Motivations July H2 2023

No Data Found

Attack Techniques July H2 2023

No Data Found

New victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability emerged even during the second half of July 2023 (the first timeline is here). For this reason the number of collected events soared to 217 (corresponding to 13.56 events/day). A value never seen before that sets a new record.

Once again, the obvious consequence is that the attacks exploiting vulnerabilities were still on top of the attack techniques with the new record (yes each fortnight we set a new record) of 45.6% (99 out of 217 events). Nearly ten points higher than the previous one (35.9%) of the first half of July. And once again, the other obvious consequence was the increase of the percentage of events directly or indirectly characterized by ransomware, soaring to 45.16%, slightly lower than 45.5% of the previous fortnight.

The fintech sector continued to be under pressure with multiple companies suffering the theft of crypto assets for millions of U.S. Dollars worth, and in particular two suffered a loss higher than 60million: Alphapo (and in this case the fingers are pointed to the North Korean threat actor Lazarus Group), and Curve Finance.

In terms of mega breaches, Tampa General Hospital disclosed that the sensitive data of 1.2 million was stolen in a failed ransomware attack, a threat actor claimed to be in possession of two million data records stolen from the Egyptian Ministry of Health and Population, and the U.S. government contractor Maximus confirmed that the Clop Ransomware gang, accessed the protected health information of as many as 11 million individuals exploiting the vulnerability in MOVEit Transfer.

The Cyber Espionage front was quite crowded even in this fortnight, with multiple high-profile campaigns unearthed and carried out by known threat actors such as APT29 and Turla (against organization with connections to Ukraine), the Chinese APT31, APT41, the Iranian APT 34, and the Indian Bahamut (but there are many more).

In terms of hacktivism: NATO confirmed an investigations on the claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal by the hacking group known as SiegedSec, Anonymous Sudan took down the Kenya’s eCitizen Portal, and an Iranian group dubbed Cyber Avengers took down Israel’s largest oil refinery operator, BAZAN Group.

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map July H2 2023

No Data Found



Creating the timelines is a very time-consuming task.

Any little helps!


No Data Found

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.


No Data Found

  • 2023 Stats Featrured Image2024 Cyber Attacks Statistics

    In 2023, there was a 35% increase in cyber attacks to 4,128 events, with the MOVEit CVE-2023-34362 vulnerability being heavily exploited. Cybercrime dominated as the main motivation at 79%, while malware led attack techniques with 35.9%. Healthcare remained a top target for ransomware. The data ...

  • January 2024 Cyber Attacks Statistics

    In January 2024 I collected 288 events, with Cyber Crime continuing to lead the motivations, and ransomware leading the known attack techniques, ahead of Malware.

  • computer program language text1-15 February 2024 Cyber Attacks Timeline

    In the cyber attacks timeline of February H1 2024, I collected 139 events dominated by malware attacks. Ransomware and vulnerabilities also played an important role in the threat landscape.

  • Image by izhar ahamed from Pixabay16-31 December 2023 Cyber Attacks Timeline

    The last cyber attacks timeline of 2023 revealed a decrease in events (120 events down from 140 of the previous timeline), and this trend extended to lower ransomware and malware rates. There were a few mega breaches, and some events in the cryptocurrency sector. Cyber ...

  • network servers on an enclosureCVEs Targeting Remote Access Technologies

    In this first quarter of 2024, threat actors have been particularly busy in exploiting vulnerabilities (0-days but also old unpatched flaws) targeting traditional remote access technologies. In this blog post I summarized the main CVEs exploited so far in 2024.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.