unknown	N/A	US		U.S. Cybersecurity and Infrastructure Security Agency, CISA, Linux, CVE-2010-3904
139	12/05/2023	-	-	?	Unknown organizations(s)	U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2015-5317, a Jenkins vulnerability, to its Known Exploited Vulnerabilities catalog.	CVE-2015-5317 Vulnerability	Unknown	N/A	US		U.S. Cybersecurity and Infrastructure Security Agency, CISA, Jenkins, CVE-2015-5317
140	12/05/2023	-	-	?	Unknown organizations(s)	U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2016-3427, an Oracle vulnerability, to its Known Exploited Vulnerabilities catalog.	CVE-2016-3427 Vulnerability	Unknown	N/A	US		U.S. Cybersecurity and Infrastructure Security Agency, CISA, Oracle, CVE-2016-3427
141	12/05/2023	-	-	?	Unknown organizations(s)	U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2016-8735, an Apache vulnerability, to its Known Exploited Vulnerabilities catalog.	CVE-2016-8735 Vulnerability	Unknown	N/A	US		U.S. Cybersecurity and Infrastructure Security Agency, CISA, Apache, CVE-2016-8735
142	12/05/2023	During the last few months	During the last few months	?	Organizations in the hospitality industry	Researchers from Securonix discover a new campaign, dubbed MEME#4CHAN, exploiting Follina remote code execution vulnerability (CVE-2022-30190) to deploy the XWORM remote access trojan and data-stealer against targets in the hospitality industry.	Malware	Accommodation and food service	Cyber Crime	>1		Securonix, MEME#4CHAN, Follina, CVE-2022-30190, XWORM
143	12/05/2023	During the past six months	During the past six months	?	Worldcoin	Attackers install password-stealing malware on the devices of multiple Worldcoin Orb operators, giving them full access to the Worldcoin operator dashboard.	Malware	Fintech	Cyber Crime	>1		Worldcoin Orb
144	12/05/2023	-	-	?	TRANServe	The personal information of 237,000 current and former federal government employees is exposed in a data breach at the U.S. Transportation Department (USDOT) TRANServe transit benefits system.	Unknown	Public admin and defence, social security	Cyber Crime	US		U.S. Transportation Department, USDOT, TRANServe
145	12/05/2023	'Recently'	'Recently'	Maori	Multiple organizations	Researchers from Fortinet reveal the details of a new ransomware strain called Maori, designed to run on Linux architecture and is coded in Go.	Malware	Multiple Industries	Cyber Crime	>1		Fortinet, Maori, ransomware, Linux, Go
146	12/05/2023	'Recently'	'Recently'	?	Multiple organizations	Researchers from Trend Micro discover several malicious advertisement campaigns in Google’s search engine with themes that are related to AI tools like Midjourney, delivering the RedLine stealer.	Malware	Multiple Industries	Cyber Crime	>1		Trend Micro, Google, Midjourney, RedLine
147	12/05/2023	Since 2019	-	?	Cryptocurrency Exchanges	Researchers from JPCERT/CC observe threat actors targeting cryptocurrency exchanges in an attack campaign called DangerousPassword, also referred to as CryptoMimic or SnatchCrypto.	Malware	Fintech	Cyber Crime	>1		JPCERT/CC, DangerousPassword, CryptoMimic, SnatchCrypto
148	12/05/2023	-	-	?	Illinois Application for Benefits Eligibility (ABE)	The Illinois Department of Healthcare and Family Services (HFS) and Department of Human Services (IDHS) disclose a data breach within the State of Illinois Application for Benefits Eligibility (ABE) system’s Manage My Case (MMC) portal.	Account Takeover	Human health and social work	Cyber Crime	US		Illinois Department of Healthcare and Family Services, HFS, Illinois Department of Human Services, IDHS, State of Illinois Application for Benefits Eligibility, ABE, Manage My Case, MMC
149	12/05/2023	-	-	?	Sanmina Corporation	A threat actor lists a dataset for sale that allegedly contains the records of 50,000 employees of the American electronics manufacturer Sanmina Corporation.	Unknown	Manufacturing	Cyber Crime	US		Sanmina Corporation
150	12/05/2023	-	20/04/2023	Karakurt	Peachtree Orthopedics	Peachtree Orthopedics posts a notice of data breach on the company’s website after determining that an unauthorized party had gained access to its computer network. The Karakurt ransomware gang claims responsibility for the attack.	Unknown	Human health and social work	Cyber Crime	US		Peachtree Orthopedics, Karakurt, ransomware
151	12/05/2023	Between 18/01/2023 and 19/01/2023	19/01/2023	?	Renewal by Andersen	Renewal by Andersen files a notice of data breach after confirming that a security incident involving the company’s IT network resulted in an unauthorized party gaining access to confidential consumer data.	Unknown	Professional, scientific and technical	Cyber Crime	US		Renewal by Andersen
152	12/05/2023	Since at least 15/03/2023	15/03/2023	?	Retirement Clearinghouse	Retirement Clearinghouse files a notice of data breach after learning that an unauthorized party had gained access to an employee email account that contained confidential information pertaining to certain individuals.	Account Takeover	Fintech	Cyber Crime	US		Retirement Clearinghouse
153	12/05/2023	07/03/2023	04/04/2023	?	MercyOne Clinton	MercyOne Clinton notifies 20,865 patients about a security incident that disrupted its network possibly due to a ransomware attack.	Malware	Human health and social work	Cyber Crime	US		MercyOne Clinton, ransomware
154	13/05/2023	During 2022	During 2022	CheckMate	Weakly-protected SMB shares	A ransomware operation dubbed CheckMate targets weakly-protected SMB shares.	Malware	Multiple Industries	Cyber Crime	>1		CheckMate, ransomware, SMB
155	13/05/2023	07/03/2023	07/03/2023	?	Credit Control Corporation (CCC)	Credit Control Corporation (CCC), a debt collection services company, falls victim to a cyber attack leading to a data breach that compromised the personal data of numerous healthcare institutions.	Unknown	Finance and insurance	Cyber Crime	US		Credit Control Corporation, CCC
156	13/05/2023	-	-	?	Bank of New York Mellon Corporation (BNY Mellon)	Bank of New York Mellon Corporation (BNY Mellon) files a notice of data breach after learning that confidential information that had been entrusted to the company was leaked in what appears to be a third-party data breach.	Unknown	Finance and insurance	Cyber Crime	US		Bank of New York Mellon Corporation, BNY Mellon
157	13/05/2023	Between 23/04/2012 and 06/03/2023	06/03/2023	?	Lake County Health Department and Community Health Center (LCHD/CHC)	Lake County Health Department and Community Health Center (LCHD/CHC) discloses a breach that impacted 17,000 individuals, when an unauthorized party accessed a Lake County employee’s email account.	Account Takeover	Human health and social work	Cyber Crime	US		Lake County Health Department and Community Health Center, LCHD/CHC
158	13/05/2023	13/05/2023	13/05/2023	NoName057(16)	Italian Ministry of Interior	The Russian collective NoName057(16) claims to have taken down the website of the Italian Ministry of Interior.	DDoS	Public admin and defence, social security	Hacktivism	IT		NoName057(16), Russia, Italian Ministry of Interior
159	13/05/2023	13/05/2023	13/05/2023	NoName057(16)	Italian High Council of the Judiciary (CSM Consiglio Superiore della Magistratura)	The Russian collective NoName057(16) claims to have taken down the website of the Italian High Council of the Judiciary.	DDoS	Public admin and defence, social security	Hacktivism	IT		NoName057(16), Russia, Italian High Council of the Judiciary, CSM, Consiglio Superiore della Magistratura
160	14/05/2023	-	-	ALPHV AKA BlackCat	Academy Mortgage	The ransomware group AlphV (BlackCat) adds Academy Mortgage to its leak site.	Malware	Finance and insurance	Cyber Crime	US		ALPHV, BlackCat, Academy Mortgage
161	15/05/2023	Since at least 24/07/2023	Since at least 24/07/2023	RA Group	Pharmaceutical, insurance, wealth management, and manufacturing firms in the United States and South Korea.	Researchers from Cisco Talos discover a new ransomware group named 'RA Group' targeting pharmaceutical, insurance, wealth management, and manufacturing firms in the United States and South Korea with a ransomware strain built from the leaked Babuk code.	Malware	Multiple Industries	Cyber Crime	KR US		Cisco Talos, RA Group, Ransomware, Babuk
162	15/05/2023	Since 2018	During 2020 and 2021	Lancefly	Organizations in South and Southeast Asia	Researchers from Broadcom/Symantec discover a new APT hacking group dubbed Lancefly using a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		Broadcom, Symantec, Lancefly, Merdoor
163	15/05/2023	13/05/2023	13/05/2023	?	Philadelphia Inquirer	The Philadelphia Inquirer daily newspaper is working on restoring systems impacted by what was described as a cyberattack that hit its network over the weekend.	Unknown	Information and communication	Cyber Crime	US		Philadelphia Inquirer
164	15/05/2023	Since April 2023	During April 2023	?	Multiple organizations	Researchers from Sentinel One reveal that Geacon, a Go-based implementation of the beacon from the widely abused penetration testing suite Cobalt Strike, is being used more and more to target macOS devices.	Malware	Multiple Industries	Cyber Crime	>1		Sentinel One, Geacon, Go, Cobalt Strike, macOS
165	15/05/2023	12/05/2023	12/05/2023	?	Lacroix Group	Technological equipment giant Lacroix Group says it has closed three production sites for the week after experiencing a ransomware attack.	Malware	Manufacturing	Cyber Crime	FR		Lacroix Group, Ransomware
166	15/05/2023	Since at least April 2023	During April 2023	MichaelKors	Multiple organizations	Researchers at Crowdstrike discover MichaelKors, a new Ransomware-as-a-service operation targeting Windows and ESXi/Linux systems.	Malware	Multiple Industries	Cyber Crime	>1		Crowdstrike, ESXi, ransomware
167	15/05/2023	'Recently'	'Recently'	RecordBreaker info-stealer (AKA Raccoon Stealer V2)	Individuals in Korea	Researchers from AhnLab discover a new RecordBreaker info-stealer (AKA Raccoon Stealer V2) campaign targeting Korean users disguised as the download of illegal programs such as cracks and keygens, and hidden this inside fake certificates from a Korean software company.	Malware	Individual	Cyber Crime	KR		AhnLab, RecordBreaker, Raccoon Stealer V2
168	15/05/2023	-	Between late March and late April 2023	?	Multiple organizations	Researchers from Fortinet discover over 30 new zero-day attacks in PyPI packages (Python Package Index).	Malware	Multiple Industries	Cyber Crime	>1		Fortinet. PyPI, Python Package Index
169	15/05/2023	During March 2023	During March 2023	Water Orthrus	Multiple organizations	Researchers from Trend Micro discover two campaigns by a threat actor called Water Orthrus delivering a new malware named CopperStealth and CopperPhish.	Malware	Multiple Industries	Cyber Crime	>1		Trend Micro, Water Orthrus, CopperStealth, CopperPhish
170	15/05/2023	-	-	LokiLocker	Multiple organizations in Korea	Researchers from AhnLab confirm the distribution of the LokiLocker ransomware in Korea.	Malware	Multiple Industries	Cyber Crime	KR		AhnLab, LokiLocker, ransomware
171	15/05/2023	During March 2023	During March 2023	?	Suncorp Bank customers	Researchers from Cofense discover a phishing campaign targeting Suncorp Bank customers.	Account Takeover	Finance and insurance	Cyber Crime	AU		Cofense, Suncorp Bank
172	15/05/2023	-	20/03/2023	?	Fertility Specialists Medical Group	Fertility Specialists Medical Group files a notice of data breach after confirming that an unauthorized party illegally accessed confidential patient data stored on the company’s computer network.	Unknown	Human health and social work	Cyber Crime	US		Fertility Specialists Medical Group
173	15/05/2023	Since at least 04/03/2023	04/03/2023	?	Summit Eye & Optical	Summit Eye & Optical discloses a data breach that impacted 5,727 individuals after the organization discovered unauthorized access to its computers systems on March 4, 2023.	Unknown	Human health and social work	Cyber Crime	US		Summit Eye & Optical
174	15/05/2023	Since August 2023	Between July 2022 and May 2023	Qilin (AKA Agenda)	Multiple organizations in Critical Sectors	Researchers from Group-IB expose the infrastructure of the Qilin ransomware revealing multiple operations against organizations in critical sectors.	Malware	Multiple Industries	Cyber Crime	>1		Group-IB, Qilin, Agenda, ransomware
175	15/05/2023	-	15/05/2023	?	Franklin County Public Schools	Franklin County Public Schools remain close after suffering a ransomware attack.	Malware	Education	Cyber Crime	US		Franklin County Public Schools, ransomware
176	15/05/2023	Two weeks earlier	Two weeks earlier	?	Oklahoma Institute of Allergy Asthma and Immunology	The Oklahoma Institute of Allergy Asthma and Immunology closes its doors because of an alleged security data breach.	Unknown	Human health and social work	Cyber Crime	US		Oklahoma Institute of Allergy Asthma and Immunology
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Creating the timelines is a very time-consuming task.

Any little helps!

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

2022 Cyber Attacks Statistics
And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...
Leaky Buckets in 2023
Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...
16-31 July 2023 Cyber Attacks Timeline
New victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability emerged even during...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
July 2023 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...