In the second half of June 2023, I collected 178 events (corresponding to 11.87 events/day), a result in line with the first timeline of June, when there were 177 events for a daily average of 11.80.
And unsurprisingly, even this timeline was characterized by the massive exploitation of the CVE-2023-34362 MOVEit vulnerability by the Clop (AKA Cl0p) ransomware syndicate, leading to a spike on the percentage of attacks carried out exploiting vulnerabilities, with the new unprecedented value of 29.8% (53 out of 178 events) that beats the previous record of 28.4% tracked during the first half of June. The other obvious consequence was the increase of the percentage of events directly or indirectly characterized by ransomware, soaring to 40.3% (72 out of 178 events) from 34.3% of the previous timeline.
The good news is that, apparently for this fortnight, the fintech sector did not suffer massive breaches, with the partial exception of an undisclosed cryptocurrency exchange in Japan that was targeted by a threat actor dubbed REF9134 through the MacOS JokerSpy backdoor.
There were two mega breaches during this fortnight, and unsurprisingly one of them (the one affecting PBI Research Services) was due to the massive exploitation campaign carried out by the Cl0p ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability. The other breach affected an undisclosed Italian airport that suffered the leak of 7.8 million records.
The Cyber Espionage front was always hot, with multiple campaigns unearthed and carried out by known threat actors such as APT15, APT28, APT29, APT37, Mustang Panda, and the Lazarus Group, just to mention a few.
And as always, this brief summary is closed by a quick mention to the attacks launched by hacktivists: the pro-Russian threat actors of NoName057(16) targeted several government websites in Sweden, and their companions from Anonymous Sudan took down some targets in the U.S.
My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Geo Map June H2 2023
No Data Found
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
U.S. Department of Agriculture
The U.S. Department of Agriculture confirms to have suffered a cyber attack exploiting the MOVEit CVE-2023-34362 vulnerability.
CVE-2023-34362 Vulnerability
Public admin and defence, social security
Cyber Crime
US
U.S. Department of Agriculture, Clop, Cl0p, MOVEit, CVE-2023-34362, ransomware
2
16/06/2023
Since at least 18/04/2023
-
JokerSpy
Multiple organizations
Researchers from BitDefender discover a set of malicious components, believed to be a part of an advanced toolkit designed to compromise macOS systems.
Malware
Multiple Industries
Cyber Crime
>1
JokerSpy, BitDefender, macOS
3
16/06/2023
During mid-January 2023
During mid-January 2023
?
LetsVPN Users
Researchers from Cyble discover numerous counterfeit LetsVPN websites, deliberately designed to distribute malware, masquerading as the genuine LetsVPN application.
Malware
Individual
Cyber Crime
>1
Cyble, LetsVPN
4
16/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Honeywell International
Honeywell International posts a notice on its website describing a data breach resulting from the CVE-2023-34362 vulnerability in MOVEit.
The Hatcher Agency files a notice of data breach after learning that a recent data security incident resulted in confidential consumer information being accessible to an unauthorized party.
Unknown
Administration and support service
Cyber Crime
US
The Hatcher Agency
8
16/06/2023
-
-
?
Parker Wellbore
Parker Wellbore files a notice of data breach after learning that hackers gained access to confidential information that had been entrusted to the company.
Unknown
Administration and support service
Cyber Crime
US
Parker Wellbore
9
16/06/2023
12/02/2023
19/04/2023
?
New Horizons Medical
New Horizons Medical files a notice of data breach after learning that a recent data security incident compromised the personal information of 12,317 New Horizons patients.
Unknown
Human health and social work
Cyber Crime
US
New Horizons Medical
10
16/06/2023
During January 2023
During January 2023
TimisoaraHackerTeam
Undisclosed U.S. cancer center
The Health Sector Cybersecurity Coordination Center issues an alert regarding a new relatively unknown ransomware group named TimisoaraHackerTeam that recently targeted an undisclosed U.S. cancer center.
Malware
Human health and social work
Cyber Crime
US
Health Sector Cybersecurity Coordination Center, TimisoaraHackerTeam, ransomware
11
16/06/2023
End of May 2023
End of May 2023
LockBit
Granules India
The Russia-linked ransomware group LockBit claims responsibility for a cyberattack on Indian pharmaceutical giant Granules India, and publishes portions of the data it allegedly stole.
Malware
Professional, scientific and technical
Cyber Crime
IN
LockBit, LockBit 3.0, Granules India, ransomware
12
16/06/2023
10/06/2023
10/06/2023
?
Smartpay
Eftpos provider Smartpay reveals that criminals stole customer data in a ransomware attack.
Malware
Professional, scientific and technical
Cyber Crime
NZ
Smartpay, ransomware
13
16/06/2023
-
-
?
MyShopCasa
MyShopCasa, an Italian e-commerce site has its database leaked.
Unknown
Wholesale and retail
Cyber Crime
IT
MyShopCasa
14
16/06/2023
-
-
8Base
Studio Legale Ranchino
The Studio Legale Ranchino, an Italian law firm suffers a ransomware attack by the 8Base gang.
Malware
Professional, scientific and technical
Cyber Crime
IT
8Base, Studio Legale Ranchino, ransomware
15
17/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
U.S. Office of Personnel Management
The U.S. Office of Personnel Management confirms to have suffered a cyber attack exploiting the MOVEit CVE-2023-34362 vulnerability.
CVE-2023-34362 Vulnerability
Public admin and defence, social security
Cyber Crime
US
U.S. Office of Personnel Management, Clop, Cl0p, MOVEit, CVE-2023-34362, ransomware
16
18/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Undisclosed Property Manager
Australia's largest private health insurer Medibank Private discloses that a file containing names and contact details of staff members had been compromised after its property manager faced a cybersecurity breach due to the exploitation of the MOVEit CVE-2023-34362 vulnerability.
The collective Turk Hack Team takes down the website of the Central Bank of Malta
DDoS
Finance and insurance
Hacktivism
ML
Turk Hack Team, Central Bank of Malta
18
19/06/2023
'Recently'
'Recently'
APT-C-35 AKA DoNot
Individuals in Pakistan
Researchers from Cyfirma discover three Android apps on Google Play (Device Basic Plus, nSure Chat, and iKHfaa VPN) used by the state-sponsored threat actors to collect intelligence from targeted devices, such as location data and contact lists.
The pro-Russian Killnet hacktivist group claims to have taken down the network infrastructure of the European Investment Bank - EIB.
DDoS
Extraterritorial orgs and bodies
Hacktivism
EU
Killnet, European Investment Bank, EIB
20
19/06/2023
-
19/06/2023
?
BreachForums
The reincarnated BreachForums site just has its user database stolen and published.
Unknown
Other service activities
Cyber Crime
N/A
BreachForums
21
19/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Umpqua Bank
Umpqua Bank confirms that it was impacted by the massive cyberattack targeting the MOVEit file transfer software.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Umpqua Bank, Clop, Cl0p, MOVEit, CVE-2023-34362, ransomware
22
19/06/2023
During January 2023
-
Clop AKA Lace Tempest, TA505 and, FIN11
Blue Cross Vermont
Approximately 16,000 members of Blue Cross Vermont health plans have their protected health information compromised in a January 2023 cyberattack carried out exploiting the CVE-2023-0669 zero-day vulnerability in Fortra’s GoAnywhere MFT file transfer solution and accessed and stole sensitive data such as names, birth dates, addresses, medical information, and insurance information. Around 5% of the affected individuals also had their financial information stolen.
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Human health and social work
Cyber Crime
US
Blue Cross Vermont, CVE-2023-0669, Fortra, GoAnywhere
23
19/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Informatica
Software development firm Informatica reports that the Clop ransomware gang campaign obtained some files exploiting the MOVEit CVE-2023-34362 Vulnerability.
APT28 (AKA BlueDelta, Fancy Bear, Sednit, Forest Blizzard and Sofacy)
Organizations in Ukraine
A joint investigation conducted by Ukraine's Computer Emergency Response Team (CERT-UA) and Recorded Future reveal that the APT28 group, linked to Russia's General Staff Main Intelligence Directorate (GRU), has breached Roundcube email servers belonging to multiple Ukrainian organizations, including government entities, exploiting the vulnerabilities CVE-2020-35730, CVE-2020-12641, and CVE-2021-44026.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
UA
APT28, BlueDelta, Fancy Bear, Sednit, Forest Blizzard, Sofacy, Ukraine's Computer Emergency Response Team, CERT-UA, Recorded Future, Russia's General Staff Main Intelligence Directorate, GRU, Roundcube, CVE-2020-35730, CVE-2020-12641, CVE-2021-44026. Ukraine, Russia
25
20/06/2023
Over the past year
-
?
Multiple organizations
Researchers from Group-IB discover more than 101,000 ChatGPT user accounts stolen by information-stealing malware on various underground websites.
Malware
Multiple Industries
Cyber Crime
>1
Group-IB, ChatGPT
26
20/06/2023
Since at least 2020
'Recently'
State-sponsored APT aligned with China
Organizations in East Asia
Researchers at Bitdefender reveal the details of Operation RedClouds, a campaign carried out by an advanced threat actor aligned with China, using a custom malware dubbed 'RDStealer' to automatically steal data from drives shared through Remote Desktop connections.
Researchers from AhnLab reveal that an unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig coin miner.
VMware warns that the CVE-2023-20887 vulnerability, allowing remote code execution, is being actively exploited in attacks.
CVE-2023-20887 Vulnerability
Multiple Industries
N/A
>1
VMware, CVE-2023-20887
29
20/06/2023
Since May 2023
During May 2023
Condi
Vulnerable TP-Link routers
Researchers from Fortinet warn that a new DDoS-as-a-Service botnet called "Condi" is exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to build an army of bots to conduct attacks.
Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers' credit cards and personal information.
Malicious Script Injection
Manufacturing
Cyber Crime
US
iOttie
31
20/06/2023
-
13/06/2023
?
Hawaiʻi Community College
Hawaiʻi Community College discloses to be dealing with a ransomware attack.
Malware
Education
Cyber Crime
US
Hawaiʻi Community College, ransomware
32
20/06/2023
29/04/2023
-
?
Vincera Institute
Vincera Institute, a leading healthcare facility in Philadelphia, issues a notice regarding a recent ransomware attack
Malware
Human health and social work
Cyber Crime
US
Vincera Institute, ransomware
33
20/06/2023
-
-
?
Community Research Foundation
Community Research Foundation (CRF) files a notice of data breach, noting that a “Hacking/IT Incident” resulted in the confidential information of 30,057 individuals being leaked.
Unknown
Human health and social work
Cyber Crime
US
Community Research Foundation, CRF
34
20/06/2023
-
13/03/2023
?
Kannact
Kannact files a notice of data breach after determining that a recent data security incident resulted in unauthorized access to confidential consumer information that was in the company’s possession.
Unknown
Professional, scientific and technical
Cyber Crime
US
Kannact
35
20/06/2023
Around 10/06/2023
-
?
Stephen F. Austin State University
Stephen F. Austin State University is hit with a cyberattack.
Unknown
Education
Cyber Crime
US
Stephen F. Austin State University
36
20/06/2023
-
19/06/2023
-
Radà
A database with 25,000 records of the Italian jewelry firm Radà, is published on Breach Forums.
Unknown
Manufacturing
Cyber Crime
IT
Radà, Breach Forums
37
20/06/2023
-
-
?
City of San Luis
The City of San Luis discloses an unauthorized access to an employee’s email account that contained the protected health information of 6,848 individuals
Account Takeover
Public admin and defence, social security
Cyber Crime
US
City of San Luis
38
21/06/2023
Between late 2022 and early 2023
-
APT15 AKA Nickel, Flea, Ke3Chang, and Vixen Panda
Foreign affairs ministries in Central and South American countries
Researchers from Broadcom/Symantec unearth a new campaign by the Chinese state-sponsored group tracked as APT15, using a novel backdoor named 'Graphican'.
Multinational shipping company UPS alerts Canadian customers that some of their personal information might have been exposed via its online package look-up tools and abused in phishing attacks.
Account Takeover
Administration and support service
Cyber Crime
CA
UPS
40
21/06/2023
During May 2023
During May 2023
APT37 (AKA StarCruft, Reaper, or RedEyes)
Multiple organizations
Researchers from AhnLab reveal the details of the latest campaign from the North Korean threat actor APT37 using two new custom malware strains dubbed 'AblyGo backdoor' and 'FadeStealer'.
Russian officials and diplomats have been coordinating an unusually organized and large-scale disinformation campaign to discredit reports that the nation is responsible for the June 6 collapse of the Nova Kakhovka Dam.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
>1
Russia, Nova Kakhovka Dam
42
21/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Gen
Cybersecurity giant Gen, which owns well-known brands like Norton, Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner, confirms that its data was accessed through a cyber attack exploiting the MOVEit CVE-2023-34362 vulnerability.
The Metro Vancouver Transit Police confirms to have suffered a cyber attack exploiting the MOVEit CVE-2023-34362 vulnerability.
CVE-2023-34362 Vulnerability
Public admin and defence, social security
Cyber Crime
CA
Metro Vancouver Transit Police, MOVEit, CVE-2023-34362, ransomware
44
21/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
University of Missouri
The University of Missouri confirms to have suffered a cyber attack exploiting the MOVEit CVE-2023-34362 vulnerability.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
US
University of Missouri, MOVEit, CVE-2023-34362, ransomware
45
21/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Telos
Telos, a US defense contractor specializing in cybersecurity, says that attackers downloaded its client data by exploiting the MOVEit transfer vulnerability.
CVE-2023-34362 Vulnerability
Professional, scientific and technical
Cyber Crime
US
Telos, MOVEit, CVE-2023-34362, ransomware
46
21/06/2023
-
-
APT29 AKA Cozy Bear, Nobelium, Midnight Blizzard
Governments, IT service providers, nongovernmental organizations (NGOs), and defense and critical manufacturing industries.
Researchers from Microsoft detect increased credential attack activity by the threat actor APT29 (Midnight Blizzard) using residential proxy services to obfuscate the source of their attacks.
Password-spray
Multiple Industries
Cyber Espionage
>1
APT29, Cozy Bear, Nobelium, Midnight Blizzard
47
21/06/2023
-
-
ALPHV AKA BlackCat
Beverly Hills Plastic Surgery (BHPS)
The ALPHV/BlackCat ransomware gang claims responsibility for the attack to Beverly Hills Plastic Surgery (BHPS).
Researchers from Zscaler discover a new malware variant, RedEnergy stealer that fits into the hybrid Stealer-as-a-Ransomware threat category.
Malware
Multiple Industries
Cyber Crime
>1
Zscaler, RedEnergy, Stealer-as-a-Ransomware
49
21/06/2023
-
-
Cyber Criminals in Ukraine
Online wallets of Canadian citizens
Ukrainian cyber police disrupt a fake investment scam that involved stealing cryptocurrency from the online wallets of several Canadian citizens.
Scam
Individual
Cyber Crime
CA
Ukraine, Canada
50
21/06/2023
During Late May 2023
During Late May 2023
REF9134
Unknown cryptocurrency exchange located in Japan
Researchers from Elastic reveal that an unknown cryptocurrency exchange located in Japan was the target of an attack to deploy the Apple macOS backdoor called JokerSpy.
Malware
Fintech
Cyber Crime
JP
REF9134, Elastic, Apple, macOS, JokerSpy
51
21/06/2023
-
-
labs666
Maxar Technologies
A threat actor with the moniker labs666 active on a Russian-language hacker forum posts an advertisement offering access for sale to a military satellite operated by Maxar Technologies.
Unknown
Professional, scientific and technical
Cyber Crime
US
labs666, Maxar Technologies
52
21/06/2023
-
-
labs666
AT&T Corporation
The same threat actor is also offering email account access to AT&T Corporation.
Unknown
Information and communication
Cyber Crime
US
labs666, AT&T Corporation
53
21/06/2023
'Recently'
'Recently'
MULTI#STORM
Organizations in India and the U.S
Researchers from Securonix discover a new phishing campaign codenamed MULTI#STORM targeting organizations in India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems.
Malware
Multiple Industries
Cyber Crime
IN
US
Securonix, MULTI#STORM, JavaScript
54
21/06/2023
From mid-2022 and early 2023
-
Mudded Libra
Multiple organizations
Researchers from Palo Alto Networks disclose the details of Muddled Libra, a threat group targeting large outsourcing firms with multi-layered, persistent attacks that start with smishing and end with data theft.
Account Takeover
Professional, scientific and technical
Cyber Crime
>1
Palo Alto Networks, Muddled Libra, Oktapus
55
21/06/2023
-
-
?
Forevermoto
Forevermoto, an Italian e-commerce site dedicated to motorbikes has its database leaked online.
Unknown
Wholesale and retail
Cyber Crime
IT
Forevermoto
56
22/06/2023
-
-
?
Internet-exposed Linux and Internet of Things (IoT) devices
Researchers from Microsoft discover a cryptojacking campaign brute-forcing Internet-exposed Linux and Internet of Things (IoT) devices, and using a trojanized OpenSSH version.
Brute-force
Multiple Industries
Cyber Crime
>1
Microsoft, Linux, Internet of Things, IoT, OpenSSH
57
22/06/2023
SInce at least 14/03/2023
14/03/2023
?
Vulnerable IoT devices
Researchers from Palo Alto Networks discover a variant of the Mirai botnet targeting almost two dozen vulnerabilities aiming to take control of D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek devices to use them for distributed denial-of-service (DDoS) attacks.
Security researchers from Deep Instinct discover a new malicious Javascript dropper named PindOS that delivers the Bumblebee and IcedID malware typically associated with ransomware attacks.
Malware
Multiple Industries
Cyber Crime
>1
Deep Instinct, Javascript, PindOS, Bumblebee, IcedID, ransomware
59
22/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
PricewaterhouseCoopers (PWC)
PricewaterhouseCoopers (PWC) discloses that a small number of clients had some files impacted in a cyber incident involving the MOVEit vulnerability
Camaro Dragon (AKA Mustang Panda and LuminousMoth)
European healthcare institution
Researchers from Check Point disclose the details of a cyber incident involving a hospital that was inadvertently affected by a self-propagating malware infection introduced to the healthcare institution’s network via a USB drive.
Malware
Human health and social work
Cyber Espionage
N/A
Check Point, Camaro Dragon, Mustang Panda, LuminousMoth
62
22/06/2023
'Recently'
'Recently'
?
U.S healthcare and public health sector
The Health Sector Cybersecurity Coordination Center warns that SEO poisoning attacks have been used "recently and frequently" against the U.S healthcare and public health sector.
Malware
Human health and social work
Cyber Crime
US
Health Sector Cybersecurity Coordination Center, SEO poisoning
63
22/06/2023
'Recently'
'Recently'
Volt Typhoon AKA Vanguard Panda
Undisclosed organization(S)
Researchers from Crowdstrike detect a new campaign by the Chinese state-backed APT Volt Typhoon AKA Vanguard Panda exploiting CVE-2021-40539, a two-year old critical vulnerability in Zoho's ManageEngine ADSelfService Plus.
Targeted Attack
Unknown
Cyber Espionage
>1
Crowdstrike, China, Volt Typhoon, Vanguard Panda, CVE-2021-40539, Zoho, ManageEngine, ADSelfService Plus
64
22/06/2023
'Recently'
'Recently'
Clop AKA Lace Tempest, TA505 and, FIN11
Vitality Group International
Vitality Group International files a notice of data breach after discovering that a vulnerability in a file transfer software used by the company allowed attackers to access certain confidential consumer information. The breach is believed to be related to the MOVEit CVE-2023-34362 Vulnerability.
Desert Physicians Management (DPM) files a notice of data breach after determining that a recent cybersecurity incident compromised confidential patient information.
Unknown
Human health and social work
Cyber Crime
US
Desert Physicians Management, DPM
66
22/06/2023
23/03/2023
23/03/2023
?
Atlanta Postal Credit Union
Atlanta Postal Credit Union (APCU) files a notice of data breach after learning that a recent ransomware attack compromised the confidential information of some bank customers.
Malware
Finance and insurance
Cyber Crime
US
Atlanta Postal Credit Union, ransomware
67
22/06/2023
12/06/2023
12/06/2023
?
San Luis Obispo County Office of Education
San Luis Obispo County Office of Education suffers a cyber attack.
Unknown
Public admin and defence, social security
Cyber Crime
US
San Luis Obispo County Office of Education
68
22/06/2023
19/04/2023
23/04/2023
?
Limbach Facility Services
Limbach Facility Services confirms to have fallen victim to a cyberattack that affected the availability and functionality of its computer network.
Unknown
Professional, scientific and technical
Cyber Crime
US
Limbach Facility Services
69
23/06/2023
27/05/2023
-
Clop AKA Lace Tempest, TA505 and, FIN11
PBI Research Services (PBI)
PBI Research Services (PBI) suffers a data breach with three clients (Genworth Financial, Wilton Reassurance, and CalPERS - California Public Employees' Retirement System) disclosing that the data for 4.75 million people was stolen in the recent MOVEit Transfer data-theft attacks.
CVE-2023-34362 Vulnerability
Administration and support service
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, PBI Research Services, PBI, Genworth Financial, Wilton Reassurance, CalPERS, California Public Employees' Retirement System, MOVEit, CVE-2023-34362, ransomware
70
23/06/2023
30/04/2023
03/05/2023
?
Pilot Credentials
American Airlines and Southwest Airlines, two of the largest airlines in the world, disclose data breaches caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines' pilot applications and recruitment portals.
Unknown
Administration and support service
Cyber Crime
US
American Airlines, Southwest Airlines, Pilot Credentials
71
23/06/2023
'Recently'
'Recently'
?
Players of Super Mario 3: Mario Forever
Researchers from Cyble discover that threat actors are distributing a trojanized sample of the Super Mario 3: Mario Forever installer, distributing the SupremeBot malware.
Malware
Arts entertainment, recreation
Cyber Crime
>1
Cyble, Super Mario 3: Mario Forever, SupremeBot
72
23/06/2023
During June 2023
During June 2023
?
Taylor Swift fans
The Better Business Bureau (BBB) warns of scams involving fake Taylor Swift concert tickets.
Scam
Arts entertainment, recreation
Cyber Crime
>1
Better Business Bureau, BBB, Taylor Swift
73
23/06/2023
Since at least 11/06/2023
11/06/2023
?
Multiple organizations
Researchers from Phylum discover a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems.
Malware
Multiple Industries
Cyber Crime
>1
Phylum, npm
74
23/06/2023
Between 18/04/2023 and 24/04/2023
24/04/2023
?
Senior Choice
Senior Choice, doing business as The Atrium, Beacon Ridge, and The Patriot reports a cyber incident.
Unknown
Human health and social work
Cyber Crime
US
Senior Choice, The Atrium, Beacon Ridge, The Patriot
75
23/06/2023
Between 18/04/2023 and 24/04/2023
24/04/2023
?
Williamsport Home
Williamsport Home confirms that it experienced a data incident,
Unknown
Human health and social work
Cyber Crime
US
Williamsport Home
76
23/06/2023
-
-
Individuals in Ukraine
Azerbaijani citizens
The cyber police of Ukraine, in coordination with the national police, busts four call centers in the Kyiv and Lyiv regions that had been running investment scams targeting Azerbaijani citizens.
Scam
Individual
Cyber Crime
AZ
Cyber Police, Ukraine, Kyiv, Lyiv
77
23/06/2023
22/04/2023
27/04/2023
?
Activate Healthcare
Activate Healthcare files a notice of data breach after learning that an unauthorized party was able to access confidential patient information following what appears to have been a cyberattack.
Unknown
Human health and social work
Cyber Crime
US
Activate Healthcare
78
23/06/2023
15/12/2022
21/12/2022
?
GeoSouthern Energy Corporation
GeoSouthern Energy Corporation file a notice of data breach after learning that a recent cyberattack compromised confidential information belonging to current and former employees as well as their dependents.
Unknown
Electricity, gas steam, air conditioning
Cyber Crime
US
GeoSouthern Energy Corporation
79
23/06/2023
-
02/06/2023
Clop AKA Lace Tempest, TA505 and, FIN11
Harris Health System
Harris Health System notifies patients and employees that some of their protected health information may have been compromised during a cyberattack exploiting the CVE-2023-34362 MOVEit vulnerability.
Superannuation Arrangements of the University of London
The Superannuation Arrangements of the University of London warns of a data breach occurred after the Cl0p ransomware gang exploited the CVE-2023-34362 Vulnerability.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
GB
Superannuation Arrangements of the University of London, CVE-2023-34362, MOVEit, Clop, Cl0p, Lace Tempest, TA505, FIN11, ransomware
81
23/06/2023
-
-
?
Undisclosed airport
The database of an undisclosed Italian airport with 7.8 million records is on sale in the dark web.
Unknown
Transportation and storage
Cyber Crime
IT
Italian Airport
82
24/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
New York City Department of Education (NYC DOE)
The New York City Department of Education (NYC DOE) says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.
CVE-2023-34362 Vulnerability
Public admin and defence, social security
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, New York City Department of Education, NYC DOE, MOVEit, CVE-2023-34362, ransomware
83
24/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
National Student Clearinghouse (NSC),
The National Student Clearinghouse (NSC) is listed by the Cl0p gang among the victims of a data breach occurred exploiting the MOVEit vulnerability.
Officials in Fort Worth, Texas, confirm that a website with government information was breached and accessed by a group of hackers but downplayed the severity of the incident.
Unknown
Public admin and defence, social security
Hacktivism
US
SiegedSec, Fort Worth
85
24/06/2023
-
-
Individuals in Ukraine
Citizens of European countries
The Cyber Police of Ukraine raids nine fraudulent call centers that involved more than 200 operators working in the Kyiv and Dnipro regions, posing as bank and other financial institution employees to obtain credit and debit card data.
Account Takeover
Finance and insurance
Cyber Crime
EU
Cyber Police, Ukraine, Kyiv, Dnipro
86
25/06/2023
SInce at least 24/06/2023
SInce at least 24/06/2023
?
Suncor Energy
Petro-Canada gas stations across Canada are impacted by technical problems preventing customers from paying with credit card or rewards points as its parent company, Suncor Energy, discloses they suffered a cyberattack.
Unknown
Electricity, gas steam, air conditioning
Cyber Crime
CA
Petro-Canada, Suncor Energy
87
25/06/2023
25/06/2023
25/06/2023
?
Activision Blizzard
A distributed denial-of-service (DDoS) attack targets the servers of Diablo’s developer, Activision Blizzard.
DDoS
Arts entertainment, recreation
Cyber Crime
US
Activision Blizzard
88
26/06/2023
Since March 2023
During March 2023
Anatsa
Online banking customers in the U.S., the U.K., Germany, Austria, and Switzerland
Researchers from ThreatFabric discover a new mobile malware campaign pushing the Android banking trojan 'Anatsa' to online banking customers in the U.S., the U.K., Germany, Austria, and Switzerland.
Malware
Finance and insurance
Cyber Crime
AT
CH
DE
GB
US
ThreatFabric, Android, Anatsa
89
26/06/2023
31/05/2023
01/06/2023
Clop AKA Lace Tempest, TA505 and, FIN11
Allegiant Air
Allegiant Air confirms that 1,405 people had information accessed through the exploitation of the MOVEit vulnerability.
Jackson National Life Insurance discloses that 700K-800K of its customers were exposed in a data breach stemming from the exploitation of the MOVEit vulnerability.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Jackson National Life Insurance, Clop, Cl0p, Lace Tempest, TA505, FIN11, Siemens Energy, MOVEit, CVE-2023-34362, ransomware
91
26/06/2023
-
15/06/2023
Clop AKA Lace Tempest, TA505 and, FIN11
Corebridge Financial
Corebridge Financial files a notice regarding a data breach resulting from the CVE-2023-34362 vulnerability in MOVEit.
Gary Motykie, a plastic surgeon, notifies patients about a cyberattack and data theft incident, when the surgeon was contacted by a cyber threat actor who claimed to have accessed his IT systems and was in possession of sensitive patient information.
Unknown
Human health and social work
Cyber Crime
US
Gary Motykie
93
26/06/2023
Between March and August of 2022
-
?
Barrow County
Barrow County in Georgia issued a breach notice about a breach of its email environment that occurred between March and August of 2022.
Account Takeover
Public admin and defence, social security
Cyber Crime
US
Barrow
94
26/06/2023
-
-
Rhysida
Fassi Gru
The Rhysida ransomware gang adds Fassi Gru to their leak site and claims to be in possession of 490 Gb of data.
Unknown
Manufacturing
Cyber Crime
IT
Rhysida, ransomware, Fassi Gru
95
26/06/2023
-
-
8Base
Legalilavoro
Legalilavoro, an Italian law firm, suffers a cyber attack from the 8Base ransomware gang.
Unknown
Professional, scientific and technical
Cyber Crime
IT
Legalilavoro, 8Base, ransomware
96
26/06/2023
-
19/06/2023
NoEscape
CreditTeam
The criminal gang NoEscape claims responsibility for an attack to the Italian financial provider CreditTeam, and leaks 12.1 Gb of data.
Unknown
Finance and insurance
Cyber Crime
IT
NoEscape, CreditTeam
97
27/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Siemens Energy
Siemens Energy confirms that data was stolen during the recent Clop ransomware data-theft attacks using the zero-day vulnerability in the MOVEit Transfer platform.
Researchers from Bitdefender warn of tailor-made scams exploiting the OceanGate disaster.
Scam
Individual
Cyber Crime
>1
Bitdefender, OceanGate
102
27/06/2023
27/06/2023
27/06/2023
NoName057(16)
Nearly a dozen major Ukrainian banks
The pro-Russian hacktivists from the NoName057(16) collective take down several banks in Ukraine including four of the nation's largest commercial banks: First Ukrainian International Bank (PUMB), State Savings Bank of Ukraine (Oshchadbank), Credit Agricole Bank, and Universal Bank.
DDoS
Finance and insurance
Hacktivism
UA
Russia, Ukraine, NoName057(16), First Ukrainian International Bank, PUMB, State Savings Bank of Ukraine, Oshchadbank, Credit Agricole Bank, Universal Bank
103
27/06/2023
'Recently'
'Recently'
Wagner
Multiple organizations in Russia
Researchers from Cyble discover a new ransomware variant called Wagner, infecting user devices and inviting them to join the Wagner Group.
Malware
Multiple Industries
Cyber Crime
RU
Cyble, Wagner
104
27/06/2023
'Recently'
'Recently'
ThirdEye
Multiple organizations
Researchers from Fortinet discover a previously unseen infostealer named “ThirdEye”.
Malware
Multiple Industries
Cyber Crime
>1
Fortinet, ThirdEye
105
27/06/2023
-
02/11/2022
?
Precision Imaging Centers
Precision Imaging Centers files a notice of data breach after the company discovered that it had been the recent victim of a cyberattack, giving hackers to confidential consumer data.
Unknown
Professional, scientific and technical
Cyber Crime
US
Precision Imaging Centers
106
27/06/2023
17/04/2023
17/04/2023
?
MAC Pizza Management
MAC Pizza Management files a notice of data breach after learning that confidential information belonging to thousands of people was compromised following a ransomware attack.
Malware
Accommodation and food service
Cyber Crime
US
MAC Pizza Management, ransomware
107
27/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Maximus
U.S. government contractor Maximus is listed among the victims of the Clop ransomware gang campaign exploiting the MOVEit CVE-2023-34362 Vulnerability.
The College of American Pathologists is listed among the victims of the Clop ransomware gang campaign exploiting the MOVEit CVE-2023-34362 Vulnerability.
CVE-2023-34362 Vulnerability
Other service activities
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, College of American Pathologists, MOVEit, CVE-2023-34362, ransomware
111
27/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Chuck E. Cheese
Chuck E. Cheese is listed among the victims of the Clop ransomware gang campaign exploiting the MOVEit CVE-2023-34362 Vulnerability.
A subpage of the website of the Italian Ministry of Economy and Finance (the welfare fund), is defaced to advertise a gambling site.
Defacement
Public admin and defence, social security
Cyber Crime
IT
Italian Ministry of Economy and Finance
115
27/06/2023
-
-
BlackBasta
Giambelli
The BlackBasta ransomware gang claims responsibility for a cyber attack to Giambelli, an Italian Real Estate firm.
Malware
Real estate
Cyber Crime
IT
BlackBasta, ransomware, Giambelli
116
28/06/2023
During June 2023
Since March 2023
8Base
35 Organizations worldwide
Researchers from VMware/Carbon Black discover a spike of activities by the 8Base ransomware gang.
Malware
Multiple Industries
Cyber Crime
>1
VMware, Carbon Black, 8Base, ransomware
117
28/06/2023
-
23/06/2023
Akira
VMware ESXi servers worldwide
The Akira ransomware operation releases a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide.
Malware
Multiple Industries
Cyber Crime
>1
Akira, ransomware, Linux, VMware, ESXi
118
28/06/2023
'Recently'
'Recently'
Andariel (AKA Stonefly)
Unspecified organization(s)
Researchers from Kaspersky discover a previously undocumented remote access trojan (RAT) named 'EarlyRAT,' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group.
Targeted Attack
Unknown
Cyber Espionage
N/A
Kaspersky, RAT, EarlyRAT, Andariel, Stonefly, Lazarus, North Korea
119
28/06/2023
28/06/2023
28/06/2023
Attackers allegedly affiliated with the Wagner Group
Dozor-Teleport
A group of previously unknown attackers allegedly affiliated with the Wagner Group claims responsibility for a cyberattack on the Russian satellite communications provider Dozor-Teleport and its parent company Amtel Svyaz.
DDoS
Information and communication
Hacktivism
RU
Wagner Group, Dozor-Teleport, Amtel Svyaz
120
28/06/2023
-
-
SiegedSec
Nebraska Supreme Court
Hacktivists from the SiegedSec collective dump some data from the Nebraska Supreme Court.
Unknown
Public admin and defence, social security
Hacktivism
US
SiegedSec, Nebraska Supreme Court
121
28/06/2023
-
-
SiegedSec
South Dakota Boards and Commissions (BAC)
Hacktivists from the SiegedSec collective dump some data from the South Dakota Boards and Commissions
Unknown
Public admin and defence, social security
Hacktivism
US
SiegedSec, South Dakota Boards and Commissions, BAC
122
28/06/2023
-
-
SiegedSec
Texas Behavioral Health Executive Council (BHEC)
Hacktivists from the SiegedSec collective dump some data from the South Dakota Boards and Commissions
Unknown
Public admin and defence, social security
Hacktivism
US
SiegedSec, Texas Behavioral Health Executive Council, BHEC
123
28/06/2023
-
-
SiegedSec
Pennsylvania Provider Self-Service
Hacktivists from the SiegedSec collective dump some data from the Pennsylvania Provider Self-Service
Unknown
Public admin and defence, social security
Hacktivism
US
SiegedSec, Pennsylvania Provider Self-Service
124
28/06/2023
-
-
SiegedSec
South Carolina Criminal Justice Information Services (CJIS)
Hacktivists from the SiegedSec collective dump some data from the South Carolina Criminal Justice Information Services (CJIS)
Unknown
Public admin and defence, social security
Hacktivism
US
SiegedSec, South Carolina Criminal Justice Information Services, CJIS
125
28/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Sony
Sony is listed by the Cl0p gang among the victims of a data breach occurred exploiting the MOVEit vulnerability.
U.S. Department of Health and Human Services (HHS)
The U.S. Department of Health and Human Services (HHS) is listed by the Cl0p gang among the victims of a data breach occurred exploiting the MOVEit vulnerability.
CVE-2023-34362 Vulnerability
Professional, scientific and technical
Cyber Crime
US
U.S. Department of Health and Human Services (HHS), Clop, Cl0p, Lace Tempest, TA505, FIN11, Siemens Energy, MOVEit, CVE-2023-34362, ransomware
128
28/06/2023
21/06/2023
-
?
Radeal
Radeal, the Polish developer of the Android stalkerware ‘LetMeSpy’, informs users that their personal information and collected data was stolen as a result of a cyberattack.
Unknown
Professional, scientific and technical
Cyber Crime
PL
Radeal, Android, LetMeSpy
129
28/06/2023
28/06/2023
28/06/2023
NoName057(16)
SJ AB
The pro-Russian hacktivists from the NoName057(16) collective take down the website of the Swedish railway carrier SJ AB
DDoS
Transportation and storage
Hacktivism
SE
Russia, Ukraine, NoName057(16), SJ AB
130
28/06/2023
28/06/2023
28/06/2023
NoName057(16)
Swedish Financial Supervisory Authority, Finansinspektionen (FI).
The pro-Russian hacktivists from the NoName057(16) collective take down the website of the Swedish Financial Supervisory Authority, Finansinspektionen (FI).
DDoS
Public admin and defence, social security
Hacktivism
SE
Russia, Ukraine, NoName057(16), Swedish Financial Supervisory Authority, Finansinspektionen, FI
131
28/06/2023
During May 2023
During May 2023
APT35 (aka Charming Kitten, Imperial Kitten, or Tortoiseshell)
Israeli Journalist
Researchers from Volexity discover a campaign by the Iranian threat actor Charming Kitten attempting to distribute the POWERSTAR backdoor via a spear-phishing campaign involving an LNK file inside a password-protected RAR file.
Researchers at Check Point uncover a trojanized version of the widely-used Telegram messenger, containing embedded malicious code associated with the Triada trojan.
Malware
Individual
Cyber Crime
>1
Check Point, Telegram,Triada
133
28/06/2023
'Recently'
'Recently'
?
Wealth Enhancement Group (WEG)
Wealth Enhancement Group (WEG) files a notice of data breach after discovering that an unauthorized party was able to access a standalone server in one of the company’s advisor team offices.
Unknown
Finance and insurance
Cyber Crime
US
Wealth Enhancement Group, WEG
134
28/06/2023
14/01/2023
14/01/2023
?
Citi Trends
Citi Trends files a notice of data breach after discovering that an unauthorized party was able to access confidential employee information stored on the company’s IT network.
Unknown
Wholesale and retail
Cyber Crime
US
Citi Trends
135
28/06/2023
01/05/2023
01/05/2023
?
Roosevelt University
Roosevelt University (RU) files a notice of data breach after discovering that an unauthorized actor was able to access confidential student and prospective student information in the school’s possession.
Unknown
Education
Cyber Crime
US
Roosevelt University, RU
136
29/06/2023
SInce at least 08/06/2023
08/06/2023
?
Multiple organizations
Researchers from Akamai discover a proxyjacking campaign targeting vulnerable SSH servers, then launching Docker services that share the victim's bandwidth for money.
Misconfiguration
Multiple Industries
Cyber Crime
>1
Akamai, SSH, Docker
137
29/06/2023
-
29/06/2023
?
Multiple organizations
Researchers from Wordfence disclose that attackers are exploiting CVE-2023-3460, a zero-day privilege escalation vulnerability in the 'Ultimate Member' WordPress plugin to compromise websites by bypassing security measures and registering rogue administrator accounts.
Researchers from Google terminate 14 YouTube channels part of a coordinated influence operations linked to Turkey and sharing content in Turkish supportive of the AK Party.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
TR
Google, YouTube, AK Party, Turkey
141
29/06/2023
-
During May 2023
Turkey
Individuals in Turkey
Researchers from Google terminate 68 YouTube channels part of a coordinated influence operations linked to Turkey and sharing content in Turkish supportive of the Nationalist Movement Party (MHP) and Victory Party.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
TR
Google, YouTube, Nationalist Movement Party, MHP, Victory Party, Turkey
142
29/06/2023
-
During May 2023
Iran
Individuals
Researchers from Google terminate 14 YouTube channels part of a coordinated influence operations linked to Iran and sharing content about a variety of topics including content supportive of Palestine and critical of Israel.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
IL
Google, YouTube, Palestine, Israel, Iran
143
29/06/2023
-
During May 2023
Iran
Individuals
Researchers from Google terminate 3 YouTube channels part of a coordinated influence operations linked to Iran and sharing content in French and English related to Iranian hack-and-leak operations.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
>1
Google, YouTube, Iran
144
29/06/2023
-
During May 2023
Russian consulting firm
Individuals
Researchers from Google terminate 337 YouTube channels part of a coordinated influence operations linked to a Russian consulting firm and sharing content in Russian supportive of Russia and Russian President Vladimir Putin and critical of Ukraine, NATO and the West.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
UA
Google, YouTube, Russia, Vladimir Putin, Ukraine, NATO
145
29/06/2023
-
During May 2023
Russia
Individuals
Researchers from Google terminate 7 YouTube channels part of a coordinated influence operations linked to Russia, and sharing content in Russian that promoted the Wagner Group and Yevgeny Prigozhin.
Researchers from Google terminate 35 Youtube channels part of a coordinated influence operations linked to Spain, and sharing content in Spanish that was critical of the Spanish government.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
ES
Google, YouTube, Spain, Spanish Government
147
29/06/2023
-
During May 2023
Mexico
Individuals in Mexico
Researchers from Google terminate 188 YouTube channels part of a coordinated influence operations linked to Mexico, sharing content in Spanish supportive of the Morena party and Senator Ricardo Monreal.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
MX
Google, YouTube, Mexico, Morena, Ricardo Monreal
148
29/06/2023
-
During May 2023
China
Individuals Worldwide
Researchers from Google terminate 9,599 YouTube channels and 3 Blogger blogs part of a coordinated influence operations linked to China, uploading spammy content in Chinese about music, entertainment and lifestyle. A very small subset uploaded content in Chinese and English about China and U.S. foreign affairs.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
>1
Google, YouTube, Blogger, China, US
149
29/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
The Harrington Company
The Minnesota business firm The Harrington Company is added to the Clop ransomware leak site of the victims of the MOVEit breach.
City National Bank in Miami, Florida is added to the Clop ransomware leak site of the victims of the MOVEit breach.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
City National Bank, Clop, Cl0p, Lace Tempest, TA505, FIN11, Siemens Energy, MOVEit, CVE-2023-34362, ransomware
151
29/06/2023
-
-
BlueNoroff (part of the Lazarus Group)
Multiple organizations
Researchers from Elastic detect a new variant of the RUSTBUCKET malware with improved capabilities to establish persistence and avoid detection by security software.
Malware
Multiple Industries
Cyber Espionage
>1
BlueNoroff, Elastic, RUSTBUCKET, Lazarus, North Korea
152
29/06/2023
Since April 2023
Since April 2023
?
Law firms, Healthcare and Investment Firms
Researchers from Morphisec Labs discover an active GuLoader campaign that primarily focuses on law firms, along with healthcare and investment firms, specifically within the United States
Malware
Multiple Industries
Cyber Crime
US
Morphisec Labs, GuLoader
153
29/06/2023
Earlier in 2023
Earlier in 2023
?
Undisclosed organization(s) in the UAE
The head of UAE Cyber Security reveals that, earlier in 2023, Israel aided the United Arab Emirates (UAE) in helping repel a major distributed denial-of-service (DDoS) attack.
DDoS
Unknown
N/A
UAE
UAE, Israel
154
29/06/2023
27/05/2023
01/06/2023
Clop AKA Lace Tempest, TA505 and, FIN11
Bristol Myers Squibb
Bristol Myers Squibb files a notice regarding a data breach resulting from the CVE-2023-34362 vulnerability in MOVEit.
Advanced Medical Management files a notice of data breach after discovering that portions of the company’s IT network that were designed and maintained by third-party vendors were accessible to an unauthorized party.
Unknown
Human health and social work
Cyber Crime
US
Advanced Medical Management
156
29/06/2023
24/11/2021
-
?
CommerceV3
John & Kira’s and Smithfield Specialty Foods each file a notice of data breach after learning about an incident that occurred at CommerceV3, a company that provides various web-hosting services.
Unknown
Professional, scientific and technical
Cyber Crime
US
John & Kira’s, Smithfield Specialty Foods, CommerceV3
157
29/06/2023
05/04/2023
-
?
Delaware Health Net
The Henrietta Johnson Medical Center postes notice that some patient data was involved in a breach at Delaware Health Network (DHN), a healthcare-controlled network provider and electronic health records management provider that provides services to Henrietta Johnson Medical Center (HJMC) and other entities.
Unknown
Professional, scientific and technical
Cyber Crime
US
Henrietta Johnson Medical Center, HJMC, Delaware Health Network, DHN
158
29/06/2023
27/05/2023
12/06/2023
Rhysida
Lumberton ISD
The Lumberton Independent School District is hit with a Rhysida ransomware attack.
Malware
Education
Cyber Crime
US
Lumberton ISD, Lumberton Independent School District, Rhysida, ransomware
159
29/06/2023
'Recently'
'Recently'
Cyclops
Atherfield Medical & Skin Cancer Clinic
A relatively new ransomware group, Cyclops, claims to have attacked Atherfield Medical & Skin Cancer Clinic in Australia:
Malware
Human health and social work
Cyber Crime
AU
Ransomware, Cyclops, Atherfield Medical & Skin Cancer Clinic
160
29/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Talcott Resolution Life Insurance Company
Talcott Resolution Life Insurance Company is listed among the victims of the Cl0p ransomware gang exploiting the CVE-2023-34362 Vulnerability.
The University of Southern Illinois is listed among the victims of the Cl0p ransomware gang exploiting the CVE-2023-34362 Vulnerability.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
US
University of Southern Illinois, CVE-2023-34362, MOVEit, Clop, Cl0p, Lace Tempest, TA505, FIN11, ransomware
162
29/06/2023
15/06/2023
15/06/2023
?
Lebanon School District
The Lebanon School District is hit by a ransomware attack.
Malware
Education
Cyber Crime
LB
Lebanon School District, ransomware
163
30/06/2023
-
29/06/2023
LockBit 3.0
Kinmax Technology
Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest contract chipmaker, confirms it’s experienced a data breach after being listed as a victim by the LockBit ransomware gang. However the Ransomware gang hit one of the company’s IT hardware suppliers, named as Kinmax Technology.
EFTPS.gov (U.S. Treasury Department's Electronic Federal Tax Payment System)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of ongoing distributed denial-of-service (DDoS) attacks after U.S. organizations across multiple industry sectors are hit.
DDoS
Public admin and defence, social security
Hacktivism
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, EFTPS.gov, U.S. Treasury Department's Electronic Federal Tax Payment System, Russia, Anonymous Sudan
165
30/06/2023
Since 26/06/2023
Since 26/06/2023
Anonymous Sudan
U.S. Commerce Department
Anonymous Sudan claims to have taken down the website of the U.S. Commerce Department.
DDoS
Public admin and defence, social security
Hacktivism
US
U.S. Commerce Department, Russia, Anonymous Sudan
166
30/06/2023
30/06/2023
30/06/2023
Anonymous Sudan
Stripe
Anonymous Sudan also claims responsibility for another DDoS attack that targeted Stripe's dashboard for managing business payments, refunds, and operations.
DDoS
Professional, scientific and technical
Hacktivism
IE
US
Stripe, Russia, Anonymous Sudan
167
30/06/2023
'Recently'
'Recently'
ALPHV AKA BlackCat
Multiple organizations
Researchers from Trend Micro discover a malvertising campaign from the BlackCat ransomware gang to lure people into fake pages that mimic the official website of the WinSCP file-transfer application for Windows but instead push malware-ridden installers.
Malware
Multiple Industries
Cyber Crime
>1
Trend Micro, ALPHV, BlackCat, ransomware, WinSCP
168
30/06/2023
-
-
?
Pearson Edexcel
Cambridgeshire Police says they are in the “early stages” of investigating a “data breach” involving exam boards Pearson Edexcel.
Unknown
Education
Cyber Crime
GB
Pearson Edexcel
169
30/06/2023
-
-
?
OCR
Cambridgeshire Police says they are also investigating a “data breach” involving exam boards OCR
Unknown
Education
Cyber Crime
GB
OCR
170
30/06/2023
-
-
?
AOA
Police are also investigating a cyber-attack at England’s largest exam board AQA, the third board to be targeted.
Unknown
Education
Cyber Crime
GB
AOA
171
30/06/2023
'Recently'
'Recently'
Meduza Stealer
Multiple organizations
Researchers from Uptycs discover Meduza Stealer, a new Windows-based information stealer actively being developed by its author to evade detection by software solutions and targeting 19 password manager apps, 76 crypto wallets, 95 web browsers, Discord, Steam.
Malware
Multiple Industries
Cyber Crime
>1
Uptycs, Meduza Stealer
172
30/06/2023
During June 2023
During June 2023
?
Multiple organizations
Researchers from Inky discover a phishing campaign embedding QR codes into their bodies to avoid detection.
Account Takeover
Multiple Industries
Cyber Crime
>1
Inky, QR codes
173
30/06/2023
'Recently'
'Recently'
ALPHV AKA BlackCat
Multiple organizations
Researchers from Trend Micro discover a new campaign by the ALPHV/BlackCat ransomware gang, mimicking the website of a well-known Windows application WinSCP, distributed via malvertising, to infect victims.
Malware
Multiple Industries
Cyber Crime
>1
Trend Micro, ALPHV, BlackCat, ransomware, WinSCP
174
30/06/2023
-
-
Clop AKA Lace Tempest, TA505 and, FIN11
Maryland's Department of Health and Human Services
The Maryland's Department of Health and Human Services is listed among the victims of the Cl0p ransomware gang exploiting the CVE-2023-34362 Vulnerability.
CVE-2023-34362 Vulnerability
Human health and social work
Cyber Crime
US
Maryland's Department of Health and Human Services, CVE-2023-34362, MOVEit, Clop, Cl0p, Lace Tempest, TA505, FIN11, ransomware
175
30/06/2023
'Recently'
'Recently'
Clop AKA Lace Tempest, TA505 and, FIN11
United Bank
United Bank files a notice regarding a data breach within a third-party software tool. It is suspected that the breach involves the CVE-2023-34362 vulnerability in MOVEit.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
United Bank, CVE-2023-34362, MOVEit, Clop, Cl0p, Lace Tempest, TA505, FIN11, ransomware
176
30/06/2023
11/02/2023
-
?
Gates Corporation
Gates Corporation files a notice of data breach after confirming that the company was the victim of a ransomware attack.
Malware
Manufacturing
Cyber Warfare
US
Gates Corporation, ransomware
177
30/06/2023
20/01/2023 and 28/02/2023
20/01/2023
?
Imagine360
Imagine360 files a notice of data breach after discovering two data breaches at third-party vendors, both involving two different file transfer software programs (Citrix and Fortra).
Vulnerability
Finance and insurance
Cyber Crime
US
Imagine360, Citrix, Fortra
178
30/06/2023
-
14/06/2023
Clop AKA Lace Tempest, TA505 and, FIN11
Undisclosed vendor
Clearwater Credit Union files a notice of data breach after discovering the personal information of 25,660 individuals was leaked as a result of the massive MOVEit vulnerability.
Union Bank and Trust Company (UBT) files a notice of data breach after discovering the personal information of 25,660 individuals was leaked as a result of the massive MOVEit vulnerability.
CVE-2023-34362 Vulnerability
Unknown
Cyber Crime
US
Union Bank and Trust Company, UBT, CVE-2023-34362, MOVEit, Clop, Cl0p, Lace Tempest, TA505, FIN11, ransomware
180
30/06/2023
28/04/2023
04/05/2023
?
Mount Desert Island Hospital
Mount Desert Island Hospital (MDIH) files a notice of data breach after discovering that an unauthorized party had gained access to confidential patient information stored on the company’s computer network.
Unknown
Human health and social work
Cyber Crime
US
Mount Desert Island Hospital, MDIH
181
30/06/2023
-
During March 2022
?
ARx Patient Solutions
ARx Patient Solutions files a notice of data breach after discovering that an employee’s M365 email account was accessed by an unauthorized party.
Account Takeover
Administration and support service
Cyber Crime
US
ARx Patient Solutions
182
30/06/2023
-
-
Rhysida
University of Salerno
The University of Salerno is hit with a Rhysida ransomware attack.
Malware
Education
Cyber Crime
IT
University of Salerno, Rhysida, ransomware
183
30/06/2023
-
05/06/2023
Clop AKA Lace Tempest, TA505 and, FIN11
Realm IDX
Realm IDX, a diagnostics company, confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability.
Arizona Health Care Cost Containment System (AHCCCS)
The Arizona Health Care Cost Containment System (AHCCCS) discloses a data breach compromising over 2,000 Medicaid members.
Unknown
Public admin and defence, social security
Cyber Crime
US
Arizona Health Care Cost Containment System, AHCCCS
185
30/06/2023
20/02/2023
03/04/2023
?
South Suburban Surgical Suites
South Suburban Surgical Suites reports a breach of a legacy Microsoft Office 365-hosted business email account.
Account Takeover
Human health and social work
Cyber Crime
US
South Suburban Surgical Suites, Microsoft Office 365
186
30/06/2023
-
28/06/2023
BianLian
Piramal Group
The BianLian Ransomware gang claims responsibility for the alleged Piramal Group cyber attack, listing the Indian business conglomerate as a victim on the ransomware gang’s leak site.
Malware
Other service activities
Cyber Crime
IN
BianLian, Ransomware, Piramal Group
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
BE NOTIFIED OF NEW POSTS
SUPPORT MY WORK! MAKE A DONATION
Creating the timelines is a very time-consuming task.
Any little helps!
BREACHOMETER
No Data Found
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat ...
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...