1-15 June 2023 Cyber Attacks Timeline

Last modified: July 19, 2023

Follow me on Twitter

Connect on Linkedin

Connect on Mastodon

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Motivations June H1 2023

Attack Techniques June H1 2023

In the first half of June 2023, I collected 172 events (corresponding to 11.47 events/day), a value that shows a light increase compared to the 161 events in the second timeline of May.

This timeline was characterized by the massive exploitation of the CVE-2023-34362 MOVEit vulnerability by the Clop (AKA Cl0p) ransomware syndicate, leading to a spike on the percentage of attacks carried out exploiting vulnerabilities, with the unprecedented value of 25% (43 out of 172 events), a sharp increase compared to 10% of the second timeline of May. The other obvious consequence was the increase of the percentage of events directly or indirectly characterized by ransomware, soaring to 34.3% (59 out of 172 events), from 23.3% of the previous timeline.

Image by Panumas Nikhomkhai from Pixabay

1-15 June 2023 Cyber Attacks Timeline

In the first half of June 2023, I collected 172 events (corresponding to 11.47 events/day), a value that shows…

The fintech sector continued to be under attack, with the North Korean threat actors from Lazarus Group stealing the equivalent of $35 million from Atomic Wallet. Other fintech organizations hit by attackers included: Floating Point Group (between $15 million and $20 million worth of crypto assets stolen), Sturdy Finance ($800,000), and Hashflow ($600,000). Another remarkable campaign relating to the fintech sector was the one carried out by a threat actor dubbed ‘Pink Drainer’, who compromised the Discord and Twitter accounts of 1,932 victims to steal roughly $3 M worth of digital assets

Even the list of mega breaches is quite reach in this timeline. The unwelcome scepter goes to e-Devlet, a Turkish government portal, from where 85 million accounts were allegedly stolen and published. But a couple of mega breaches also stemmed from the exploitation of the CVE-2023-34362 MOVEit vulnerability, in particular the ones affecting the Louisiana (6 million records) and Oregon (3.5 million) Offices of Motor Vehicles.

The Cyber Espionage front was always hot, with multiple campaigns unearthed and carried out by known threat actors such as Kimsuky and Gamaredon. Particularly interesting is also the so-called ‘Operation Triangulation’: according to Kaspersky the U.S. spied for years on the company (and other Russian organizations) exploiting an iMessage 0-day vulnerability.

And as always, this brief summary is closed by a quick mention to the attacks launched by hacktivists: the pro-Russian threat actors of NoName057(16) targeted several government websites in Switzerland, but the ones from Anonymous Sudan took probably the scene taking down briefly several cloud services from Microsoft. On the other side of the front, pro-Ukrainian hacktivists from Cyber.Anarchy.Squad took down the Russian telecom provider Infotel JSC, and another unknown actor managed to compromise radio and TV broadcasts in several Russian regions, transmitting a fake message from President Vladimir Putin announcing martial law due to a supposedly massive Ukraine incursion.

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map June H1 2023

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/06/2023	Since 27/05/2023	31/05/2023	Clop AKA Lace Tempest, TA505 and FIN11	Multiple organizations	Threat actors are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software, tracked as CVE-2023-34362, to steal data from organizations. Few days later the Clop ransomware gang claims responsibility for the attacks and starts extorting companies impacted by the data theft attacks,	CVE-2023-34362 Vulnerability	Multiple Industries	Cyber Crime	>1		MOVEit, CVE-2023-34362, Clop, Lace Tempest, TA505, FIN11, ransomware
2	01/06/2023	Since 2019	-	?	Kaspersky	Russian cybersecurity firm Kaspersky discloses 'Operation Triangulation': some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits.	iMessage Vulnerability	Professional, scientific and technical	Cyber Espionage	RU		Kaspersky, 'Operation Triangulation': iPhones, iOS, iMessage
3	01/06/2023	-	-	U.S.	Russian diplomats	Russia's Federal Security Service (FSB) also accuses U.S. intelligence of hacking “thousands of Apple phones” to spy on Russian diplomats exploiting the same vulnerability.	iMessage Vulnerability	Professional, scientific and technical	Cyber Espionage	RU		Russia's Federal Security Service, FSB, U.S., Apple, iMessage
4	01/06/2023	Since at least November 2020	-	Horabot	Spanish-speaking users in Latin America	Researchers from Cisco Talos observe a threat actor deploying a previously unidentified botnet called “Horabot,” which delivers a banking trojan and spam tool onto victim machines targeting Spanish-speaking users in Latin America.	Malware	Finance and insurance	Cyber Crime	AR BR GT MX PA UY VE		Cisco Talos, Horabot
5	01/06/2023	Since at least 2022	-	?	Organizations in the United States, the United Kingdom, Australia, Brazil, Peru, and Estonia.	Researchers from Akamai discover a new Magecart credit card stealing campaign hijacking legitimate sites to act as "makeshift" command and control (C2) servers to inject and hide the skimmers on targeted eCommerce sites.	Malicious Script Injection	Wholesale and retail	Cyber Crime	AU BR EE PE GB US		Akamai, Magecart
6	01/06/2023	-	-	Kimsuky AKA Thallium, APT43, Velvet Chollima, and Black Banshee	Individuals employed by research centers and think tanks, academic institutions, and news media organizations	The FBI, the U.S. Department of State, and the National Security Agency (NSA), together with the Republic of Korea’s National Intelligence Service (NIS) issue a warning that describes the spying methods of Kimsuky, the notorious North Korean nation-state hacking group that targets think tanks, academia and news media. The same campaigns ia also unearthed by researchers at Sentinel One.	Targeted Attack	Multiple Industries	Cyber Espionage	KR US		Kimsuky, Thallium, APT43, Velvet Chollima, Black Banshee, FBI, U.S. Department of State, National Security Agency, NSA, Republic of Korea’s National Intelligence Service, NIS, Sentinel One
7	01/06/2023	During May 2023	During May 2023	TA505 (aka Evil Corp)	Multiple organizations	Researchers at VMware’s Carbon Black warn of a surge of TrueBot activity in May 2023.	Malware	Multiple Industries	Cyber Crime	>1		VMware, Carbon Black, TrueBot,TA505, Evil Corp
8	01/06/2023	Mid-April 2023	17/04/2023	?	Multiple organizations	Researchers from ReversingLabs identify a novel attack on PyPI using compiled Python code to evade detection.	Malware	Multiple Industries	Cyber Crime	>1		ReversingLabs, PyPI, Python
9	01/06/2023	End of May 2023	End of May 2023	?	Individuals	Researchers from Avanan discover a campaign hiding malicious links behind convincing photos offering gift cards and loyalty programs from such trusted brands.	Account Takeover	Individual	Cyber Crime	>1		Avanan, Picture-in-Picture
10	01/06/2023	During early May 2023	During early May 2023	PostalFurious	Residents in the United Arab Emirates	Researchers by Group-IB discover a new campaign by the Chinese threat actor PostalFurious targeting residents of the United Arab Emirates.	Account Takeover	Individual	Cyber Crime	AE		Group-IB, PostalFurious, China
11	01/06/2023	Since early January 2023,	Since early January 2023,	Camaro Dragon	European foreign affairs entities linked to Southeast and East Asia	Researchers from Check Point discover a new campaign by the Chinese nation-state group known as Camaro Dragon using a new backdoor dubbed TinyNote.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		Check Point, China, Camaro Dragon, TinyNote
12	01/06/2023	-	-	Akira	Middlesex County Public Schools	The superintendent for Middlesex County Public Schools confirms that the school division was the subject of a recent ransomware attack.	Malware	Education	Cyber Crime	US		Middlesex County Public Schools, ransomware, Akira
13	01/06/2023	-	01/02/2023	?	Gateway First Bank	Gateway First Bank files a notice of data breach after confirming that unusual activity within multiple employee email accounts resulted in confidential customer information being leaked.	Account Takeover	Finance and insurance	Cyber Crime	US		Gateway First Bank
14	01/06/2023	01/06/2023	01/06/2023	Pink Drainer	Orbiter Finance’s Discord server	Orbiter Finance’s Discord server is compromised by bad actors, who share a link to a fraudulent airdrop program.	Account Takeover	Fintech	Cyber Crime	N/A		Orbiter Finance, Pink Drainer
15	02/06/2023	02/06/2023	02/06/2023	NoName057(16)	Swiss Parliament website	The pro-Russia NoName057(16) collective attacks the Swiss parliament website while its members discuss whether the country abandoned its neutrality to send aid to Ukraine.	DDoS	Public admin and defence, social security	Hacktivism	CH		Russia, Ukraine, NoName057(16), Swiss Parliament
16	02/06/2023	SInce at least 16/05/2023	16/05/2023	?	Individuals	Google removes from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million.	Malicious Chrome Extension	Individual	Cyber Crime	>1		Google, Chrome Web Store, PDF Toolbox
17	02/06/2023	Since at least 29/05/2023	-	SpinOk	Android users	Researchers from CloudSEK find the SpinOk malware in a new batch of Android apps on Google Play, reportedly installed an additional 30 million times.	Malware	Individual	Cyber Crime	>1		CloudSEK, SpinOk, Android, Google Play
18	02/06/2023	End of May 2023	02/06/2023	Play	Globalcaja	Globalcaja, a major lender in Spain reveals to be dealing with a ransomware attack affecting several offices. The Play ransomware gang claims responsibility for the attack.	Malware	Finance and insurance	Cyber Crime	ES		Globalcaja, Play, Ransomware
19	02/06/2023	-	01/06/2023	Clop AKA Lace Tempest, TA505 and, FIN11	University of Rochester	The University of Rochester confirms a data theft as a result of the exploitation of the CVE-2023-34362 vulnerability affecting popular file transfer tool MOVEit.	CVE-2023-34362 Vulnerability	Education	Cyber Crime	US		University of Rochester, CVE-2023-34362, MOVEit, ransomware
20	02/06/2023	-	-	?	Multiple U.S. state, county and local governments, a federal agency, and numerous universities	Researchers from Citizen Lab discover a campaign publishing various advertisements for hacking services on the official websites of multiple U.S. state, county and local governments, a federal agency, as well as numerous universities.	Misconfiguration	Multiple Industries	Cyber Crime	>1		Citizen Lab
21	02/06/2023	19/02/2023	20/02/2023	?	EpiSource	EpiSource files a notice of data breach after learning that suspicious activity within the company’s Amazon Web Services (AWS) environment resulted in an unauthorized party being able to access confidential consumer data.	Account Takeover	Professional, scientific and technical	Cyber Crime	US		Episource, AWS
22	02/06/2023	09/05/2022	'Recently'	?	CareNet Medical Group (CMG)	CareNet Medical Group (CMG) files a notice of data breach after learning that hackers were able to obtain confidential patient information stored on the company’s IT network.	Unknown	Human health and social work	Cyber Crime	US		CareNet Medical Group, CMG
23	02/06/2023	-	-	?	Elgon Information Systems (HomecareGPS)	Elgon Information Systems (Elgon), which does business under the name HomecareGPS, files a notice of data breach after learning that confidential consumer information entrusted to the company was subject to unauthorized access.	Unknown	Professional, scientific and technical	Cyber Crime	US		Elgon Information Systems, Elgon, HomecareGPS
24	02/06/2023	04/04/2023	07/03/2023	?	MercyOne Clinton (MercyOne, MercyOne Clinics)	MercyOne Clinton (MercyOne, MercyOne Clinics) files a notice of data breach after learning that confidential patient information was leaked following a cyberattack.	Unknown	Human health and social work	Cyber Crime	US		MercyOne Clinton, MercyOne, MercyOne Clinics
25	02/06/2023	04/04/2023	Early May 2023	Nokoyawa	Canopy Children’s Solutions	Mississippi Children’s Home Society, CARES Center, Inc., Mississippi Children’s Home Services, Inc., d.b.a. Canopy Children’s Solutions (Canopy) issues a press release acknowledging that on April 4, they experienced an attack that encrypted some of their files. The Nokoyawa ransomware gang claims responsibility for the attack.	Malware	Human health and social work	Cyber Crime	US		Nokoyawa, Canopy Children’s Solutions, Mississippi Children’s Home Society, CARES Center, Mississippi Children’s Home Services, ransomware
26	03/06/2023	Since at least 25/05/2023	25/05/2023	?	Vulnerable Zyxel VPN and firewall devices	Zyxel publishes a security advisory containing guidance on protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-33009 and CVE-2023-33010.	CVE-2023-33009 and CVE-2023-33010 Vulnerabilities	Multiple Industries	N/A	>1		Zyxel, CVE-2023-33009, CVE-2023-33010
27	03/06/2023	03/06/2023	03/06/2023	Lazarus Group	Atomic Wallet	The developers of Atomic Wallet investigate reports of large-scale theft of cryptocurrency from users' wallets, with over $35 million in crypto reportedly stolen. The North Korean threat actors from the Lazarus Group are believed to be behind the attack.	Unknown	Fintech	Cyber Crime	N/A		Atomic Wallet, Lazarus Group, North Korea
28	03/06/2023	-	During April 2023	?	Individuals in Lithuania	Researchers from Google terminate 13 YouTube channels and 2 Ads accounts part of a coordinated influence operations linked to Lithuania. The campaign was sharing content in Lithuanian that was supportive of Russia and critical of Ukraine, NATO and the EU.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	LT		Google, YouTube, Lithuania, Russia, Ukraine, NATO, EU
29	03/06/2023	-	During April 2023	FROZENBARENTS (Cyber Army of Russia)	Individuals	Researchers from Google terminate 1 YouTube channel part of a coordinated influence operations linked to Russia. The campaign was associated with the FROZENBARENTS persona Cyber Army of Russia, and was sharing content in Russian that focused on sharing hacking techniques.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	>1		Google, YouTube, Russia, FROZENBARENTS, Cyber Army of Russia
30	03/06/2023	-	During April 2023	Russian Internet Research Agency (IRA)	Individuals in EU	Researchers from Google terminate 5 YouTube channels part of a coordinated influence operations linked to Russia. The campaign was linked to the Internet Research Agency (IRA) and was sharing content in Russian that was supportive of Russia and Russian President Vladimir Putin and critical of Ukraine.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	>1		Google, YouTube, Russia, Internet Research Agency, IRA, Ukraine, Vladimir Putin
31	03/06/2023	-	During April 2023	Ukraine	Individuals in Russia	Researchers from Google terminate 139 YouTube channels part of a coordinated influence operations linked to Ukraine. The campaign was sharing content in Russian that was supportive of Russia and Kazakhstan President Kassym-Jomart Tokayev.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	RU		Google, YouTube, Ukraine, Russia, Kazakhstan, President Kassym-Jomart Tokayev.
32	03/06/2023	-	During April 2023	Threat actors from Turkey	Individuals	Researchers from Google terminate 18 YouTube channels, 1 Ads account, and 4 AdSense accounts part of a coordinated influence operations financially motivated linked to Turkey. The campaign was sharing content in English focused on the conflict in Ukraine.	Coordinated Inauthentic Behavior	Individual	Cyber Crime	>1		Google, YouTube, Google Ads, AdSense, Turkey, Ukraine
33	03/06/2023	-	During April 2023	Iran	Individuals in the Middle East	Researchers from Google terminate 6 YouTube channels part of a coordinated influence operations linked to Iran. The campaign was sharing content in Arabic that was supportive of the Iran government.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	>1		Google, YouTube, Iran
34	03/06/2023	-	During April 2023	?	Individuals in Azerbaijan	Researchers from Google terminate 113 YouTube channels part of a coordinated influence operations linked to Azerbaijan. The campaign was sharing content in Azerbaijani that was supportive of Azerbaijan and critical of Armenia and critics of the Azerbaijani government.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	AM		Google, YouTube, Azerbaijan, Armenia
35	03/06/2023	-	During April 2023	Uzbekistan	Individuals in Uzbekistan	Researchers from Google terminate 141 YouTube channels part of a coordinated influence operations linked to Uzbekistan. The campaign was sharing content in Uzbeki language that was supportive of Uzbekistan President Shavkat Mirziyoyev.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	UZ		Google, YouTube, Uzbekistan, President Shavkat Mirziyoyev.
36	03/06/2023	-	During April 2023	China	Individuals Worldwide	Researchers from Google terminate 3,495 YouTube channels and 28 Blogger blogs part of a coordinated influence operations linked to China. These channels mostly uploaded spammy content in Chinese about music, entertainment, and lifestyle. A very small subset uploaded content in Chinese and English about China and US foreign affairs.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	>1		Google, YouTube, Blogger, China, US
37	03/06/2023	Early June 2023	Early June 2023	?	Online sellers	Online sellers are targeted in a new campaign to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks.	Malware	Wholesale and retail	Cyber Crime	>1		Vidar
38	03/06/2023	-	-	?	Sky Italia	Sky Italia informs some customers of "illicit cyber activities" that could have affected their data.	Unknown	Information and communication	Cyber Crime	IT		Sky Italia
39	03/06/2023	-	-	Snatch	SsangYong Motor	The Snatch ransomware team adds SsangYong Motor to the list of their victims	Malware	Manufacturing	Cyber Crime	KR		Snatch, Ransomware, SsangYong Motor
40	03/06/2023	-	-	DarkRace	CONATECO	The DarkRace cyber criminal gang claims responsibility for a cyber attack to Conateco, a terminal in the Naples port.	Malware	Transportation and storage	Cyber Crime	IT		DarkRace, ransomware, CONATECO
41	03/06/2023	-	-	DarkRace	Pluriservice	The DarkRace cyber criminal gang claims responsibility for a cyber attack to Pluriservice, leading to the exfiltration of 43 gb of data.	Malware	Manufacturing	Cyber Crime	IT		DarkRace, ransomware, Pluriservice
42	04/06/2023	-	01/06/2023	Clop AKA Lace Tempest, TA505 and, FIN11	Government of Nova Scotia	The government of Nova Scotia confirms a data theft as a result of the exploitation of the CVE-2023-34362 vulnerability affecting popular file transfer tool MOVEit.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	CA		Nova Scotia, CVE-2023-34362, MOVEit, ransomware
43	04/06/2023	-	-	?	Android users	A security researchers discovers that Swing VPN an Android app available on the official Google Play Store with more than 5 million downloads is in reality a DDoS botnet.	Malware	Individual	Cyber Crime	>1		Swing VPN, Android, Google Play Store
44	05/06/2023	05/06/2023	05/06/2023	?	Radio and TV broadcasts in several Russian regions	Unknown hackers manage to compromise radio and TV broadcasts in several Russian regions, transmitting a fake message from President Vladimir Putin announcing martial law due to a supposedly massive Ukraine incursion.	Unknown	Information and communication	Hacktivism	RU		Ukraine, Russia, President Vladimir Putin
45	05/06/2023	-	-	?	Unknown organization(s)	Google releases a security update for Chrome to address CVE-2023-3079, the third zero-day vulnerability that hackers exploited this year.	CVE-2023-3079 Vulnerability	Unknown	N/A	N/A		Google, Chrome, CVE-2023-3079
46	05/06/2023	05/06/2023	05/06/2023	Anonymous Sudan	Microsoft Outlook.com	Outlook.com suffers a series of outages, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service.	DDoS	Professional, scientific and technical	Hacktivism	US		Microsoft, Outlook.com, Anonymous Sudan
47	05/06/2023	-	-	?	Individuals in the U.S.	The Federal Bureau of Investigation (FBI) warns of a rising trend of malicious actors creating deepfake content to perform sextortion attacks.	Sextortion	Individual	Cyber Crime	US		Federal Bureau of Investigation, FBI, deepfake, sextortion
48	05/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Zellis	The BBC, British Airways (BA), Boots, and Aer Lingus confirm that the personal data of their staff has been exposed to hackers following a cyber incident impacting their payroll provider Zellis carried out exploiting the MOVEit CVE-2023-34362 Vulnerability	CVE-2023-34362 Vulnerability	Administration and support service	Cyber Crime	UK		BBC, British Airways, BA, Zellis, MOVEit, CVE-2023-34362, Aer Lingus, Boots, ransomware
49	05/06/2023	-	-	Cyclops	Multiple organizations	Researchers from Uptycs reveal that the Cyclops group has developed a multi-platform ransomware that can infect Windows, Linux, and macOS systems and also a separate information-stealer malware that can be used to steal sensitive data from infected systems.	Malware	Multiple Industries	Cyber Crime	>1		Uptycs, Cyclops, ransomware, Windows, Linux, macOS
50	05/06/2023	'Recently'	'Recently'	?	Crypto investors	Researchers from Kaspersky discover a new malware campaign exploiting the Satacom downloader, also known as LegionLoader, to distribute a browser extension designed to steal cryptocurrency.	Malware	Fintech	Cyber Crime	>1		Kaspersky, Satacom, LegionLoader
51	05/06/2023	-	29/05/2023	?	i2VPN	Attackers claim to have successfully breached the admin credentials of i2VPN, a popular freemium VPN proxy server app available for download on Google Play and the App Store, and publish the admin credentials in a Telegram channel.	Unknown	Professional, scientific and technical	Cyber Crime	EU		i2VPN, Telegram
52	05/06/2023	Sine Mid-2022	-	?	Government agencies and media organizations in Ukraine	The Computer Emergency Response Team of Ukraine (CERT-UA) discover a cyber espionage campaign active since mid-2022 that gained unauthorized access to "several dozen" computers via an infostealer for Chrome and Opera browsers dubbed ThumbChop.	Targeted Attack	Multiple Industries	Cyber Espionage	UA		Computer Emergency Response Team of Ukraine, CERT-UA, Chrome, Opera, ThumbChop
53	05/06/2023	-	-	Snatch	EliTech Group	The Snatch ransomware group claims to have breached EliTech group, based in Paris, a global in-vitro diagnostics company with laboratories in more than 100 countries around the world and over 650 employees.	Malware	Professional, scientific and technical	Cyber Crime	FR		Snatch, ransomware, EliTech
54	05/06/2023	-	-	Snatch	Briars Group	The Snatch ransomware group claims to have breached Briars Group, a London-based consultancy company.	Malware	Professional, scientific and technical	Cyber Crime	GB		Snatch, ransomware, Briars Group
55	05/06/2023	-	-	Snatch	Mount Desert Hospital	The Snatch ransomware group claims to have breached Mount Desert Hospital in Maine.	Malware	Human health and social work	Cyber Crime	US		Snatch, ransomware, Mount Desert Hospital
56	06/06/2023	Since at least May 2023	During May 2023	Unknown ATP	U.S. aerospace defense industry	Researchers from Adlumin discover a new PowerShell malware script named 'PowerDrop' used in attacks targeting the U.S. aerospace defense industry.	Targeted Attack	Professional, scientific and technical	Cyber Espionage	US		Adlumin, PowerShell, PowerDrop
57	06/06/2023	Since at least October 2022	During May 2023	?	Android users in the U.S.	Researchers from Bitdefender discover 60,000 Android apps disguised as legitimate applications quietly installing adware on mobile devices while remaining undetected for the past six months.	Malware	Individual	Cyber Crime	US		Bitdefender, Android
58	06/06/2023	03/06/2023	03/06/2023	?	Eisai	Pharmaceutical company Eisai has discloses it suffered a ransomware incident that impacted its operations, admitting that attackers encrypted some of its servers.	Malware	Professional, scientific and technical	Cyber Crime	JP		Eisai, ransomware
59	06/06/2023	Between September 2022 to March 2023	-	TAG-71 (APT38)	Financial institutions and venture capital firms in Japan, Vietnam, and the United States	Researchers from Recorded Future discover a cluster of malicious activity spoofing several financial institutions and venture capital firms in Japan, Vietnam, and the United States, carried out by Threat Activity Group 71 (TAG-71), with significant overlaps with the North Korean state-sponsored APT38.	Account Takeover	Finance and insurance	Cyber Crime	JP US VN		Recorded Future, Threat Activity Group 71, TAG-71, North Korea, APT38
60	06/06/2023	Since at least 2021	-	Impulse Team	Crypto investors	Researchers from Trend Micro uncover a massive cryptocurrency scam involving more than a thousand websites handled by different affiliates linked to a program called Impulse Project, run by a Russian-speaking threat actor named Impulse Team.	Cryptocurrency Scam	Fintech	Cyber Crime	>1		Trend Micro, Impulse Project, Crypto
61	06/06/2023	08/11/2022	08/11/2022	?	Pearland Independent School District (Pearland ISD)	Pearland Independent School District (Pearland ISD) files a notice of data breach after learning that confidential information stored on the district’s computer system was accessed by an unauthorized party.	Unknown	Education	Cyber Crime	US		Pearland Independent School District, Pearland ISD
62	06/06/2023	01/03/2023	02/03/2023	?	Vertex	Ascension postes a notice describing a “security incident” after learning that a ransomware cyberattack at Vertex, one of the company’s vendors resulted in leaked patient data.	Malware	Professional, scientific and technical	Cyber Crime	US		Ascension, Vertex
63	06/06/2023	-	-	Play	Mayberry Investments Limited	Mayberry Investments Limited is hit with a Play ransomware attack.	Malware	Finance and insurance	Cyber Crime	JM		Mayberry Investments Limited, Play, ransomware
64	06/06/2023	-	-	LockBit 3.0	STIM Group	The LockBit ransomware gang claims responsibility for an attack to STIM Group, exfiltrating 14 gb of data.	Malware	Manufacturing	Cyber Crime	IT		LockBit, LockBit 3.0, STIM Group
65	06/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	ABIM (American Board of Internal Medicine)	ABIM confirm to have been hit by a cyber attack exploiting the MOVEit CVE-2023-34362 Vulnerability	CVE-2023-34362 Vulnerability	Other service activities	Cyber Crime	US		Clop, Lace Tempest, TA505, FIN11, ABIM, American Board of Internal Medicine, Ransomware
66	07/06/2023	Since at least 07/06/2023	07/06/2023	?	Minecraft players	Attackers are using the popular Minecraft modding platforms Bukkit and CurseForge to distribute a new 'Fractureiser' information-stealing malware through uploaded modifications and by injecting malicious code into existing projects.	Malware	Arts entertainment, recreation	Cyber Crime	>1		Minecraft, Bukkit, CurseForge, Fractureiser
67	07/06/2023	-	02/06/2023	LockBit 3.0	YKK	The Japanese zipper giant YKK confirms that its U.S. operations were targeted by hackers in recent weeks but said it was able to contain the threat before damage was caused. However the LockBit ransomware gang posts the company name on its leak site, threatening to leak the stolen data.	Malware	Manufacturing	Cyber Crime	JP		YKK, LockBit, LockBit 3.0, ransomware
68	07/06/2023	07/06/2023	07/06/2023	?	Université Aix-Marseille	The Université Aix-Marseille (Aix-Marseille University), one of the oldest in France, announces that it had been hit by a cyberattack, sending staff home as they could not access the university network.	Unknown	Education	Cyber Crime	FR		Université Aix-Marseille, Aix-Marseille University
69	07/06/2023	'Recently'	'Recently'	Clop AKA Lace Tempest, TA505 and, FIN11	Extreme Networks	Extreme Networks reveals to be investigating the impact of a data breach related to MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Manufacturing	Cyber Crime	US		Clop, Lace Tempest, TA505, FIN11, Extreme Networks, MOVEit, CVE-2023-34362, ransomware
70	07/06/2023	-	During mid-March 2023	RomCom	Ukrainian Politicians	Researchers from Blackberry reveal that the threat actor known as RomCom has returned to the scene, targeting Ukrainian politicians through a trojanized version of Devolutions Remote Desktop Manager.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	UA		Blackberry, RomCom, Devolutions Remote Desktop Manager.
71	07/06/2023	-	During mid-March 2023	RomCom	Healthcare organization in the United States	Researchers from Blackberry reveal that the threat actor known as RomCom has returned to the scene, targeting a healthcare organization in the United States involved with aiding refugees, through a trojanized version of Devolutions Remote Desktop Manager.	Targeted Attack	Human health and social work	Cyber Espionage	US		Blackberry, RomCom, Devolutions Remote Desktop Manager
72	07/06/2023	-	08/02/2023	08/02/2023	D'Youville University	D'Youville University files a notice of data breach after discovering that certain files containing confidential student information were removed from the school’s computer network by an unauthorized party	Unknown	Education	Cyber Crime	US		D'Youville University
73	07/06/2023	14/09/2021	14/09/2021	?	Marshall & Melhorn	Marshall & Melhorn files a notice of data breach after determining that an unauthorized party was able to access confidential information stored on the firm’s IT network.	Unknown	Professional, scientific and technical	Cyber Crime	US		Marshall & Melhorn
74	07/06/2023	-	28/12/2022	?	CGM	CGM files a notice of data breach after learning that an unauthorized party was able to access confidential personal information stored on the company’s computer system.	Unknown	Professional, scientific and technical	Cyber Crime	US		CGM
75	07/06/2023	07/06/2023	07/06/2023	?	Bennet	Bennet, an Italian supermarket chain, temporarily suspends the online services after suffering a cyber attack.	Unknown	Wholesale and retail	Cyber Crime	IT		Bennet
76	07/06/2023	-	31/05/2023	Clop AKA Lace Tempest, TA505 and, FIN11	BORN Ontario	BORN Ontario (Better Outcomes Registry & Network) reveals to have been hit by a data breach related to MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	CA		BORN, Ontario, Better Outcomes Registry & Network, MOVEit, CVE-2023-34362, Clop, Lace Tempest, TA505, FIN11
77	08/06/2023	08/06/2023	08/06/2023	Cyber.Anarchy.Squad	Infotel JSC	A group of Ukrainian hackers known as the Cyber.Anarchy.Squad claims responsibility for an attack that took down Russian telecom provider Infotel JSC.	DDoS	Information and communication	Hacktivism	RU		Russia, Ukraine, Cyber.Anarchy.Squad, Infotel JSC
78	08/06/2023	08/06/2023	08/06/2023	Anonymous Sudan	Microsoft OneDrive	Microsoft is investigating an ongoing outage that prevents OneDrive customers from accessing the cloud file hosting service worldwide, just as the threat actor known as 'Anonymous Sudan' claims to be DDoSing the service	DDoS	Professional, scientific and technical	Hacktivism	US		Microsoft, OneDrive, Anonymous Sudan
79	08/06/2023	Since at least 2020	During March 2022	Asylum Ambuscade	Individuals, cryptocurrency traders, and small and medium businesses (SMBs) in various verticals.	Researchers from ESET disclose the details of the latest campaigns from the cyber espionage/cyber crime group known as 'Asylum Ambuscade'.	Malware	Multiple Industries	Cyber Crime	>1		ESET; Asylum Ambuscade
80	08/06/2023	Since at least early May 2023	During May 2023	?	Unknown organization(s)	Researchers release a proof-of-concept (PoC) exploit for CVE-2023-29336, an actively exploited Windows local privilege escalation vulnerability fixed as part of the May 2023 Patch Tuesday.	CVE-2023-29336 Vulnerability	Unknown	N/A	N/A		CVE-2023-29336, Windows
81	08/06/2023	23/05/2023	23/05/2023	Play	Xplain	The Swiss government discloses that they were impacted by a ransomware attack on Xplain, a Swiss technology provider supplying various government departments, administrative units, and even the country's military force with software solutions.	Malware	Professional, scientific and technical	Cyber Crime	CH		Play, Xplain
82	08/06/2023	-	-	?	Town of Montclair	The mayor of New Jersey township Montclair says the government is dealing with a cyber incident that has limited operations.	Unknown	Public admin and defence, social security	Cyber Crime	US		Town of Montclair
83	08/06/2023	08/06/2023	08/06/2023	?	City of Fayetteville	The city of Fayetteville takes web-based city services offline due to a "suspected cyber incident	Unknown	Public admin and defence, social security	Cyber Crime	US		City of Fayetteville
84	08/06/2023	-	02/02/2023	Clop AKA Lace Tempest, TA505 and FIN11	Intellihartx	Intellihartx, a company providing patient balance resolution services to hospitals, informs roughly 490,000 individuals that their personal information was compromised in the GoAnywhere zero-day attack earlier this year.	CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability	Professional, scientific and technical	Cyber Crime	US		Clop, Cl0p Lace Tempest, TA505, FIN11, Intellihartx, CVE-2023-0669, Fortra, GoAnywhere
85	08/06/2023	-	-	?	Organizations in the banking and financial services sector	Researchers from Microsoft uncover a multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attack against banking and financial services organizations.	Account Takeover	Finance and insurance	Cyber Crime	>1		Microsoft, adversary-in-the-middle, AiTM, phishing, business email compromise, BEC
86	08/06/2023	Since at least March 2023	-	Discodtehe	Multiple organizations	Moderators of the r/ChatGPT Discord channel banned a user who was freely sharing stolen OpenAI API keys with hundreds of other users, scraped from source code published to the software collaboration platform Replit.	Misconfiguration	Multiple Industries	Cyber Crime	>1		Discodtehe, r/ChatGPT, Discord, OpenAI, Replit
87	08/06/2023	Since at least October 2022	Between November 2022 and January 2023	?	Government entities in Libya	Researchers from Check Point discover a wave of highly-targeted espionage attacks in Libya using a new custom modular backdoor dubbed Stealth Soldier.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	LY		Check Point, Stealth Soldier
88	08/06/2023	End of May 2023	End of May 2023	?	Multiple organizations	Researchers from Avanan discover a phishing campaign exploiting the German Anga Com Conference.	Account Takeover	Information and communication	Cyber Crime	>1		Avanan, Anga Com
89	08/06/2023	-	-	UNC4841?	Australian Capital Territory government (ACT)	The Australian Capital Territory government (ACT) discloses to be one of the victims of the CVE-2023-2868 vulnerability found in Barracuda's email security gateway (ESG).	CVE-2023-2868 Vulnerability	Public admin and defence, social security	Cyber Espionage	AU		UNC4841, Australian Capital Territory government, ACT, CVE-2023-2868, Barracuda. Email Security Gateway, ESG
90	08/06/2023	05/04/2023	06/04/2023	?	FirstBank Puerto Rico	Mortgage Industry Advisory Corporation (MIAC) files a notice of data breach on behalf of FirstBank Puerto Rico after MIAC determined that a cyberattack targeting the company’s IT network resulted in FirstBank customer data being leaked.	Unknown	Finance and insurance	Cyber Crime	US		Mortgage Industry Advisory Corporation, MIAC, FirstBank Puerto Rico
91	08/06/2023	-	19/11/2022	?	CIBT (CIBT Visas)	CIBT (CIBT Visas) files a notice of data breach after confirming that suspicious activity on the company’s computer network was the result of a recent cyberattack.	Unknown	Administration and support service	Cyber Crime	US		CIBT, CIBT Visas
92	08/06/2023	'Over the past few weeks'	-	?	Twitter accounts of eight popular public figures	Scammers hacked into the Twitter accounts of eight popular public figures, including OpenAI CTO Mira Murati and crypto critic Peter Schiff, to promote phishing scams and steal $1 million. The hacked accounts include Pudgy Penguins founder Cole Villemain, NFT collector Steve Aoki and Bitcoin Magazine editor Pete Rizzo.	Account Takeover	Fintech	Cyber Crime	>1		Twitter, OpenAI, Mira Murati, Peter Schiff, Pudgy Penguins, Cole Villemain, Steve Aoki, Pete Rizzo
93	09/06/2023	09/06/2023	09/06/2023	Anonymous Sudan	Microsoft Azure	The Microsoft Azure Portal is down, as the threat actor known as Anonymous Suda claims to be targeting the site with a DDoS attack.	DDoS	Professional, scientific and technical	Hacktivism	US		Microsoft, Azure, Anonymous Sudan
94	09/06/2023	-	09/06/2023	?	University of Manchester	The University of Manchester warns staff and students that they suffered a cyberattack (rumored as ransomware) where threat actors likely stole data from the University's network.	Malware	Education	Cyber Crime	GB		University of Manchester, ransomware
95	09/06/2023	Since Early May 2023	Since Early May 2023	Pink Drainer	Discord and Twitter accounts for cryptocurrency-stealing attacks	Researchers from Scam Sniffer reveal that a hacking group tracked as 'Pink Drainer' is impersonating journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency-stealing attacks, compromising the accounts of 1,932 victims to steal roughly $3 M worth of digital assets	Account Takeover	Fintech	Cyber Crime	>1		Scam Sniffer, Pink Drainer, Discord, Twitter
96	09/06/2023	09/06/2023	09/06/2023	?	Kaiserslautern University of Applied Sciences (HS Kaiserslautern)	The Kaiserslautern University of Applied Sciences (HS Kaiserslautern) is the latest German-speaking university to be hit by a ransomware attack	Malware	Education	Cyber Crime	DE		Kaiserslautern University of Applied Sciences, HS Kaiserslautern
97	09/06/2023	31/05/2023	31/05/2023	Clop AKA Lace Tempest, TA505 and, FIN11	Illinois Department of Innovation & Technology (DoIT)	The Illinois Department of Innovation & Technology (DoIT) reveals to be investigating the impact of a data breach related to MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	US		Illinois Department of Innovation & Technology, DoIT, MOVEit, CVE-2023-34362, Lace Tempest, TA505, FIN11, ransomware
98	09/06/2023	-	-	0mega	Undisclosed organization	Researchers from Obsidian observe a successful ransomware attack against Sharepoint Online (Microsoft 365) via a Microsoft Global SaaS admin account rather than the more usual route of a compromised endpoint.	Account Takeover	Unknown	Cyber Crime	N/A		Obsidian, Sharepoint Online, Microsoft 365, Microsoft Global SaaS, 0mega
99	09/06/2023	-	-	State-sponsored threat actor	Large public organizations in Vietnam	Researchers from Elastic discover SPECTRALVIPER, a backdoor from a state-sponsored threat actor targeting Vietnamese public companies.	Targeted Attack	Multiple Industries	Cyber Espionage	VN		Elastic. SPECTRALVIPER
100	09/06/2023	-	-	?	e-Devlet	A website called sorgupaneli.org is offering to provide Turkish 85 million citizens’ private data allegedly stolen from the e-Devlet government services website, even claiming to be able to offer President Recep Tayyip Erdogan’s personal information.	Unknown	Public admin and defence, social security	Cyber Crime	TR		sorgupaneli.org, e-Devlet, Recep Tayyip Erdogan
101	09/06/2023	Since September 2022	Since at least September 2022	BatCloak	Multiple organizations	Researchers from Trend Micro warn of a new obfuscation tool, dubbed BatCloak, becoming increasingly popular with a staggering 80% success rate when it comes to allowing malicious BAT files to slip past antivirus detection engines.	Malware	Multiple Industries	Cyber Crime	>1		Trend Micro, BatCloak
102	09/06/2023	30/09/2022	11/11/2022	?	Leidos	Leidos files a notice of data breach after learning that confidential consumer data in the company’s possession was subject to unauthorized access after a vulnerability in software created by Diligent Corporation was exploited.	Vulnerability in Diligent Software	Professional, scientific and technical	Cyber Crime	US		Leidos, Diligent Corporation
103	09/06/2023	02/04/2023	08/04/2023	?	Tompkins-Seneca-Tioga Board of Cooperative Educational Services (TST BOCES)	The Tompkins-Seneca-Tioga Board of Cooperative Educational Services (TST BOCES), files a notice of data breach after learning about a data security incident that leaked the personal information of over 11,000 individuals.	Unknown	Education	Cyber Crime	US		Tompkins-Seneca-Tioga Board of Cooperative Educational Services, TST BOCE
104	09/06/2023	18/05/2023	18/05/2023	Daixin	Columbus Regional Healthcare System (CRHS)	Columbus Regional Healthcare System (CRHS) is hit with a Daixin ransomware attack.	Malware	Human health and social work	Cyber Crime	US		Columbus Regional Healthcare System, CRHS, Daixin, ransomware
105	09/06/2023	-	12/05/2023	?	Gainwell Technologies	The Idaho Department of Health and Welfare confirms that the personal information of 2,501 Medicaid recipients has potentially been accessed and/or obtained in a data breach at its claims processor, Gainwell Technologies.	Account Takeover	Professional, scientific and technical	Cyber Crime	US		Idaho Department of Health and Welfare, Medicaid, Gainwell Technologies
106	09/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Minnesota Department of Education (MDE).	The Minnesota Department of Education (MDE), is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	US		Clop, Lace Tempest, TA505, FIN11, Minnesota Department of Education, MDE, MOVEit, CVE-2023-34362, ransomware
107	10/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Drake University	The Drake University confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Education	Cyber Crime	US		Drake University, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
108	11/06/2023	29/05/2023	02/06/2023	LockBit 3.0	Gruppo Mercurio	Gruppo Mercurio, an Italian vehicle transportation company, is hit with a LockBit 3.0 ransomware attack.	Malware	Transportation and storage	Cyber Crime	IT		Gruppo Mercurio, LockBit, LockBit 3.0, ransomware
109	12/06/2023	12/06/2023	12/06/2023	NoName057(16)	Various websites of the Federal Administration and enterprises affiliated with the Swiss Confederation	A press release on the Swiss government portal warns of access problems on various Federal Administration websites, as well as its online services due to a DDos attack by the pro-Russia NoName057(16) collective.	DDoS	Public admin and defence, social security	Hacktivism	CH		Russia, Ukraine, Switzerland, NoName057(16)
110	12/06/2023	-	During June 2023	?	Zacks Investment Research	Zacks Investment Research (Zacks) reportedly suffers an older, previously undisclosed data breach impacting 8.8 million customers, with the database now shared on a hacking forum.	Unknown	Professional, scientific and technical	Cyber Crime	US		Zacks Investment Research
111	12/06/2023	-	-	Volt Typhoon (AKA Bronze Silhouette)	Government, manufacturing, and critical infrastructure organizations	Fortinet reveals that the critical FortiOS SSL VPN vulnerability CVE-2023-27997 that was patched last week "may have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organizations.	CVE-2023-27997 Vulnerability	Multiple Industries	Cyber Espionage	>1		Volt Typhoon, Bronze Silhouette, Fortinet, FortiOS, CVE-2023-27997
112	12/06/2023	-	01/06/2023	Clop AKA Lace Tempest, TA505 and, FIN11	Ofcom	Britain’s communications regulator Ofcom announces that confidential information which it held on companies it regulates was downloaded by hackers exploiting the CVE-2023-34362 vulnerability in the MOVEit file transfer tool.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	GB		Ofcom, CVE-2023-34362, MOVEit, ransomware
113	12/06/2023	21/05/2023	21/05/2023	?	Development Bank of Southern Africa (DBSA)	The Development Bank of Southern Africa reveals that it was hit with an Akira ransomware attack.	Malware	Finance and insurance	Cyber Crime	ZA		Development Bank of Southern Africa, Akira, Ransomware
114	12/06/2023	-	-	Three suspects from the Vinnytsia region in west-central Ukraine	Individuals in Ukraine	Ukraine's Cyber Police shuts down a bot farm allegedly spreading disinformation on social media in an attempt to sway public opinion about Russia’s war in Ukraine, made of over 4,000 fraudulent accounts pretending to belong to Ukrainian citizens.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	UA		Ukraine, Russia
115	12/06/2023	-	-	?	Students searching or applying for grants and scholarships	The Better Business Bureau (BBB) warns students searching or applying for grants and scholarships via a Free Application for Federal Student Aid (FAFSA) form by the June 30 deadline to watch out for scammers trying to take advantage of this stressful period.	Scam	Education	Cyber Crime	US		Better Business Bureau, BBB, Free Application for Federal Student Aid, FAFSA
116	12/06/2023	02/02/2023	13/04/2023	?	Commonwealth Health Physician Network-Cardiology, AKA Great Valley Cardiology	Commonwealth Health Physician Network-Cardiology, also known as Great Valley Cardiology (GVC), notifies 181,764 patients of a network breach that resulted in access to protected health information	Brute-force	Human health and social work	Cyber Crime	US		Commonwealth Health Physician Network-Cardiology, Great Valley Cardiology, GVC
117	12/06/2023	Since at least early 2023	Early 2023	Pikabot	Multiple organizations	Researchers from Sophos discover a new modular malware trojan, dubbed Pikabot, that can execute a diverse range of malicious commands, and is believed to share similarities with the QakBot trojan, including distribution methods.	Malware	Multiple Industries	Cyber Crime	>1		Sophos, Pikabot, QakBot trojan
118	12/06/2023	12/06/2023	12/06/2023	NoName057(16)	Swiss Parliament website	The pro-Russian hacktivists from the NoName057(16) collective claim to have taken down (again) the Swiss Parliament website.	DDoS	Public admin and defence, social security	Hacktivism	CH		Russia, NoName057(16), Swiss Parliament
119	12/06/2023	-	-	?	Atlanta Women’s Health Group (AWHG)	Atlanta Women’s Health Group (AWHG) files a notice of data breach after learning about a recent cybersecurity incident that made confidential patient information available to an unauthorized party.	Unknown	Human health and social work	Cyber Crime	US		Atlanta Women’s Health Group, AWHG
120	12/06/2023	-	-	?	Generations Federal Credit Union (GFCU)	Generations Federal Credit Union (GFCU) files a notice of data breach after learning that confidential consumer information entrusted to the company was subject to unauthorized access.	Unknown	Finance and insurance	Cyber Crime	US		Generations Federal Credit Union, GFCU
121	12/06/2023	During March 2023	'Recently'	Trigona	City of Franklin	The Trigona ransomware gang claims to have breached the city of Franklin, Tennessee.	Malware	Public admin and defence, social security	Cyber Crime	US		Trigona, ransomware, Franklin, Tennessee
122	12/06/2023	12/06/2023	12/06/2023	?	Sturdy Finance	Sturdy Finance offers a $10,000 "bounty" and no legal consequences to a hacker if they return the $800,000 they stole from the decentralized finance platform.	Undisclosed vulnerability	Fintech	Cyber Crime	N/A		Sturdy Finance
123	12/06/2023	09/06/2023	09/06/2023	?	Centro Basile	Centro Basile, an Italian healthcare company, is hit with a cyber attack.	Unknown	Human health and social work	Cyber Crime	IT		Centro Basile
124	12/06/2023	Since June 2020	-	David Smith	DoorDash Drivers	David Smith, a 21-year-old man is accused of targeting DoorDash drivers in an elaborate scheme, stealing more than $950,000.	Account Takeover	Accommodation and food service	Cyber Crime	US		David Smith, DoorDash
125	13/06/2023	Since June 2022,	-	?	Individuals	Researchers from Bolster discover a widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands, tricking people into entering their account credentials and financial information on fake websites.	Account Takeover	Individual	Cyber Crime	>1		Bolster
126	13/06/2023	Since at least September 2023	During September 2023	UNC3886	Multiple organizations	VMware patches CVE-2023-20867, a critical vulnerability that, according to researchers from Mandiant, is exploited by a Chinese threat actor dubbed UNC3886, for targeted attacks.	CVE-2023-20867 Vulnerability	Multiple Industries	Cyber Espionage	>1		VMware, CVE-2023-20867, Mandiant, UNC3886
127	13/06/2023	Since at least the end of May 2023	End of May 2023	?	Individuals operating in the cryptocurrency space	Researchers from Dr.Web reveal that attackers are distributing Windows 10 using torrents that hide cryptocurrency hijackers in the EFI (Extensible Firmware Interface) partition to evade detection.	Malware	Fintech	Cyber Crime	>1		Dr.Web, Windows 10, EFI, Extensible Firmware Interface
128	13/06/2023	-	-	?	Russian players of the Enlisted multiplayer first-person shooter	Researchers from Cyble discover a new ransomware operation targeting Russian players of the Enlisted multiplayer first-person shooter, using a fake website to spread trojanized versions of the game delivering a fake Wannacry cryptor.	Malware	Arts entertainment, recreation	Cyber Crime	RU		Cyble, Enlisted, Wannacry, ransomware
129	13/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Missouri’s Office of Administration, Information Services and Technology Division (OA-ITSD)	Missouri’s Office of Administration, Information Services and Technology Division (OA-ITSD) reveals to be investigating what may have been taken by hackers during a cyberattack exploiting the CVE-2023-34362 MOVEit vulnerability.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	US		Missouri’s Office of Administration, Information Services and Technology Division, OA-ITSD, MOVEit, CVE-2023-34362, Lace Tempest, TA505, FIN11, ransomware
130	13/06/2023	Since More than one year	Since More than one year	Russia?	Individuals in France	French officials accuse Russian actors of launching “a digital information manipulation campaign against France,” with the assistance of Russian state entities, involving the creation of fake websites impersonating French government departments and national media outlets, alongside fake social media accounts.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	FR		Russia, France
131	13/06/2023	-	-	Russian-speaking threat actor	Organizations in in Europe, the United States, and Latin America	Researchers from Kaspersky discover a sophisticated attack by Russian-language actors, using DoubleFinger, a novel loader and malware-laced PNG image file to drop malware for stealing cryptocurrency or business account information,	Malware	Fintech	Cyber Crime	>1		Kaspersky, DoubleFinger
132	13/06/2023	Since at least May 2023	During May 2023	Skuld	Organizations across Europe, Southeast Asia, and the U.S.	Researchers from Trellix discover a new Golang-based information stealer called Skuld, and able to steal Discord and Browser datas from the victims.	Malware	Multiple Industries	Cyber Crime	>1		Trellix, Go, Skuld, Discord
133	13/06/2023	03/06/2023	03/06/2023	ALPHV AKA BlackCat	Automatic Systems	The ALPHV/BlackCat ransomware gang claims responsibility for the attack on Automatic Systems, a subsidiary of French conglomerate Bolloré. The gang’s post on its leak site includes over a hundred samples of stolen data, ranging from non-disclosure agreements (NDAs) to copies of passports.	Malware	Professional, scientific and technical	Cyber Crime	FR		ALPHV, BlackCat, ransomware, Automatic Systems, Bolloré
134	13/06/2023	18/03/2023	04/04/2023	?	Maimonides Medical Center (MMC)	Maimonides Medical Center (MMC) posts a notice on its website informing patients of a recent data breach after learning that hackers were able to illegally obtain access to confidential patient information.	Unknown	Human health and social work	Cyber Crime	US		Maimonides Medical Center (MMC)
135	13/06/2023	22/05/2023?	Mid-June 2023	Rhysida	Paris High School	The Rhysida ransomware gang adds the Paris High School in Illinois to their leak site as an “auction” item.	Malware	Education	Cyber Crime	US		Rhysida, ransomware, Paris High School, Illinois
136	13/06/2023	-	-	?	OSG Hengelo	The school community OSG Hengelo is hit with a ransomware attack.	Malware	Education	Cyber Crime	NL		OSG Hengelo, ransomware
137	13/06/2023	-	-	?	subitodisponibile.com	subitodisponibile.com, an Italian e-commerce portal, has 300,000 users leaked on the Exposed forum.	SQLi	Wholesale and retail	Cyber Crime	IT		subitodisponibile.com
138	13/06/2023	-	17/02/2023	?	Bi-Bett Corporation	Bi-Bett Corporation files a notice of data breach after discovering that an unauthorized party was able to access an employee’s email account containing sensitive patient information.	Account Takeover	Human health and social work	Cyber Crime	US		Bi-Bett Corporation
139	13/06/2023	-	-	Black Byte	Yamaha Music USA	Yamaha Music USA suffers a ransomware attack by the Black Byte group.	Malware	Manufacturing	Cyber Crime	US		Yamaha Music USA, ransomware, Black Byte
140	13/06/2023	-	-	?	Brunswick Corporation	Brunswick Corporation experiences a cyber attack.	Unknown	Manufacturing	Cyber Crime	US		Brunswick Corporation
141	14/06/2023	Since at least early May 2023	During early May 2023	?	Cybersecurity researchers and firms involved in vulnerability research	Researchers from VulnCheck discover a campaign where attackers are impersonating cybersecurity researchers on Twitter and GitHub to publish fake proof-of-concept exploits for zero-day vulnerabilities that infect Windows and Linux with malware.	Malware	Individual	Cyber Crime	>1		VulnCheck,Twitter, GitHub, Windows, Linux
142	14/06/2023	Since at least September 2021	During September 2021	ChamelGang	Multiple organizations	Researchers from Stairwell discover a new campaign by the Chinese threat group 'ChamelGang' infecting Linux devices with a previously unknown implant named 'ChamelDoH,' allowing DNS-over-HTTPS communications with attackers' servers.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		Stairwell, ChamelGang, Linux, ChamelDoH, DNS-over-HTTPS
143	14/06/2023	Since February 2023	Since February 2023	Cadet Blizzard AKA DEV-0586	Ukrainian government organizations and IT providers.	Researchers from Microsoft link a threat group tracked as Cadet Blizzard to Russia’s Main Directorate of the General Staff of the Armed Forces (GRU),	Targeted Attack	Multiple Industries	Cyber Espionage	UA		Microsoft, Cadet Blizzard, Russia, Main Directorate of the General Staff of the Armed Forces, GRU
144	14/06/2023	Since March 2023	SInce at least March 2023	ChromeLoader	Visitors of warez and pirated movie sites	Researchers from HP discover a new ChromeLoader campaign, infecting visitors of warez and pirated movie sites with a new variant of the search hijacker and adware browser extension named Shampoo.	Malicious Chrome Extension	Individual	Cyber Crime	>1		HP, ChromeLoader, Chrome, Shampoo
145	14/06/2023	'Recently'	'Recently'	CL-STA-0043	Governmental entities in the Middle East and Africa	Researchers from Palo Alto Networks identify multiple espionage attacks targeting governmental entities in the Middle East and Africa, by a threat actor dubbed CL-STA-0043, exploiting vulnerable on-premises Internet Information Services (IIS) and Microsoft Exchange servers to infiltrate target networks.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	>1		Palo Alto Networks, Middle East, CL-STA-0043, Internet Information Services, IIS, Microsoft Exchange
146	14/06/2023	14/04/2023	14/04/2023	?	International Chapter of the P.E.O. Sisterhood (P.E.O.)	International Chapter of the P.E.O. Sisterhood (P.E.O.) files a notice of data breach after learning that a recent ransomware attack resulted in an unauthorized party gaining access to confidential consumer information.	Malware	Human health and social work	Cyber Crime	US		International Chapter of the P.E.O. Sisterhood, P.E.O.
147	14/06/2023	-	-	North Korea	South Korea	The South Korea National Intelligence Service (NIS) reveals that North Korea has created a fake version of South Korea's largest internet portal, Naver, in a large scale phishing attempt	Account Takeover	Individual	Cyber Espionage	KR		South Korea National Intelligence Service, NIS, North Korea, South Korea, Naver
148	14/06/2023	11/06/2023	11/06/2023	?	Floating Point Group	Floating Point Group suspends operations out of an "abundance of caution" after a hacker stole at least $15million to $20 million from the crypto brokerage firm,	Unknown	Fintech	Cyber Crime	N/A		Floating Point Group
149	14/06/2023	14/06/2023	14/06/2023	?	Hashflow	An attacker exploits a smart contract vulnerability to steal at least $600,000 from trading firm Hashflow.	Smart Contract Vulnerability	Fintech	Cyber Crime	N/A		Hashflow
150	15/06/2023	SInce late April 2023	During May 2023	Mystic Stealer	Multiple organizations	Several security companies discover 'Mystic Stealer', a new information-stealing malware promoted on hacking forums and darknet markets, gaining traction in the cybercrime community and targeting 40 web browsers, 70 browser extensions, 21 cryptocurrency applications, 9 MFA and password management applications, 55 cryptocurrency browser extensions, Steam and Telegram credentials, and more.	Malware	Multiple Industries	Cyber Crime	>1		Mystic Stealer
151	15/06/2023	Since at least May 2023	During May 2023	DcRAT	Individuals	Researchers from eSentire discover a campaign using fake OnlyFans content and adult lures to install a remote access trojan known as 'DcRAT,' allowing threat actors to steal data and credentials or deploy ransomware on the infected device.	Malware	Individual	Cyber Crime	>1		eSentire, DcRAT, OnlyFans
152	15/06/2023	Between February and March 2023	Between February and March 2023	Gamaredon (aka Armageddon or Shuckworm)	Critical organizations in Ukraine's military and security intelligence sectors	Researchers from Broadcom/Symantec reveal that the Russian state-sponsored hacking group Gamaredon (aka Armageddon or Shuckworm) continues to target critical organizations in Ukraine's military and security intelligence sectors, employing a refreshed toolset and new infection tactics using USB malware.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	UA		Broadcom, Symantec, Russia, Gamaredon, Armageddon, Shuckworm, USB
153	15/06/2023	SInce 10/10/2022	02/12/2022	UNC4841	Government agencies and other important organizations in at least 16 countries.	Researchers from Mandiant reveal that a suspected pro-China hacker group tracked by as UNC4841 has been linked to data-theft attacks on Barracuda ESG (Email Security Gateway) appliances via malware families known as 'Saltwater,' 'Seaspy,' and 'Seaside' exploiting CVE-2023-2868.	CVE-2023-2868 Vulnerability	Multiple Industries	Cyber Espionage	>1		Mandiant, China, UNC4841, Barracuda ESG, Saltwater, Seaspy, Seaside, CVE-2023-2868
154	15/06/2023	Since August 2022	17/03/2023	SpaceCobra	Android users	Researchers from ESET identify an updated version of the Android GravityRAT spyware, distributed as the messaging apps BingeChat and Chatico, able to steal WhatsApp backup files and to receive commands to delete files.	Malware	Individual	Cyber Crime	>1		ESET, Android, GravityRAT, BingeChat, Chatico, WhatsApp
155	15/06/2023	27/05/2023	29/05/2023	Rhysida	Chilean Army (Ejército de Chile)	Threat actors behind a recently surfaced ransomware operation known as Rhysida have leak online what they claim to be documents stolen from the network of the Chilean Army (Ejército de Chile).	Malware	Public admin and defence, social security	Cyber Crime	CL		Rhysida, Chilean Army, Ejército de Chile
156	15/06/2023	Since 27/05/2023	-	Clop AKA Lace Tempest, TA505 and, FIN11	Louisiana Office of Motor Vehicles	Louisiana Office of Motor Vehicles warns that 6 millions of driver's licenses were exposed in a data breach after the Clop ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	US		Clop, Lace Tempest, TA505, FIN11, Louisiana Office of Motor Vehicles, MOVEit, CVE-2023-34362, ransomware
157	15/06/2023	Since 27/05/2023	01/06/2023	Clop AKA Lace Tempest, TA505 and, FIN11	Oregon Office of Motor Vehicles	Oregon Office of Motor Vehicles (Oregon Department of Transportation) warns that 3.5 millions of driver's licenses were exposed in a data breach after the Clop ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	US		Clop, Lace Tempest, TA505, FIN11, Oregon Office of Motor Vehicles, MOVEit, CVE-2023-34362, Oregon Department of Transportation, ransomware
158	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Shell	Shell confirms to have been impacted by the Clop ransomware gang’s breach of the MOVEit file transfer tool exploiting the CVE-2023-34362 vulnerability, after the group lists the British oil and gas multinational on its extortion site.	CVE-2023-34362 Vulnerability	Electricity, gas steam, air conditioning	Cyber Crime	GB		Clop, Lace Tempest, TA505, FIN11. Shell, MOVEit, CVE-2023-34362, ransomware
159	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	U.S Department of Energy (DOE)	The U.S Department of Energy confirms that two DOE entities suffered a breach after the Clop ransomware gang exploited the CVE-2023-34362 vulnerability, affecting the MOVEit file transfer tool.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	US		Clop, Lace Tempest, TA505, FIN11, U.S Department of Energy, DOE, Clop, Ransomware, CVE-2023-34362, MOVEit, ransomware
160	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Colorado Department of Health Care Policy & Financing	Colorado Department of Health Care Policy & Financing confirms that it is in the process of investigating an incident involving the data of state residents stolen exploiting the CVE-2023-34362 vulnerability, affecting the MOVEit file transfer tool.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	US		Colorado Department of Health Care Policy & Financing, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505 and, FIN11, ransomware
161	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	1st Source	1st Source, a U.S.-based financial services organization is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		1st Source, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
162	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	First National Bankers Bank	First National Bankers Bank, a U.S.-based financial services organization is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		First National Bankers Bank, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505 and, FIN11, ransomware
163	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Putnam Investments	The Boston-based investment management firm Putnam Investments is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Putnam Investments, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
164	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Landal Greenparks	Landal Greenparks, a Netherlands-based network of holiday villages, is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Arts entertainment, recreation	Cyber Crime	NL		Landal Greenparks, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
165	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	GreenShield Canada	GreenShield Canada, a non-profit benefits carrier that provides health and dental benefits, is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	CA		GreenShield Canada, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
166	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Datasite	Financial software provider Datasite is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Professional, scientific and technical	Cyber Crime	US		Datasite, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
167	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	National Student Clearinghouse	Educational non-profit National Student Clearinghouse, is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Education	Cyber Crime	US		National Student Clearinghouse, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
168	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	United Healthcare Student Resources	Student health insurance provider United Healthcare Student Resources is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Education	Cyber Crime	US		United Healthcare Student Resources, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
169	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Leggett & Platt	American manufacturer Leggett & Platt is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Manufacturing	Cyber Crime	US		Leggett & Platt, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
170	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	ÖKK	Swiss insurance company ÖKK is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	CH		ÖKK, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
171	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	University System of Georgia (USG)	The University System of Georgia (USG) is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Education	Cyber Crime	US		University System of Georgia, USG, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
172	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Heidelberg	German mechanical engineering company Heidelberg is listed in the Clop ransomware gang leak site after the attackers exploited the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Manufacturing	Cyber Crime	DE		Heidelberg, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
173	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Johns Hopkins University	The Johns Hopkins University confirms to have been hit by a cyber attack exploiting the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Education	Cyber Crime	US		Johns Hopkins University, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
174	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Transport for London (TfL)	Transport for London (TfL) confirms to have been hit by a cyber attack exploiting the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Transportation and storage	Cyber Crime	GB		Transport for London, TfL, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
175	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Ernst & Young (EY)	Ernst & Young (EY) confirms to have been hit by a cyber attack exploiting the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Professional, scientific and technical	Cyber Crime	GB		Ernst & Young, EY, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
176	15/06/2023	23/02/2023	22/05/2023	?	Bryan Cave	Mondelez, the U.S. manufacturer of Oreo cookies and Milka chocolate, warns employees that their personal data has been compromised through a breach at the law firm Bryan Cave, which provides legal services to Mondelez and other Fortune 500 companies.	Unknown	Professional, scientific and technical	Cyber Crime	US		Mondelez, Bryan Cave
177	15/06/2023	-	-	Diicot	Multiple organizations	Researchers from Cado Labs discover a new campaign from the Romanian threat actor Diicot deploying the off-the-shelf Mirai-based bot known as Cayosin, targeting routers running the Linux-based embedded devices operating system OpenWrt.	Malware	Multiple Industries	Cyber Crime	>1		Cado, Diicot, Mirai, Cayosin, Linux, OpenWrt
178	15/06/2023	-	24/05/2023	?	Multiple organizations	An NPM package called “bignum” is altered, by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones distributing malware.	Malware	Multiple Industries	Cyber Crime	>1		NPM, bignum, S3
179	15/06/2023	During April 2023	-	Unattributed APT actors	Unnamed federal civilian executive branch (FCEB) agency	The CISA, FBI, and MS-ISAC reveal that a U.S. federal agency was compromised by exploiting CVE-2017-9248 in the agency’s IIS server by unattributed APT actors—specifically within the Telerik UI for ASP.NET AJAX DialogHandler component.	CVE-2017-9248 vulnerability	Public admin and defence, social security	Cyber Espionage	US		CISA, FBI, MS-ISAC, Microsoft Internet Information Services, IIS, .NET, Progress Telerik UI, CVE-2017-9248
180	15/06/2023	-	-	?	Service members of the U.S. Military	Service members across the military report receiving smartwatches unsolicited in the mail. The smartwatches, when used, auto-connect to Wi-Fi and begin connecting to cell phones unprompted, gaining access to a myriad of user data, and could also connect malware.	Malware	Public admin and defence, social security	Cyber Espionage	US		Miltary, smartwatches
181	15/06/2023	20/04/2023	20/04/2023	?	Atrium Health Wake Forest Baptist	Atrium Health Wake Forest Baptist announces that patient information was stored in an employee email account that was accessed by unauthorized individuals as a result of the employee being tricked by a phishing email.	Account Takeover	Human health and social work	Cyber Crime	US		Atrium Health Wake Forest Baptist
182	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	Heidelberger Druck	German prining company Heidelberger Druck confirms to have been hit by a cyber attack exploiting the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Administration and support service	Cyber Crime	DE		Heidelberger Druck, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
183	15/06/2023	-	-	Clop AKA Lace Tempest, TA505 and, FIN11	University of Georgia (UGA)	The University of Georgia (UGA) confirms to have been hit by a cyber attack exploiting the MOVEit CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Education	Cyber Crime	US		University of Georgia, UGA, CVE-2023-34362, MOVEit, Clop, Lace Tempest, TA505, FIN11, ransomware
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Creating the timelines is a very time-consuming task.

Any little helps!

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

2022 Cyber Attacks Statistics
And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
Leaky Buckets in 2023
Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...
16-31 July 2023 Cyber Attacks Timeline
New victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability emerged even during...
July 2023 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...