16-31 May 2023 Cyber Attacks Timeline

Last modified: July 5, 2023

Follow me on Twitter

Connect on Linkedin

Connect on Mastodon

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Motivations May H2 2023

Attack Techniques May H2 2023

In the second half of May 2023 I collected 159 events (corresponding to 9.94 events/day), the third decrease in a row after the 176 events in the first timeline of May, and the 184 of the second timeline of April.

There was a slight decrease also in the percentage of events caused by ransomware (23.3%, corresponding to 37 out of 159 events), in comparison to 27.3% (48 out of 176 events) of the previous timeline. The impact of vulnerabilities played a part in 14 out of 159 events, bringing the percentage below 10% (8.8% precisely) compared to 11.4% (20 out of 176 events) of the previous timeline.

1-15 May 2023 Cyber Attacks Timeline

In the first half of May 2023 I collected 173 events (corresponding to 11.53 events/day), a value that confirms the sustained trend characterizing this year from an information security perspective.

In the second half of May there were a couple of additional crypto hacks, in particular Tornado Cash stole the equivalent of $ 1M, but the attacker returned the money a couple of days later, an outcome completely different from the case of Jimbos Protocol, which suffered a flash loan attack resulting in the loss of more than of 4000 ETH tokens, currently valued at over $7,500,000.

In terms of mega breaches there were several remarkable events in this fortnight apparently: a Luxottica partner (70 million records exposed), Managed Care of North America (MCNA, 9 million records exposed), Enzo Biochem (2.5 million), and Apria Healthcare (1.8 million).

The Cyber Espionage front was always hot, with multiple campaigns unearthed also in the second half of May, and carried out by known threat actors from Iran (Tortoiseshell), North Korea (Lazarus Group and Kimsuky), India (Sidewinder), and China. As usual the list of cyber espionage operations is too long and the involved actors too many to mention in a few words.

And as always, this brief summary is closed by a quick mention to the attacks launched by the pro-Russian hacktivists of NoName057(16) directed against multiple government targets in Italy, and Anonymous Sudan who blackmailed Scandinavian Airlines (SAS)

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map May H2 2023

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	16/05/2023	SInce at least January 2023	During January 2023	Camaro Dragon (subgroup of Mustang Panda)	European foreign affairs organizations	Researchers from Check Point discover a Chinese state-sponsored group named "Camaro Dragon" infecting residential TP-Link routers with a custom "Horse Shell" malware used to attack European foreign affairs organizations.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	>1		Check Point, Camaro Dragon, TP-Link, Horse Shell
2	16/05/2023	Since at least May 2022	Since at least May 2022	UNC3944	Multiple organizations	Researchers from Mandiant discover UNC3944, a financially motivated cybergang using phishing and SIM swapping attacks to hijack Microsoft Azure admin accounts and gain access to virtual machines.	Account Takeover	Multiple Industries	Cyber Crime	>1		Mandiant, UNC3944, Microsoft Azure
3	16/05/2023	14/05/2023	14/05/2023	UNC3944	ScanSource	Technology provider ScanSource announces it has fallen victim to a ransomware attack impacting some of its systems, business operations, and customer portals.	Malware	Professional, scientific and technical	Cyber Crime	US		ScanSource
4	16/05/2023	Since at least 04/05/2023	Since at least 04/05/2023	?	Multiple organizations	Researchers from Check Point reveal that cybercriminals are starting to target Microsoft's VSCode Marketplace, uploading three malicious Visual Studio extensions that Windows developers downloaded 46,600 times.	Malware	Multiple Industries	Cyber Crime	>1		Check Point, Microsoft, VSCode Marketplace, Visual Studio
5	16/05/2023	Since at least June 2022	Since at least June 2022	BianLian	Critical infrastructure organizations across the United States	The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Australian Cyber Security Centre (ACSC) warn critical infrastructure organizations of the BianLian ransomware group’s attacks.	Malware	Electricity, gas steam, air conditioning	Cyber Crime	>1		US Cybersecurity and Infrastructure Security Agency, CISA, Federal Bureau of Investigation, FBI, Australian Cyber Security Centre, ACSC, BianLian, ransomware
6	16/05/2023	Since at least early May	During early May	BatLoader	Multiple organizations	Researchers from eSentire observe the threat actor known as BatLoader conducting a malicious campaign using Google Search Ads to deliver imposter web pages for ChatGPT and Midjourney.	Malware	Multiple Industries	Cyber Crime	>1		eSentire, BatLoader, Google Search Ads, ChatGPT, Midjourney
7	16/05/2023	-	-	?	Multiple organizations	Security researchers from Armorblox uncover "VIP Invoice Authentication Fraud”, a new development in business email compromise (BEC) designed to increase pressure on the recipient to pay a fake invoice, impersonating trusted vendors or other third parties that the victim organization regularly pays.	Business Email Compromise	Multiple Industries	Cyber Crime	>1		Armorblox, "VIP Invoice Authentication Fraud”
8	16/05/2023	Between 01/03/2023 and 04/03/2023	18/04/2023	?	Collins Electrical Construction Company	Collins Electrical Construction Company discloses a data breach stemming from an unauthorized access to the network.	Unknown	Professional, scientific and technical	Cyber Crime	US		Collins Electrical Construction Company
9	16/05/2023	13/03/2023	13/03/2023	?	Kline & Specter	Kline & Specter discloses to have suffered a ransomware attack.	Malware	Professional, scientific and technical	Cyber Crime	US		Kline & Specter, ransomware
10	16/05/2023	'Recently'	'Recently'	8220 Gang	Undisclosed organization	Researchers from Trend Micro discover a recent attack by the 8220 gang exploiting the Oracle WebLogic CVE-2017-3506 vulnerability.	Oracle WebLogic CVE-2017-3506 vulnerability	Unknown	Cyber Crime	N/A		Trend Micro, 8220, Oracle WebLogic, CVE-2017-3506
11	16/05/2023	Since May 2022	Since May 2022	OilAlpha	Humanitarian groups, media outlets and nonprofits in the Arabian Peninsula	Researchers from Recorded Future reveal that a hacking group known as OilAlpha with likely ties to Yemen’s Houthi movement has targeted humanitarian groups, media outlets and nonprofits in the Arabian Peninsula via WhatsApp as part of a digital espionage campaign.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		Recorded Future, OilAlpha, Yemen, Houthi, WhatsApp
12	16/05/2023	During April 2023	During April 2023	Threat actors from Russia	4 large Insurers in Ukraine	The State Service of Special Communications and Information Protection of Ukraine (SSCIP) reveals that Russian hackers took a sudden interest in obtaining personal data and mounted successful attacks against more than one-third of the country's largest insurers.	Unknown	Finance and insurance	Cyber Warfare	UA		State Service of Special Communications and Information Protection of Ukraine, SSCIP, Russia, Ukraine
13	16/05/2023	-	-	LockBit 3.0	Bank Syariah Indonesia (BSI)	The LockBit ransomware group publishes 1.5 terabytes of personal and financial information the group said it stole from Bank Syariah Indonesia after ransom negotiations broke down.	Malware	Finance and insurance	Cyber Crime	ID		LockBit, LockBit 3.0, Bank Syariah Indonesia, ransomware
14	17/05/2023	Since at least the end of March 2023	End of March 2023	MalasLocker	Multiple organizations	A new ransomware operation dubbed MalasLocker is hacking Zimbra servers to steal emails and encrypt files. However, instead of demanding a ransom payment, the threat actors claim to require a donation to charity to provide an encryptor and prevent data leaking.	Malware	Multiple Industries	Cyber Crime	>1		MalasLocker, Zimbra,ransomware
15	17/05/2023	After 11/05/2023	08/05/2023	Multiple threat actors	Multiple organizations	Researchers from Wordfence observe millions of probing attempts for the presence of the CVE-2023-32243 Vulnerability in the WordPress Essential Addons for Elementor plugin.	CVE-2023-32243 Vulnerability	Multiple Industries	Cyber Crime	>1		Wordfence, CVE-2023-32243, WordPress Essential Addons for Elementor
16	17/05/2023	Since at least 2018	-	Lemon Group	Individuals	Researchers from Trend Micro reveal that a large cybercrime enterprise tracked as the "Lemon Group" has reportedly pre-installed malware known as 'Guerrilla' on almost 9 million Android-based smartphones, watches, TVs, and TV boxes.	Malware	Individual	Cyber Crime	>1		Trend Micro, Lemon Group, Guerrilla, Android
17	17/05/2023	Between 07/04/2023 and 10/04/2023	Between 07/04/2023 and 10/04/2023	China?	Multiple organizations in Taiwan	Researchers from Trellix discover a campaign targeting users in Taiwan with malicious emails delivering malware.	Malware	Multiple Industries	Cyber Espionage	TW		Trellix, China, Taiwan
18	17/05/2023	13/01/2023	17/03/2023	?	Village Bank	Village Bank discloses that it experienced a data breach in which the sensitive personal identifiable information in its systems might have been accessed.	Account Takeover	Finance and insurance	Cyber Crime	US		Village Bank
19	17/05/2023	22/04/2022	19/06/2022	?	Puma Biotechnology	Puma Biotechnology reveals to have suffered a security breach.	Unknown	Professional, scientific and technical	Cyber Crime	US		Puma Biotechnology
20	17/05/2023	SInce at least November 2022	During February 2023	SideWinder	Organizations in Pakistan and China	Researchers from Group-IB and Bridewell expose a previously undocumented attack infrastructure used by the prolific state-sponsored group SideWinder to strike entities located in Pakistan and China.	Targeted Attack	Multiple Industries	Cyber Espionage	CN PK		Group-IB, Bridewell, SideWinder
21	17/05/2023	During June 2022	During June 2022	Minas	Multiple organizations	Researchers from Kaspersky discover a new miner dubbed Minas using multiple techniques to hide its presence.	Malware	Multiple Industries	Cyber Crime	>1		Kaspersky, Minas
22	17/05/2023	14/03/2023	01/04/2023	?	Benefit Management	Benefit Management announces a data breach after learning that confidential patient information in the company’s care was subject to unauthorized access due to a phishing attack.	Account Takeover	Administration and support service	Cyber Crime	US		Benefit Management
23	17/05/2023	-	18/01/2023	?	Undisclosed organization	United Health Services of Delaware (UHS of Delaware) files a notice of data breach after learning that a vendor experienced a phishing attack compromising UHS of Delaware patient information.	Account Takeover	Unknown	Cyber Crime	US		United Health Services of Delaware, UHS of Delaware
24	17/05/2023	17/02/2023	'Recently'	?	Great Expressions Dental Centers (GEDC)	Great Expressions Dental Centers (GEDC) filed a notice of data breach after determining that an unauthorized party was able to access and remove certain confidential patient information from the company’s computer network.	Unknown	Human health and social work	Cyber Crime	US		Great Expressions Dental Centers, GEDC
25	17/05/2023	-	18/01/2023	?	Undisclosed business associate of South Texas Health System	South Texas Health System notifies patients that some of their protected health information may have been compromised when an unauthorized party accessed a business associate's email account using a phishing tactic.	Account Takeover	Professional, scientific and technical	Cyber Crime	US		South Texas Health System
26	17/05/2023	Mid-May 2023	Mid-May 2023	?	Downs School	The Downs School is hit by a possible cyber attack.	Unknown	Education	Cyber Crime	UK		Downs School
27	18/05/2023	-	-	?	Unknown organization(s)	Apple fixes CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.	CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 Vulnerabilities	Unknown	N/A	N/A		Apple, CVE-2023-32409, CVE-2023-28204, CVE-2023-32373, iPhones, Macs, iPads
28	18/05/2023	-	-	?	Multiple organizations	Researchers from ReversingLabs discover multiple npm packages named after NodeJS libraries that pack a Windows executable that resembles NodeJS but instead drops TurkoRAT, a sinister trojan.	Malware	Multiple Industries	Cyber Crime	>1		ReversingLabs, NodeJS, Windows, TurkoRAT
29	18/05/2023	Since at least March 2023	During March 2023	AllWinner and RockChip	Android TV boxes customers	Security researchers confirm that popular Android TV boxes sold on Amazon by two Chinese companies AllWinner and RockChip, are laced with malware	Malware	Individual	Cyber Crime	>1		Android TV, Amazon, AllWinner, RockChip
30	18/05/2023	-	-	Black Basta	Viking Coca-Cola	Cyber criminals from the Black Basta ransomware gang supposedly breach Viking Coca-Cola, a US-based manufacturing company specializing in bottles and cans. The company is one of the largest Coca-Cola bottlers in the US.	Malware	Manufacturing	Cyber Crime	US		Black Basta, ransomware, Viking Coca-Cola
31	18/05/2023	-	-	?	Individuals	Researchers from Avanan discover a phishing campaign exploiting Dropbox to deliver phishing pages.	Account Takeover	Individual	Cyber Crime	>1		Avanan, Dropbox
32	18/05/2023	-	-	?	Multiple organizations	Researchers at Qualys discover a new variant of the Sotdas malware that introduces several innovative features and advanced defense evasion techniques.	Malware	Multiple Industries	Cyber Crime	>1		Qualys, Sotdas
33	18/05/2023	Several months ago	Several months ago	Dunghill	Gentex Corporation	Gentex Corporation confirms a data breach by Dunghill ransomware actors.	Malware	Professional, scientific and technical	Cyber Crime	US		Gentex Corporation, Dunghill, ransomware
34	18/05/2023	11/01/2023	31/01/2023	?	Credit Union of Southern California (CU SoCal)	Credit Union of Southern California (CU SoCal) files a notice of data breach after learning that an unauthorized party accessed emails and attachments information stored in an employee’s email account.	Account Takeover	Finance and insurance	Cyber Crime	US		Credit Union of Southern California, CU SoCal
35	18/05/2023	02/03/2023	06/03/2023	?	People Incorporated of Sequoyah County	People Incorporated of Sequoyah County, a provider of behavioral health, addiction recovery, and anger management services, discloses that an unauthorized third party gained access to the sensitive data of 8,725 current and former patients in a recent ransomware attack.	Malware	Human health and social work	Cyber Crime	US		People Incorporated of Sequoyah County, ransomware
36	18/05/2023	During April 2023	-	BlackBasta	Buckley King	Buckley King, a law firm, is hit with a BlackBasta ransomware attack.	Malware	Professional, scientific and technical	Cyber Crime	US		Buckley King, BlackBasta, ransomware
37	18/05/2023	-	-	Trigona	Lolaico Impianti	The Trigona ransomware gang claims responsibility for an attack to Lolaico Impianti.	Malware	Manufacturing	Cyber Crime	IT		Trigona, ransomware, Lolaico Impianti
38	19/05/2023	16/03/2021	30/04/2023 and 12/05/2023	?	Luxottica	Luxottica confirms that one of its partners suffered a data breach in 2021 that exposed the personal information of 70 million customers after a database was posted for free on hacking forums.	Unknown	Manufacturing	Cyber Crime	IT		Luxottica
39	19/05/2023	Since April 2023	During April 2023	FIN7 (AKA ELBRUS, Sangria Tempest)	Multiple organizations	Researchers from Microsoft reveal that the FIN7 group was observed deploying the Clop ransomware in opportunistic attacks in April 2023, its first ransomware campaign since late 2021, using the PowerShell-based POWERTRASH in-memory malware dropper to deploy the Lizar post-exploitation tool on compromised devices.	Malware	Multiple Industries	Cyber Crime	>1		Microsoft, FIN7, ELBRUS, Sangria Tempest, Clop, ransomware, POWERTRASH, Lizar
40	19/05/2023	-	-	Multiple threat actors	Multiple organizations in the U.S.	The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns of CVE-2023-21492, a security vulnerability affecting Samsung devices used in attacks to bypass Android address space layout randomization (ASLR) protection.	CVE-2023-21492 Vulnerability	Multiple Industries	N/A	US		U.S. Cybersecurity & Infrastructure Security Agency, CISA, CVE-2023-21492, Samsung, Android, ASLR
41	19/05/2023	-	-	?	Individuals	Researchers from Cyble discover a new malware distribution campaign impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims.	Malware	Individual	Cyber Crime	>1		Cyble, CapCut
42	19/05/2023	Since 27/03/2023	Since 27/03/2023	?	Crypto investors	Researchers from Scan Sniffer reveal that a cryptocurrency phishing and scam service called 'Inferno Drainer' has reportedly stolen over $5.9 million worth of crypto from 4,888 victims.	Account Takeover	Fintech	Cyber Crime	>1		Scan Sniffer, Inferno Drainer
43	19/05/2023	-	-	?	Multiple organizations	Researchers from Microsoft observe an increase in sophistication and tactics by threat actors specializing in business email compromise (BEC), including leveraging residential internet protocol (IP) addresses to make attack campaigns appear locally generated.	Business Email Compromise	Multiple Industries	Cyber Crime	>1		Microsoft, BEC
44	19/05/2023	Since at least March 2023	Since at least March 2023	Unidentified advanced persistent threat	Individuals and organizations in Ukraine	Researchers from Kaspersky discover CloudWizard a new cluster of activities by an advanced persistent threat targeting individuals and organizations in Ukraine via the PowerMagic and CommonMagic malicious implants.	Targeted Attack	Multiple Industries	Cyber Espionage	UA		Kaspersky, CloudWizard, Ukraine, PowerMagic, CommonMagic
45	19/05/2023	10/05/2023	10/05/2023	?	Suzuki Motorcycles India	The Indian manufacturing plant responsible for manufacturing Suzuki motorcycles is forced to shut down following a cyber attack.	Unknown	Manufacturing	Cyber Crime	IN		Suzuki Motorcycles
46	19/05/2023	'Recently'	'Recently'	?	Individuals	Researchers from Trend Micro discover an infostealer masquerading as a popular computer game exploiting GitHub Codespaces to exfiltrate data.	Malware	Individual	Cyber Crime	>1		Trend Micro, GitHub Codespaces
47	19/05/2023	20/03/2023	24/03/2023	?	Tennessee Orthopaedic Clinics (TOC)	Tennessee Orthopaedic Clinics (TOC) files a notice of data breach after determining that an unauthorized party was able to access confidential patient data stored on the company’s computer network.	Unknown	Human health and social work	Cyber Crime	US		Tennessee Orthopaedic Clinics, TOC
48	19/05/2023	25/04/2023	25/04/2023	?	Newport News Public Library	A failed cyberattack is responsible for Newport News Public Library branch computers being out of operation the past three weeks.	Unknown	Public admin and defence, social security	Cyber Crime	US		Newport News Public Library
49	20/05/2023	-	-	Multiple threat actors	Multiple organizations	PyPI, the official third-party registry of open source Python packages, temporarily suspends new users from signing up, and new projects from being uploaded to the platform until further notice, amid the registry's struggle to upkeep with a large influx of malicious users and packages.	Malware	Multiple Industries	Cyber Crime	>1		PyPI, Python
50	20/05/2023	-	-	Kiber Sprotyv and InformNapalm	Viktor Borisovich Netyksho	Ukrainian hacking group "Kiber Sprotyv," which translates as “Cyber Resistance,” and volunteer intelligence community InformNapalm release the personal data and photo of Viktor Borisovich Netyksho, an Officer in Russia’s Intelligence Directorate of the General Staff (GRU) after hacking his wife Oxana's emails.	Account Takeover	Individual	Hacktivism	RU		Kiber Sprotyv, Cyber Resistance, Viktor Borisovich Netyksho, GRU, Oxana Netyksho, Russia, Ukraine
51	20/05/2023	20/05/2023	20/05/2023	?	Tornado Cash	An attacker exploits crypto mixer Tornado Cash to take full control of the decentralized platform and steal $1 million. The day after the attacker reverts the control back.	Malware	Fintech	Cyber Crime	N/A		Tornado Cash
52	22/05/2023	From 05/04/2019 to 07/05/2019 and from 27/08/2021 to 10/10/2021	01/09/2021	?	Apria Healthcare	Apria Healthcare notifies over 1.8 million patients and employees that their personal, financial and health data was accessed during a systems hack.	Unknown	Human health and social work	Cyber Crime	US		Apria Healthcare
53	22/05/2023	During February 2023	Since at least February 2023	ALPHV AKA BlackCat	Multiple organizations	Researchers from Trend Micro reveal that the ALPHV ransomware group (aka BlackCat) was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks via an improved version of the malware known as 'POORTRY'.	Malware	Multiple Industries	Cyber Crime	>1		Trend Micro, ALPHV, ransomware, BlackCat, POORTRY
54	22/05/2023	Since at least November. 2021	Since at least November. 2021	p0-LUCR-1 AKA GUI-vil	Multiple organizations	Researchers from Permiso discover a financially motivated cyberthreat group traced to Indonesia, attacking organizations’ Amazon Web Services (AWS) accounts to set up illicit cryptomining operations.	Misconfiguration	Multiple Industries	Cyber Crime	>1		p0-LUCR-1, GUI-vil, Permiso, Amazon Web Services, AWS
55	22/05/2023	-	-	Chinese organized crime groups,	US citizens and individuals who travel or live abroad	The FBI warns US citizens and individuals who travel or live abroad of the risk of false job advertisements linked to labor trafficking at Southeast Asia.	Scam	Individual	Cyber Crime	US		FBI, China, labor trafficking
56	22/05/2023	Between 18/04/2023 and 20/04/2023	Between 18/04/2023 and 20/04/2023	UAC-0063	Undisclosed government agency in Ukraine.	The Ukraine's computer emergency response team, CERT-UA, identifies a cyber-espionage campaign carried on by an unidentified threat actor named UAC-0063, targeting an undisclosed government agency in Ukraine.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	UA		Ukraine, CERT-UA, UAC-0063
57	22/05/2023	Since at least mid-2020	-	Iranian threat actors	Organizations in Middle East	Researchers from Fortinet discover Wintapix, a new Windows kernel driver deployed in attacks against Middle East targets by Iranian threat actors since 2020.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		Fortinet, Wintapix, Iran
58	22/05/2023	-	-	ALPHV AKA BlackCat	Mazars Group	Mazars Group, an international audit, accounting, and consulting firm, is posted on the ALPHV/BlackCat ransomware dark web blog.	Malware	Professional, scientific and technical	Cyber Crime	FR		Mazars Group, ALPHV, BlackCat, ransomware
59	22/05/2023	During February 2023	During February 2023	ALPHV AKA BlackCat	Undisclosed organization	Researchers at Trend Micro reveal the details of a BlackCat ransomware incident, using a signed kernel driver for evasion.	Malware	Unknown	Cyber Crime	N/A		Trend Micro, ALPHV, BlackCat, ransomware
60	22/05/2023	03/04/2023	Between 02/04/2023 and 06/04/2023	?	PillPack	Amazon's PillPack notifies consumers that an unauthorized person took customer emails and passwords to log into 19,032 PillPack accounts.	Credential Stuffing	Wholesale and retail	Cyber Crime	US		Amazon, PillPack
61	22/05/2023	15/11/2021	03/03/2022	?	Alta Medical Management	Pioneer Valley Ophthalmic Consultants (PVOC) files a notice of data breach after learning that a ransomware attack to a third-party vendor, Alta Medical Management, resulted in the confidential information of PVOC patients being subject to unauthorized access	Malware	Professional, scientific and technical	Cyber Crime	US		Pioneer Valley Ophthalmic Consultants, PVOC, ransomware, Alta Medical Management
62	22/05/2023	-	06/04/2023	?	Freedom Mortgage Corporation	Freedom Mortgage Corporation files a notice of data breach after learning that confidential consumer data entrusted to the company was subject to unauthorized access.	Unknown	Finance and insurance	Cyber Crime	US		Freedom Mortgage Corporation
63	22/05/2023	07/01/2023	05/02/2023	?	Topcon Healthcare Solutions	Topcon Healthcare Solutions, a provider of imaging, diagnostic, and intelligent data technologies, reports a security breach that exposed protected health information.	Unknown	Professional, scientific and technical	Cyber Crime	US		Topcon Healthcare Solutions
64	22/05/2023	22/05/2023	22/05/2023	NoName057(16)	Azienda Trasporti Milano (ATM)	The pro-Russian group NoName057(16) takes down the website of ATM, the company that manages the public transport in the city of Milan, and the Italian Transport Regulation Authority (Autorità di Regolazione dei Trasporti – ART)	DDoS	Transportation and storage	Hacktivism	IT		NoName057(16), ATM, Azienda Trasporti Milano, Transport Regulation Authority, Autorità di Regolazione dei Trasporti, ART
65	22/05/2023	18/05/2023	18/05/2023	?	Bloomfleet	Bloomfleet, an Italian fleet management company, discloses to have suffered a cyber attack.	Unknown	Administration and support service	Cyber Crime	IT		Bloomfleet
66	23/05/2023	Since August 2022	-	AhRat	Android users	Researchers from ESET discover AhRat, a new remote access trojan on the Google Play Store, hidden in iRecorder, an Android screen recording app with more than 50,000 installs.	Malware	Individual	Cyber Crime	>1		ESET, AhRat, Google Play Store, iRecorder, Android
67	23/05/2023	Since 2019	Since 2022	GoldenJackal	Government and diplomatic entities in Asia	Researchers from Kaspersky discover GoldenJackal, a relatively unknown advanced persistent threat (APT) targeting government and diplomatic entities in Asia since 2019 for espionage.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		Kaspersky, GoldenJackal
68	23/05/2023	-	-	Lazarus Group	Multiple organizations	Researchers from AhnLab reveal that the notorious North Korean state-backed group, known as the Lazarus Group, is now targeting vulnerable Windows Internet Information Services (IIS) web servers to gain initial access to corporate networks.	IIS Vulnerability	Multiple Industries	Cyber Espionage	>1		AhnLab, Lazarus Group, Windows, Internet Information Services, IIS
69	23/05/2023	Since at least May 2022	Since at least May 2022	Tortoiseshell (AKA TA456 or Imperial Kitten)?	Shipping and logistics companies in Israel	Researchers from ClearSky Security reveal the details of 'Fata Morgana' a watering hole attack on at least eight shipping and logistics companies in Israel. The attack is highly likely to be orchestrated by a nation-state actor from Iran, with a low confidence specific attribution to Tortoiseshell (also called TA456 or Imperial Kitten).	Malicious Script Injection	Transportation and storage	Cyber Espionage	IL		Tortoiseshell, TA456, Imperial Kitten, ClearSky Security, Fata Morgana
70	23/05/2023	SInce January 2023	SInce January 2023	?	Multiple organizations	Researchers from Cofense discover a credential phishing campaign using the legitimate SuperMailer newsletter distribution, doubling in size each month since January 2023.	Account Takeover	Multiple Industries	Cyber Crime	>1		Cofense, SuperMailer
71	23/05/2023	30/01/2023	03/05/2023	?	InvestorCOM	Franklin Templeton Canada and Mackenzie Investments disclose to have suffered a breach after their vendor InvestorCOM was affected by a breach carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Finance and insurance	Cyber Crime	CA		Franklin Templeton Canada, Mackenzie Investments, InvestorCOM, CVE-2023-0669, Fortra GoAnywhere
72	23/05/2023	End of April 2023	End of April 2023	DarkCloud	Multiple organizations	Researchers from AhnLab discover a campaign distributing the DarkCloud and ClipBanker infostealers via spam emails.	Malware	Multiple Industries	Cyber Crime	>1		AhnLab, DarkCloud, ClipBanker
73	23/05/2023	02/04/2023	31/03/2023	?	The Insurance Information Bureau of India (IIB)	The Insurance Information Bureau of India (IIB) discloses a ransomware attack.	Malware	Finance and insurance	Cyber Crime	IN		Insurance Information Bureau of India, IIB, ransomware
74	23/05/2023	21/05/2023	23/05/2023	?	Thomas Hardye School	Thomas Hardye School in Dorchester is hit with a ransomware attack.	Malware	Education	Cyber Crime	UK		Thomas Hardye School, Dorchester, ransomware
75	23/05/2023	Early May 2023	Early May 2023	?	YouTube viewers	Researchers from Fortinet discover an ongoing campaign targeting YouTube viewers searching for pirated software and distributing Vidar Stealer, Laplas Clipper, and XMRig Miner.	Malware	Individual	Cyber Crime	>1		Fortinet, YouTube, Vidar Stealer, Laplas Clipper, XMRig Miner.
76	23/05/2023	05/05/2023	05/05/2023	Kimsuky	North Korea-focused information services, human rights activists, and DPRK-defector support organizations	Researchers from Sentinel Labs observe an ongoing campaign by the North Korean APT group Kimsuky targeting North Korea-focused information services, human rights activists, and DPRK-defector support organizations, using a variant of the RandomQuery malware, enabling subsequent precision attacks.	Targeted Attack	Extraterritorial orgs and bodies	Cyber Espionage	KR		SentinelLabs, North Korea, Kimsuky, RandomQuery
77	23/05/2023	End of April 2023	End of April 2023	StrelaStealer	Spanish users	Researchers from AhnLab discover a campaign distributing the StrelaStealer Infostealer to Spanish users.	Malware	Information and communication	Cyber Crime	ES		AhnLab, StrelaStealer
78	23/05/2023	-	22/05/2023	Royal	Morris Hospital	The Morris Hospital is hit with a Royal ransomware attack.	Malware	Human health and social work	Cyber Crime	US		Morris Hospital, Royal, ransomware
79	23/05/2023	09/03/2023	09/03/2023	?	Populus Financial	Populus Financial files a notice of data breach after experiencing a cybersecurity event that compromised confidential consumer information that had been entrusted to the company.	Unknown	Finance and insurance	Cyber Crime	US		Populus Financial
80	23/05/2023	20/03/2023	-	?	Grant Regional Health Center	Grant Regional Health Center notifies 4,135 patients about a breach of an employee email account.	Account Takeover	Human health and social work	Cyber Crime	US		Grant Regional Health Center
81	23/05/2023	-	21/04/2023	ALPHV AKA BlackCat	Logística Integrada Sulamericana (LISA)	Logística Integrada Sulamericana (LISA) is listed in the BlackCat’s ransomware leak site.	Malware	Transportation and storage	Cyber Crime	BR		Logística Integrada Sulamericana, LISA, ALPHV, BlackCat, ransomware
82	23/05/2023	-	10/05/2023	Medusa	Cooperativa de Ahorro y Crédito Ahorrocoop, AhorroCoop, Medusa, ransomware	Cooperativa de Ahorro y Crédito Ahorrocoop, a Chilean savings and credit cooperative, is added to the Medusa ransomware leak site.	Malware	Finance and insurance	Cyber Crime	CL		Cooperativa de Ahorro y Crédito Ahorrocoop, AhorroCoop, Medusa, ransomware
83	23/05/2023	-	-	8Base	SiComputer	The 8Base gang claims responsibility for a cyber attack against SiComputer.	Malware	Professional, scientific and technical	Cyber Crime	IT		8Base, SiComputer
84	23/05/2023	During May 2023	During May 2023	Suspected Chinese APT groups	Government officials affiliated with France, the United Kingdom, India, Singapore, and Australia.	Researchers from Sentinel One reveal that suspected Chinese APT groups exploited a 17-year-old Microsoft Office vulnerability, CVE-2017-11882, to launch malware attacks against foreign government officials who attended a G7 summit in Hiroshima, Japan.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	AU FR IN SG UK		China, Sentinel One, Microsoft Office, CVE-2017-11882, G7, Hiroshima
85	24/05/2023	'Recently'	'Recently'	Agrius	Organizations in Israel	Researchers from Check Point reveal that a suspected Iranian state-supported threat actor known as 'Agrius' is now deploying a new ransomware strain named 'Moneybird' against Israeli organizations.	Malware	Multiple Industries	Cyber Warfare	IL		Check Point, Agrius, 'Moneybird
86	24/05/2023	During 2022	During 2022	APT34	Organizations in UAE	Researchers from Fortinet reveal the details of Operation "Total Exchange", a campaign using a new PowerShell-based malware dubbed PowerExchange to backdoor on-premise Microsoft Exchange servers.	Targeted Attack	Multiple Industries	Cyber Espionage	UAE		Fortinet, Total Exchange, PowerShell, Iran, PowerExchange, Microsoft Exchange
87	24/05/2023	Since at least mid-2021	-	Volt Typhoon (AKA Bronze Silhouette)	Critical infrastructure organizations across the United States	Researchers from Microsoft and Secureworks reveal that a Chinese cyberespionage group tracked as Volt Typhoon has been targeting critical infrastructure organizations across the United States, since at least mid-2021.	Targeted Attack	Multiple Industries	Cyber Espionage	US		Microsoft, Volt Typhoon, Bronze Silhouette, Secureworks
88	24/05/2023	Since 23/05/2023	23/05/2023	Multiple threat actors	Vulnerable WordPress Sites	Researchers from Wordfence observe ongoing attacks targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs.	WordPress plugin vulnerability	Multiple Industries	Cyber Crime	>1		Wordfence, Unauthenticated Stored Cross-Site Scripting, XSS, Beautiful Cookie Consent Banner
89	24/05/2023	Mid May 2023	Mid May 2023	?	Organizations using Microsoft 365	Researchers from Trustwave discover a phishing campaign using a combination of compromised Microsoft 365 accounts and .rpmsg (restricted permission message files) encrypted emails to deliver the phishing message.	Account Takeover	Multiple Industries	Cyber Crime	>1		Trustwave, Microsoft 365, rpmsg, restricted permission message files
90	24/05/2023	Since at least October 2022	During mid-May 2023	?	Multiple organizations	Barracuda, a company known for its email and network security solutions, warns customers that some of their Email Security Gateway (ESG) appliances were breached last week by targeting CVE-2023-2868, a now-patched zero-day vulnerability.	CVE-2023-2868 Vulnerability	Multiple Industries	N/A	>1		Barracuda, Email Security Gateway, ESG, CVE-2023-2868
91	24/05/2023	16/05/2023	16/05/2023	Rhysida	Government of Martinique (Collectivite Territoralie de Martinique)	The Government of Martinique is hit with a Rhysida ransomware attack.	Malware	Public admin and defence, social security	Cyber Crime	FR		Government of Martinique, Collectivite Territoralie de Martinique, Rhysida, ransomware
92	24/05/2023	-	-	?	Multiple organizations	Researchers from Cado Labs discover an updated version of the commodity malware Legion with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch.	Malware	Multiple Industries	Cyber Crime	>1		Cado Labs, Legion, Amazon Web Services, AWS, DynamoDB, CloudWatch
93	24/05/2023	29/07/2021, 15-17/08/2021, from 03/08/2021 to 09/082021.	13/07/2022	?	Stanly Community College	Stanly Community College files a notice of data breach after the school learned that confidential information in its possession was subject to unauthorized access after a phishing attack.	Account Takeover	Education	Cyber Crime	US		Stanly Community College
94	24/05/2023	23/03/2023	23/03/2023	?	UI Community HomeCare	UI Community HomeCare, a subsidiary of University of Iowa Health System, files a notice of data breach after learning that confidential consumer information that had been entrusted to the company was subject to unauthorized access after a ransomware attack.	Malware	Human health and social work	Cyber Crime	US		UI Community HomeCare, University of Iowa Health System, ransomware
95	24/05/2023	05/12/2022	21/12/2022	?	MedInform	MedInform files a notice of data breach after learning that an unauthorized user was able to access confidential information belonging to Cleveland Clinic patients that were stored on the company’s computer network.	Unknown	Administration and support service	Cyber Crime	US		MedInform, Cleveland Clinic
96	24/05/2023	09/07/2022	During 2022	?	Suffolk University	Suffolk University files a notice of data breach after learning that a recent cybersecurity event resulted in confidential student information being accessed or obtained by an unauthorized party.	Unknown	Education	Cyber Crime	US		Suffolk University
97	24/05/2023	15/03/2023	25/03/2023	?	SLT Lending SPV	SLT Lending SPV, the company that owns and operates Sur La Table, files a notice of data breach after confirming that an unauthorized party accessed certain files on the company’s computer network that contained confidential employee information.	Unknown	Wholesale and retail	Cyber Crime	US		SLT Lending SPV, Sur La Table
98	24/05/2023	25/02/2023	29/03/2023	BianLian	The Vascular Center of Intervention (VCI)	The Vascular Center of Intervention is hit with a BianLian ransomware attack.	Malware	Human health and social work	Cyber Crime	US		The Vascular Center of Intervention, VCI, BianLian, ransomware
99	24/05/2023	24/05/2023	24/05/2023	?	Diego Armando Maradona's Facebook page	The Diego Armando Maradona's Facebook page is flooded with strange messages, before his family confirms that it has been hacked.	Account Takeover	Individual	Cyber Crime	AR		Diego Armando Maradona, Facebook
100	25/05/2023	Since at least February 2023	During February 2023	Buhti (AKA Blacktail)	Multiple organizations	Researchers from Broadcom/Symantec reveal that a new ransomware operation named 'Buhti' is using the leaked code of the LockBit and Babuk ransomware families to target Windows and Linux systems, respectively.	Malware	Multiple Industries	Cyber Crime	>1		Broadcom, Symantec, Buhti, Blacktail, LockBit, Babuk, ransomware, Windows, Linux
101	25/05/2023	During Q1 2023	Since 2021	Brazilian hacking group	30 Portuguese government and private financial institutions	Researchers from Sentinel Labs discover Operation Magalenha, a long-running campaign conducted by a Brazilian hacking group targeting 30 Portuguese government and private financial institutions since 2021.	Malware	Finance and insurance	Cyber Crime	PT		Sentinel Labs, Operation Magalenha
102	25/05/2023	Since at least 16/05/2023	Since at least 16/05/2023	Mirai	Vulnerable Zyxel devices	The Mirai botnet is now exploiting CVE-2023-28771 to target vulnerable Zyxel devices.	CVE-2023-28771 Vulnerability	Multiple Industries	Cyber Crime	>1		Mirai, CVE-2023-28771, Zyxel
103	25/05/2023	Since at least December 2021	During December 2021	Rostelecom-Solar	Industrial Control Systems in Europe, Middle East, and Asia	Researchers from Mandiant discover a new malware called CosmicEnergy, targeting IEC-104-compliant remote terminal units designed to disrupt industrial systems and linked to Russian cybersecurity outfit Rostelecom-Solar (formerly Solar Security).	Malware	Electricity, gas steam, air conditioning	Cyber Warfare	>1		Mandiant, CosmicEnergy, IEC-104, Rostelecom-Solar, Solar Security
104	25/05/2023	Mid-May 2023	Mid-May 2023	?	Emby	Emby says it remotely shut down an undisclosed number of user-hosted media server instances that were recently hacked by exploiting a previously known vulnerability and an insecure admin account configuration.	Vulnerability	Other service activities	Cyber Crime	N/A		Emby
105	25/05/2023	Since October 2020	During November 2021	?	Armenian journalists, activists, government officials and civilians	Researchers from several security organizations uncover the first known case of Pegasus spyware being used in the middle of a war between Armenia and Azerbaijan.	Targeted Attack	Individual	Cyber Espionage	AM		Pegasus, Armenia, Azerbaijan
106	25/05/2023	-	-	Multiple threat actors	Multiple organizations	Researchers from WithSecure confirm to have observed malware samples been generated by ChatGPT.	Malware	Multiple Industries	Cyber Crime	>1		ChatGPT, WIthSecure
107	25/05/2023	Since November 2021	10/04/2023	IZ1H9	Multiple targets	Researchers from Palo Alto Networks observe a Mirai variant called IZ1H9, using several vulnerabilities to spread itself.	CVE-2023-27076, CVE-2023-26801, CVE-2023-26802, Zyxel remote code execution vulnerabilities	Multiple Industries	Cyber Crime	>1		Palo Alto Networks, Mirai, IZ1H9, CVE-2023-27076, CVE-2023-26801, CVE-2023-26802, Zyxel
108	25/05/2023	Since at least 28/02/2023	28/02/2023	Dark Frost	Organizations in the gaming industry	Security researchers from Akamai identify a botnet called Dark Frost that directly targets the gaming industry and is made up of code stolen from similar projects such as Gafgyt, Qbot, and Mirai.	Hadoop YARN misconfiguration	Arts entertainment, recreation	Cyber Crime	>1		Akamai, Dark Frost, Gafgyt, Qbot, Mirai, Hadoop YARN
109	25/05/2023	End of April 2023	End of April 2023	?	ChatGPT users	Researchers from INKY discover yet another phishing campaign targeting ChatGPT users.	Account Takeover	Individual	Cyber Crime	>1		INKY, ChatGPT
110	25/05/2023	Since March 2023	Since March 2023	Invicta Stealer	Multiple organizations	Researchers from Cyble discover a new stealer dubbed Invicta Stealer promoted on several social platforms.	Malware	Multiple Industries	Cyber Crime	>1		Cyble, Invicta Stealer
111	25/05/2023	21/04/2023	07/03/2023	?	Winslow Memorial Hospital d.b.a Little Colorado Medical Center (LCMC)	Winslow Memorial Hospital, doing business under the name Little Colorado Medical Center (LCMC), files a notice of data breach after learning that an unauthorized party carried out a cyberattack resulting in leaked patient data.	Unknown	Human health and social work	Cyber Crime	US		Winslow Memorial Hospital, Little Colorado Medical Center, LCMC
112	26/05/2023	Between 26/02/2023 and 07/03/2023	06/03/2023	LockBit 3.0	Managed Care of North America (MCNA)	A LockBit ransomware attack on Managed Care of North America (MCNA), a major dental insurance provider , compromises the personal information of nearly nine million people across the United States, according to documents filed with state regulators.	Malware	Human health and social work	Cyber Crime	US		LockBit, LockBit 3.0, ransomware, Managed Care of North America, MCNA
113	26/05/2023	17/05/2023	17/05/2023	BlackByte	City of Augusta	The city of Augusta in Georgia, U.S., confirms that the most recent IT system outage was caused by unauthorized access to its network. The BlackByte ransomware gang claims responsibility for the attack.	Malware	Public admin and defence, social security	Cyber Crime	US		City of Augusta, BlackByte, ransomware
114	26/05/2023	Since at least 15/05/2023	15/05/2023	QBot AKA Qakbot	Multiple organizations	A new QBot campaign is abusing a DLL hijacking flaw in the Windows 10 WordPad program to infect computers, using the legitimate program to evade detection by security software.	Malware	Multiple Industries	Cyber Crime	>1		QBot, Qakbot, DLL hijacking, Windows 10, WordPad
115	26/05/2023	SInce at least April 2023	During April 2023	Bandit Stealer	Crypto investors	Researchers from Trend Micro reveal the details of Bandit Stealer, a new information-stealing malware that targets browsers and cryptocurrency wallets.	Malware	Fintech	Cyber Crime	>1		Trend Micro, Bandit Stealer
116	26/05/2023	'Recently'	'Recently'	?	Multiple organizations	The Phishing Defence Center (PDC) observes a phishing campaign where the threat actor sent an email to a user that claimed to be from the ‘HR Department’ and provided the user with a link to submit their annual leave requests.	Account Takeover	Multiple Industries	Cyber Crime	>1		Phishing Defence Center, PDC
117	26/05/2023	26/05/2023	26/05/2023	?	Steve Aoki’s Twitter account	Scammers hack DJ Steve Aoki’s Twitter account to steal $170,000 in a phishing scam related to the PYSOP token,	Account Takeover	Fintech	Cyber Crime	>1		Steve Aoki, Twitter, PYSOP
118	26/05/2023	26/05/2023	26/05/2023	?	Italy’s Ministry of Industry	Italy’s Ministry of Industry says its website and applications were out of order after being hit by a “heavy cyberattack”.	DDoS	Public admin and defence, social security	Hacktivism	IT		Italy, Ministry of Industry
119	26/05/2023	22/12/2022	22/12/2022	?	Nonstop Administration and Insurance Services	Nonstop Administration and Insurance Services files a notice of data breach on behalf of Eisner Health after learning that a 2022 cyberattack compromised confidential information belonging to Eisner Health patients.	Unknown	Human health and social work	Cyber Crime	US		Nonstop Administration and Insurance Services, Eisner Health
120	26/05/2023	-	09/03/2023	?	Alvaria	Alvaria files a notice of data breach on behalf of Shasta Community Health Center, after Alvaria determined that a recent ransomware attack targeting the company’s IT network compromised confidential information related to certain Shasta patients.	Malware	Professional, scientific and technical	Cyber Crime	US		Alvaria, Shasta Community Health Center, ransomware
121	26/05/2023	20/03/2023	27/03/2023	?	Onix Group	Onix Group publishes a “Notice of Data Security Incident” press release after learning that a recent ransomware attack resulted in an unauthorized party being able to access confidential consumer data in the company’s possession.	Malware	Real estate	Cyber Crime	US		Onix Group, ransomware
122	26/05/2023	-	-	?	South Jersey Behavioral Health Resources (SJBHR)	South Jersey Behavioral Health Resources discloses to have suffered a phishing attack.	Account Takeover	Human health and social work	Cyber Crime	US		South Jersey Behavioral Health Resources, SJBHR
123	26/05/2023	03/04/2023	05/04/2023	?	South Jersey Behavioral Health Resources	South Jersey Behavioral Health Resources discloses to have suffered a ransomware attack.	Malware	Human health and social work	Cyber Crime	US		South Jersey Behavioral Health Resources, ransomware
124	27/05/2023	27/05/2023	27/05/2023	NoName057(16)	Several Italian Ministries	The pro-Russian hacktivists from the NoName057(16) collective take down several Italian government websites including the Ministry for Business and Made in Italy, the High Council of the Judiciary, the Transport Authority, and the Italian Navy.	DDoS	Public admin and defence, social security	Hacktivism	IT		Russia, NoName057(16), Ministry for Business and Made in Italy, High Council of the Judiciary, Transport Authority, Italian Navy.
125	27/05/2023	27/05/2023	27/05/2023	Monti	Servizi Omnia	The Monti ransomware gang claims responsibility for an attack against Servizi Omnia.	Malware	Administration and support service	Cyber Crime	IT		Monti, ransomware, Servizi Omnia
126	28/05/2023	28/05/2023	28/05/2023	?	Jimbos Protocol	Jimbos Protocol, an Arbitrum-based DeFi project, suffers a flash loan attack that resulted in the loss of more than of 4000 ETH tokens, currently valued at over $7,500,000.	Flash Loan	Fintech	Cyber Crime	N/A		Jimbos Protocol
127	28/05/2023	27/03/2023	28/03/2023	?	Sparta Community Hospital District	Sparta Community Hospital District in Illinois confirms that the protected health information of up to 900 patients has been exposed and potentially obtained by an unauthorized individual who accessed an employee email account from March 27, 2023, to March 28, 2023.	Account Takeover	Human health and social work	Cyber Crime	US		Sparta Community Hospital District
128	28/05/2023	22/05/2023	22/05/2023	?	Madhya Pradesh Power Management Company (MPPMC)	Madhya Pradesh Power Management Company (MPPMC) is hit with a ransomware attack.	Malware	Electricity, gas steam, air conditioning	Cyber Crime	IN		Madhya Pradesh Power Management Company, MPPMC, ransomware
129	28/05/2023	28/05/2023	28/05/2023	NoName057(16)	BCC Credito Cooperativo	The pro-Russian group NoName057(16) takes down the website of the Italian Bank BCC Credito Cooperativo.	DDoS	Finance and insurance	Hacktivism	IT		Russia, NoName057(16), BCC Credito Cooperativo
130	29/05/2023	-	-	Hacktivists from Ukraine	Skolkovo Foundation	Hacktivists from Ukraine breach the systems of Skolkovo Foundation, the agency which oversees the high-tech business area located on the outskirts of Moscow. According to Skolkovo's statement, the hackers managed to gain limited access to certain information systems of the organization, including its file hosting service on physical servers.	Unknown	Public admin and defence, social security	Hacktivism	RU		Ukraine, Russia, Skolkovo Foundation
131	29/05/2023	-	-	SpinOk	Android users	Researchers at Dr.WEB discover SpinOK, a new Android malware distributed as an advertisement SDK, and collectively downloaded over 400 million times.	Malware	Individual	Cyber Crime	>1		Dr.WEB, SpinOK, Android, Google Play
132	29/05/2023	-	29/05/2023	Impotent	RaidForums	A database for the notorious RaidForums hacking forums is leaked online in the Exposed forum.	Unknown	Other service activities	Cyber Crime	N/A		RaidForums, Exposed
133	29/05/2023	-	-	Spyboy	Multiple organizations	A threat actor known as Spyboy is promoting a tool called "Terminator" on a Russian-speaking hacking forum that can allegedly terminate any antivirus, XDR, and EDR platform. However, security researchers claim that it's just a Bring Your Own Vulnerable Driver (BYOVD) attack.	Malware	Multiple Industries	Cyber Crime	>1		Spyboy, Terminator, Bring Your Own Vulnerable Driver, BYOVD
134	29/05/2023	-	-	DogeRAT	Banking, financial services and insurance (BFSI), e-commerce and entertainment users in India	Researchers from CloudSEK discover a sophisticated malware campaign called DogeRAT, impersonating Android banking, financial services and insurance (BFSI), e-commerce and entertainment apps.	Malware	Multiple Industries	Cyber Crime	IN		CloudSEK, DogeRAT, Android
135	29/05/2023	-	-	GhyamSarnegouni (“Rise to Overthrow”)	Offices of Iranian President Ebrahim Raisi	A trove of documents, images and videos from the offices of Iranian President Ebrahim Raisi are posted online and appear to be authentic.	Unknown	Public admin and defence, social security	Hacktivism	IR		Iran, President Ebrahim Raisi, GhyamSarnegouni, Rise to Overthrow
136	29/05/2023	SInce February 2023	SInce February 2023	GobRAT	Linux routers in Japan	The JPCERT Coordination Center (JPCERT/CC) discovers a campaign targeting Linux routers in Japan via a new Golang remote access trojan (RAT) called GobRAT.	Misconfiguration	Multiple Industries	Cyber Crime	>1		JPCERT Coordination Center, JPCERT/CC, Golang, GobRAT.
137	29/05/2023	During May 2023	During May 2023	UAC-0006	Multiple organizations in Ukraine	The Computer Emergency Response Team of Ukraine (CERT-UA) warns that the financially motivated threat actor UAC-0006 is using compromised email addresses to send compressed files containing JavaScript loaders for SmokeLoader.	Malware	Multiple Industries	Cyber Crime	UA		Computer Emergency Response Team of Ukraine, CERT-UA, UAC-0006, JavaScript, SmokeLoader
138	29/05/2023	-	-	SiegedSec	Several Colombian government websites	A suspected hacktivist group called SiegedSec claims to have leaked 6GB of data, including emails, confidential documents, and ID cards, from several Colombian government websites.	Unknown	Public admin and defence, social security	Hacktivism	CO		SiegedSec
139	30/05/2023	06/04/2023	06/04/2023	?	Enzo Biochem	A ransomware attack on Enzo Biochem resulted in the compromise of test information and personal data of nearly 2.5 million people, according to regulatory filings.	Malware	Professional, scientific and technical	Cyber Crime	US		Enzo Biochem, Ransomware
140	30/05/2023	Since late 2022	Since late 2022	SeroXen	Multiple organizations	Researchers from AT&T reveal that a stealthy remote access trojan (RAT) named 'SeroXen' has recently gained popularity as cybercriminals begin using it for its low detection rates and powerful capabilities.	Malware	Multiple Industries	Cyber Crime	>1		AT&T, RAT, SeroXen
141	30/05/2023	Since October 2022	Since October 2022	Void Rabisu	Multiple organizations	Researchers from Trend Micro discover a new campaign distributing the RomCom backdoor malware, impersonating the websites of well-known or fictional software (including ChatGPT), tricking users into downloading and launching malicious installers.	Malware	Multiple Industries	Cyber Crime	>1		Trend Micro, RomCom, ChatGPT, Void Rabisu
142	30/05/2023	Since February 2023	Since February 2023	Anonymous Sudan	Scandinavian Airlines (SAS)	The pro-Russian group "Anonymous Sudan" makes an unexpected demand of $3 million from Scandinavian Airlines (SAS) in order to halt distributed denial-of-service attacks (DDoS) that have been targeting the airline's websites since February.	DDoS	Transportation and storage	Hacktivism	DK NO SE		Anonymous Sudan, Scandinavian Airlines, SAS, Russia
143	30/05/2023	30/05/2023	30/05/2023	?	Greece’s online examination platform	End-of-year high school exams in Greece are disrupted by "one of the most extensive cyberattacks in the country’s history," according to the country’s Education Ministry.	DDoS	Education	Cyber Crime	GR		Greece
144	30/05/2023	29/05/2023	29/05/2023	?	Mountain View Hospital and Idaho Falls Community Hospital	Mountain View Hospital and Idaho Falls Community Hospital diverts ambulances to other clinics after a cyberattack damaged its computer systems.	Unknown	Human health and social work	Cyber Crime	US		Mountain View Hospital, Idaho Falls Community Hospital
145	30/05/2023	29/05/2023	29/05/2023	?	Mountain View Hospital	Mountain View Hospital is similarly affected by the same attack targeting Idaho Falls Community Hospital.	Unknown	Human health and social work	Cyber Crime	US		Mountain View Hospital, Idaho Falls Community Hospital
146	30/05/2023	-	-	?	Taxpayers in the U.K.	The UK’s tax office (HMRC) warns of a new set of scams designed to trick customers claiming tax credits into handing over their personal and financial information.	Account Takeover	Individual	Cyber Crime	UK		HMRC
147	30/05/2023	SInce at least April 2022	During June 2022	Aggah	Engineering and telecommunications organizations in Israel	Security researchers from Perception Point discover "Operation Red Deer", a sustained phishing campaign convincingly impersonating Israel's postal service, targeting Israeli engineering and telecommunications organizations with the AsyncRAT malware.	Malware	Information and communication	Cyber Crime	IL		Perception Point, Operation Red Deer, AsyncRAT, Aggah
148	30/05/2023	During May 2023	During May 2023	?	Discord communities focused on cryptocurrency	A number of Discord communities focused on cryptocurrency are hacked after their administrators are tricked into running malicious Javascript code disguised as a Web browser bookmark.	Malicious Script Injection	Fintech	Cyber Crime	>1		Discord
149	30/05/2023	Since at least 19/05/2023	19/05/2023	?	Misconfigured Apache NiFi instances	Researchers from SANS Internet Storm Center discover a campaign carried out by a financially motivated threat actor, actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement.	Misconfiguration	Multiple Industries	Cyber Crime	>1		SANS Internet Storm Center, Apache NiFi
150	30/05/2023	31/03/2023	30/03/2023	?	MasterCorp	MasterCorp, Inc. files a notice of data breach after learning that an unauthorized party had gained access to files containing confidential consumer information stored on the company’s computer network.	Unknown	Human health and social work	Cyber Crime	US		MasterCorp
151	30/05/2023	28/05/2023	28/05/2023	?	Medford Radiology Group	Medford Radiology Group discloses a cyberattack that occurred over the Memorial Day weekend.	Unknown	Human health and social work	Cyber Crime	US		Medford Radiology Group
152	30/05/2023	-	-	fibonacci	Italia Militare (italiamilitare.it)	A user dubbed fibonacci leaks the entire database (364,000 records) of Italia Militare, an e-commerce portal for military goods.	SQLi	Wholesale and retail	Cyber Crime	IT		fibonacci, Italia Militare, italiamilitare.it
153	30/05/2023	End of 2022	End of 2022	Threat actors from Brazil	Online banking users in Portugal, Peru, and Mexico.	Researchers from Blackberry reveal the details of Operation CMDStealer: a financially motivated campaign leveraging CMD-based scripts and LOLBaS for online banking theft in Portugal, Peru, and Mexico.	Malware	Finance and insurance	Cyber Crime	MX PE PT		Blackberry, Operation CMDStealer, LOLBaS
154	31/05/2023	-	-	Multiple threat actors	Multiple organizations in the U.S.	The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that the Zyxel vulnerability CVE-2023-28771 is being actively exploited by attackers.	CVE-2023-28771 Vulnerability	Multiple Industries	N/A	US		U.S. Cybersecurity & Infrastructure Security Agency, CISA, Zyxel, CVE-2023-28771
155	31/05/2023	Since February 2022	During May 2023	Dark Pink	Organizations in Belgium, Brunei, Indonesia, Thailand, and Vietnam	Researchers from Group-IB discover a new campaign by the Dark Pink APT targeting organizations in Belgium, Brunei, Indonesia, Thailand, and Vietnam	Targeted Attack	Multiple Industries	Cyber Espionage	BE BN ID TH VN		Group-IB, Dark Pink
156	31/05/2023	30/05/2023	30/05/2023	?	University of Waterloo	Canada’s University of Waterloo confirms to be dealing with a ransomware attack on its email system.	Malware	Education	Cyber Crime	CA		University of Waterloo, ransomware
157	31/05/2023	-	-	?	GSC Game World	Leaked S.T.A.L.K.E.R 2 dev builds surface online, leaving users to wonder if it was somehow related to the GSC Game World security incident a couple of months ago or if it's another issue entirely.	Unknown	Arts entertainment, recreation	Cyber Crime	UA		S.T.A.L.K.E.R 2, GSC Game World
158	31/05/2023	-	-	ALPHV AKA BlackCat	Casepoint	Casepoint says it’s investigating a potential cybersecurity incident after the ransomware group BlackCat claims to have compromised the legal technology platform to steal terabytes of sensitive data.	Malware	Professional, scientific and technical	Cyber Crime	US		ALPHV, BlackCat, ransomware, Casepoint
159	31/05/2023	29/04/2023	01/05/2023	RansomHouse	Mission Community Hospital	Mission Community Hospital is added to the list of the victims of the RansomHouse group, which claimed to have stolen 2.5 TB of data, including a large amount of patient data exploiting vulnerabilities on Paragon and Cisco.	Malware	Human health and social work	Cyber Crime	US		Mission Community Hospital, ransomware, RansomHouse, Cisco, Paragon
160	31/05/2023	30/01/2023	05/02/2023	?	iSpace	iSpace files a notice of data breach after learning that an unauthorized party recently gained access to the company’s computer network where confidential consumer data was stored.	Unknown	Professional, scientific and technical	Cyber Crime	US		iSpace
161	31/05/2023	01/12/2022	06/12/2022	?	Diamond Lakes Federal Credit Union	Diamond Lakes Federal Credit Union files a notice of data breach after learning that an unauthorized party accessed an employee email account containing confidential customer information.	Account Takeover	Finance and insurance	Cyber Crime	US		Diamond Lakes Federal Credit Union
162	31/05/2023	04/02/2023	24/03/2021	?	Dollar Bank	Dollar Bank files a notice of data breach after learning that an unauthorized party was able to access confidential information belonging to Standard Bank customers before the two banks merged.	Unknown	Finance and insurance	Cyber Crime	US		Dollar Bank, Standard Bank
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Creating the timelines is a very time-consuming task.

Any little helps!

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

2022 Cyber Attacks Statistics
And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
Leaky Buckets in 2023
Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...
16-31 July 2023 Cyber Attacks Timeline
New victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability emerged even during...
July 2023 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...