New victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability emerged even during the second half of July 2023 (the first timeline is here). For this reason the number of collected events soared to 217 (corresponding to 13.56 events/day). A value never seen before that sets a new record.
Once again, the obvious consequence is that the attacks exploiting vulnerabilities were still on top of the attack techniques with the new record (yes each fortnight we set a new record) of 45.6% (99 out of 217 events). Nearly ten points higher than the previous one (35.9%) of the first half of July. And once again, the other obvious consequence was the increase of the percentage of events directly or indirectly characterized by ransomware, soaring to 45.16%, slightly lower than 45.5% of the previous fortnight.
The fintech sector continued to be under pressure with multiple companies suffering the theft of crypto assets for millions of U.S. Dollars worth, and in particular two suffered a loss higher than 60million: Alphapo (and in this case the fingers are pointed to the North Korean threat actor Lazarus Group), and Curve Finance.
In terms of mega breaches, Tampa General Hospital disclosed that the sensitive data of 1.2 million was stolen in a failed ransomware attack, a threat actor claimed to be in possession of two million data records stolen from the Egyptian Ministry of Health and Population, and the U.S. government contractor Maximus confirmed that the Clop Ransomware gang, accessed the protected health information of as many as 11 million individuals exploiting the vulnerability in MOVEit Transfer.
The Cyber Espionage front was quite crowded even in this fortnight, with multiple high-profile campaigns unearthed and carried out by known threat actors such as APT29 and Turla (against organization with connections to Ukraine), the Chinese APT31, APT41, the Iranian APT 34, and the Indian Bahamut (but there are many more).
In terms of hacktivism: NATO confirmed an investigations on the claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal by the hacking group known as SiegedSec, Anonymous Sudan took down the Kenya’s eCitizen Portal, and an Iranian group dubbed Cyber Avengers took down Israel’s largest oil refinery operator, BAZAN Group.
My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Geo Map July H2 2023
No Data Found
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
17/07/2023
Since June 2023
During June 2023
NoEscape
Multiple organizations
The new NoEscape ransomware operation, targeting Windows, Linux, and VMware ESXi servers, is believed to be a rebrand of Avaddon, a ransomware gang that shut down and released its decryption keys in 2021.
Malware
Multiple Industries
Cyber Crime
>1
NoEscape, Avaddon, ransomware
2
17/07/2023
14/07/2023
14/07/2023
Multiple threat actors
Multiple e-commerce sites using WooCommerce Payments
Researchers from Wordfence reveal that attackers are conducting widespread exploitation of CVE-2023-28121, a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation.
Norwegian recycling and mining corporation Tomra is in the midst of an “extensive” cyberattack affecting its systems.
Unknown
Mining and quarrying
N/A
NO
Tomra
4
17/07/2023
16/07/2023
16/07/2023
?
Helix
Customers of the Russian medical laboratory Helix are unable to receive their test results for several days due to an attempted ransomware attack that crippled the company's systems over the weekend.
Malware
Professional, scientific and technical
Cyber Crime
RU
Helix, ransomware
5
17/07/2023
During November 2022 and May 2023
-
RedCurl
Undisclosed major Russian Bank
Researchers from F.A.C.C.T reveal that the Russian-speaking hacking group RedCurl attacked a “major Russian bank” to steal corporate secrets,
Targeted Attack
Finance and insurance
Cyber Espionage
RU
F.A.C.C.T, RedCurl, Russian Bank
6
17/07/2023
During June 2023
-
RedCurl
Undisclosed Australian Organization
Researchers from F.A.C.C.T reveal that the Russian-speaking hacking group RedCurl attacked an undisclosed Australian organization to steal corporate secrets,
Targeted Attack
Unknown
Cyber Espionage
AU
F.A.C.C.T, RedCurl, Australia
7
17/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
TJX Companies
TJX Companies is added to the list of the victims of the Clop ransomware gang exploiting the CVE-2023-34362 vulnerability.
American automotive parts retailer Autozone, is added to the list of the victims of the Clop ransomware gang exploiting the CVE-2023-34362 vulnerability.
Henry Ford Health confirms that an email phishing scheme led to a data breach affecting 168,000 patients.
Account Takeover
Human health and social work
Cyber Crime
US
Henry Ford Health
23
17/07/2023
28/05/2023
During May 2023
Clop AKA Lace Tempest, TA505 and FIN11
Quorum Federal Credit
Quorum Federal Credit Union files a notice of data breach after discovering that a vulnerability within the file transfer software MOVEit resulted in an unauthorized party being able to access confidential customer data.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Quorum Federal Credit , Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
24
17/07/2023
During May 2023
16/06/2023
Clop AKA Lace Tempest, TA505 and FIN11
Milliman Solutions
Milliman Solutions files a notice of data breach after discovering that one of the company’s vendors, Pension Benefit Information, experienced a data security incident involving the file sharing application MOVEit.
An unnamed group or individual claims responsibility for a a cyber attack to the plastic surgery practice Hankins & Sohn Plastic Surgery Associates and starts to leak data.
Malware
Human health and social work
Cyber Crime
US
Hankins & Sohn Plastic Surgery Associates, ransomware
26
17/07/2023
04/07/2023
-
Nulled
LePipe
The Nulled ransomware gang claims responsibility for a cyber attack to LePipe
Malware
Manufacturing
Cyber Crime
IT
Nulled, ransomware, LePipe
27
18/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Commission for Communications Regulation for Ireland
Commission for Communications Regulation, or ComReg, the general communications regulator for Ireland, is added to the list of the victims of the Clop ransomware gang exploiting the CVE-2023-34362 vulnerability.
CVE-2023-34362 Vulnerability
Public admin and defence, social security
Cyber Crime
IE
Commission for Communications Regulation for Ireland, ComReg, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
28
18/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Sound Community Bank
Sound Community Bank files a notice of potential data breach after discovering that one of the company’s vendors used MOVEit to transfer Sound Community Bank customer information.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Sound Community Bank, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
29
18/07/2023
-
-
ALPHV AKA BlackCat and Clop AKA Cl0p
Estée Lauder
Two ransomware actors, ALPHV/BlackCat and Clop list beauty company Estée Lauder on their data leak sites as a victim of separate attacks.
The University of Worcester is added to the list of the victims of the Clop ransomware gang exploiting the CVE-2023-34362 vulnerability.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
GB
University of Worcester, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
42
18/07/2023
During December 2022
During December 2022
FIN8 (AKA Syssphinx)
Multiple organizations
Researchers from Broadcom/Symantec reveal that the financially motivated cybercrime gang FIN8 has been observed deploying BlackCat ransomware payloads on networks backdoored using a revamped Sardonic malware version.
Citrix alerts customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and “strongly urges” to install updated versions without delay.
Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation.
Malware
Multiple Industries
Cyber Crime
>1
Sophos, SophosEncrypt, ransomware
45
18/07/2023
'Recently'
'Recently'
?
Elderly across the United States
The FBI warns of a surge in tech support scams targeting the elderly across the United States and urging victims to dispatch cash concealed within magazines or similar items through shipping firms.
Tech Support Scam
Individual
Cyber Crime
US
FBI, tech support scam
46
18/07/2023
-
-
More than 100 individuals in Ukraine
Individuals in Ukraine
The Cyber Police Department of the National Police of Ukraine dismantles another massive bot farm linked to more than 100 individuals, used to push Russian propaganda justifying Russia's war in Ukraine, to disseminate illegal content and personal information, and in various other fraudulent activities.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
UA
Cyber Police Department of the National Police of Ukraine, Russia, Ukraine
47
18/07/2023
Since at least early June 2023
Early June 2023
Turla (AKA Secret Blizzard, KRYPTON, and UAC-0003)
Defense sector in Ukraine and Eastern Europe
Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla group, targeting the defense industry and Microsoft Exchange servers with a new 'DeliveryCheck' (AKA CapiBar and GAMEDAY) malware backdoor.
Developers in the blockchain, cryptocurrency, online gambling, and cybersecurity
GitHub warns of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware.
Account Takeover
Multiple Industries
Cyber Crime
>1
GitHub, Lazarus Group, Jade Sleet, TraderTraitor
49
18/07/2023
18/07/2023
18/07/2023
?
Ortivus
A cyberattack impacting Swedish software company Ortivus leaves at least two British ambulance services without access to electronic patient records.
Unknown
Professional, scientific and technical
Cyber Crime
SE
Ortivus
50
18/07/2023
15/07/2023
15/07/2023
?
George County
George County is hit with a ransomware attack.
Malware
Public admin and defence, social security
Cyber Crime
US
George County, ransomware
51
18/07/2023
Since late March 2023
Late March 2023
Multiple threat actors
Multiple organizations
The SANS Internet Storm Center warns that attackers are apparently trying to exploit two path traversal vulnerabilities in the ‘Stagil navigation for Jira – Menus & Themes’ plugin.
CVE-2023-26255 and CVE-2023-26256 Vulnerabilities
Unknown
N/A
N/A
SANS Internet Storm Center, Stagil navigation for Jira – Menus & Themes, CVE-2023-26255, CVE-2023-26256
52
18/07/2023
-
-
?
Undisclosed organization(s)
Adobe releases an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for new zero-days exploited in attacks.
CVE-2023-29298, CVE-2023-38203 Vulnerabilities
Unknown
N/A
N/A
Adobe, ColdFusion, CVE-2023-29298, CVE-2023-38203
53
18/07/2023
Since at least June 2023
17/07/2023
FakeSG
Multiple organizations
Researchers from Malwarebytes discover a new campaign, dubbed FakeSG, using compromised WordPress websites to display a custom landing page mimicking the victim's browser and distributing the NetSupport RAT.
Malware
Multiple Industries
Cyber Crime
>1
Malwarebytes, FakeSG, NetSupport RAT
54
18/07/2023
02/05/2023
02/05/2023
?
Physicians Insurance
Physicians Insurance A Mutual Company, its affiliate MedChoice Risk Retention Group, and its subsidiary Experix (collectively “Physicians Insurance”) file a notice of data breach after discovering that an unauthorized party gained access to an employee’s email account.
As many as 700,000 TikTok accounts in Turkey are compromised by a hack that allowed attackers to access users’ private information and control their accounts.
Vulnerability
Information and communication
Cyber Crime
TR
TikTok, Turkey
56
18/07/2023
-
-
NoEscape
Girardini Group
The NoEscape ransomware group hits Girardini Group, a manufacturer of stamps.
Malware
Manufacturing
Cyber Crime
IT
NoEscape, ransomware, Girardini Group
57
18/07/2023
-
-
AlphaTeam
Multiple organizations
The AlphaTeam gang claims responsibility for attacking 10 Italian organizations using the same vulnerable CMS.
Researchers from Flare identify more than 200,000 OpenAI credentials for sale on the dark web in the form of stealer logs.
Account Takeover
Public admin and defence, social security
Cyber Crime
>1
Flare, OpenAI
59
19/07/2023
-
-
?
Undisclosed organization(s)
Adobe announces another ColdFusion update to patch three new CVEs. One of them, CVE-2023-38205, is the bypass for CVE-2023-29298 that appears to be “exploited in the wild in limited attacks”.
CVE-2023-38205 Vulnerability
Unknown
N/A
N/A
Adobe, ColdFusion, CVE-2023-29298, CVE-2023-38205
60
19/07/2023
-
-
APT41 AKA Brass Typhoon, BARIUM and Winnti
Multiple organizations
Researchers from Lookout reveal that the Chinese state-backed APT41 group is targeting Android devices with two newly discovered spyware strains dubbed WyrmSpy and DragonEgg.
Researchers from Palo Alto discover P2PInfect, a new peer-to-peer (P2P) malware with self-spreading capabilities that targets Redis instances running on Internet-exposed Windows and Linux systems.
Tampa General Hospital discloses that the sensitive data of 1.2 million was stolen in a failed ransomware attack.
Malware
Human health and social work
Cyber Crime
US
Tampa General Hospital, ransomware
63
19/07/2023
Since May 2023
During June 2023
?
Multiple organizations
Researchers from Fortinet reveal that multiple distributed denial-of-service (DDoS) botnets are targeting CVE-2023-28771, a vulnerability in Zyxel firewalls for which patches have been available since April.
CVE-2023-28771 Vulnerability
Multiple Industries
Cyber Crime
>1
Fortinet, DDoS, CVE-2023-28771, Zyxel
64
19/07/2023
Since March 2023
During late May 2023
?
University students in North America
Researchers from Proofpoint identify a series of campaigns using fraudulent job offers to target university students.
Scam
Education
Cyber Crime
US
Proofpoint, University
65
19/07/2023
-
-
BundleBot
Multiple organizations
Researchers from Check Point discover a new malware strain known as BundleBot, abusing the dotnet bundle (single-file), self-contained format and commonly distributed via Facebook Ads and compromised accounts leading to websites masquerading as regular program utilities, AI tools, and games.
Malware
Multiple Industries
Cyber Crime
>1
Check Point, BundleBot, Facebook Ads, AI
66
19/07/2023
Since at least October 2022
Since at least October 2022
HotRat
Multiple organizations in Thailand, Guyana, Libya, Suriname, Mali, Pakistan, Cambodia, South Africa, and India
Researchers from Avast discover a new variant of the AsyncRAT malware dubbed HotRat, being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office.
Malware
Multiple Industries
Cyber Crime
GY
KH
IN
LY
ML
PK
SR
TH
ZA
Avast, AsyncRAT, HotRat, Microsoft Office
67
19/07/2023
12/06/2023
16/07/2023
Rhysida
Stephen F. Austin State University
8,600 counseling records and about 100 people’s government-issued identification numbers are stolen in a Rhysida ransomware attack at Stephen F. Austin State University.
Malware
Education
Cyber Crime
US
Rhysida, Stephen F. Austin State University, ransomware
68
20/07/2023
30/05/2023
02/06/2023
Clop AKA Lace Tempest, TA505 and FIN11
TSG Interactive US Services Limited (d/b/a PokerStars)
PokerStars is added to the list of the victims of the Clop ransomware gang exploiting the CVE-2023-34362 vulnerability.
Franklin Mint Federal Credit Union is added to the list of the victims of the Clop ransomware gang exploiting the CVE-2023-34362 vulnerability.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Franklin Mint Federal Credit Union, CVE-2023-34362, ransomware
70
20/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Pacific Premier Bank
Pacific Premier Bank files documents with the Securities and Exchange Commission describing a third-party data breach involving a vendor’s use of MOVEit
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Pacific Premier Bank, CVE-2023-34362, ransomware
71
20/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Willis Towers Watson
Pension Benefits Information (PBI) files a notice of data breach on behalf of Willis Towers Watson (WTW) after discovering that experienced a MOVEit-related breach at PBI affected confidential information that had been provided to WTW.
U.S. organization in the critical infrastructure sector
The US government warns that threat actors breached the network of a U.S. organization in the critical infrastructure sector after exploiting the zero-day RCE vulnerability identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway.
CVE-2023-3519 Vulnerability
Electricity, gas steam, air conditioning
Cyber Espionage
US
US Government, CISA, CVE-2023-3519, NetScaler ADC, NetScaler Gateway, Citrix
73
20/07/2023
'Recently'
'Recently'
Kanti
Cryptocurrency Users
Researchers from Cyble discover a new strain of ransomware dubbed “Kanti” targeting cryptocurrency users.
Malware
Fintech
Cyber Crime
>1
Cyble, Kanti, ransomware
74
20/07/2023
Since early May 2023
During May 2023
Mallox (AKA TargetCompany, Fargo, and Tohnichi)
Multiple Organizations
Researchers from Palo Alto Networks reveal a peak of activity by the Mallox ransomware group.
Malware
Multiple Industries
Cyber Crime
>1
Palo Alto Networks, Mallox, ransomware
75
20/07/2023
28/02/2023
13/03/2023
?
Orrick, Herrington & Sutcliffe
Orrick, Herrington & Sutcliffe, a globla law firm, notifies nearly 153,000 individuals of a hacking incident that compromised several client files.
Unknown
Professional, scientific and technical
Cyber Crime
US
Orrick, Herrington & Sutcliffe
76
20/07/2023
02/02/2023
06/02/2023
?
MSX International (MSXI)
MSX International files a notice of data breach after discovering that an unauthorized party was able to access, and potentially remove, confidential consumer data stored on the company’s computer network.
Unknown
Administration and support service
Cyber Crime
US
MSX International, MSXI
77
20/07/2023
-
31/05/2023
?
Rite Aid Corporation
Rite Aid Corporation posts a Security Incident Notice after learning that a vulnerability in software used by the company allowed an unauthorized actor to access confidential customer information.
Vulnerability
Wholesale and retail
Cyber Crime
US
Rite Aid Corporation
78
20/07/2023
-
During September 2022
?
Mission Essential Group (MEG)
The Mission Essential Group (MEG) files a notice of data breach after discovering that certain MEG email accounts may have been accessed by an unauthorized party.
Account Takeover
Administration and support service
Cyber Crime
US
Mission Essential Group, MEG
79
20/07/2023
-
30/05/2023
Clop AKA Lace Tempest, TA505 and FIN11
University of Texas Southwestern Medical Center (UTSW)
Reports begin to emerge about a MOVEit data breach at the University of Texas Southwestern Medical Center (UTSW) resulting in an unauthorized party being able to access patients’ sensitive information.
CVE-2023-34362 Vulnerability
Human health and social work
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, University of Texas Southwestern Medical Center, UTSW, CVE-2023-34362, ransomware
80
20/07/2023
Clop AKA Lace Tempest, TA505 and FIN11
Teachers’ Retirement System of the City of New York
The Teachers’ Retirement System of the City of New York posts notice of a PBI data security incident on its website.
CVE-2023-34362 Vulnerability
Administration and support service
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Teachers’ Retirement System of the City of New York, PBI, CVE-2023-34362, ransomware
81
20/07/2023
18/12/2020
During 2021
?
Roblox
The major gaming platform Roblox has suffered a major data breach, leading to the release of personal information including addresses from those who attended the Roblox Developer Conference between 2017-2020.
Unknown
Arts entertainment, recreation
Cyber Crime
US
Roblox
82
20/07/2023
-
-
Cactus
Confartigianatofc.it
The Cactus ransomware gang claims responsibility for an attack to confartigianatofc.it
Malware
Administration and support service
Cyber Crime
IT
Cactus, ransomware, confartigianatofc.it
83
20/07/2023
-
-
Cactus
Rotomail
The Cactus ransomware gang claims responsibility for an attack to Rotomail.
Malware
Administration and support service
Cyber Crime
IT
Cactus, ransomware, Rotomail
84
20/07/2023
-
-
Cactus
CWS
The Cactus ransomware gang claims responsibility for an attack to CWS.
Malware
Professional, scientific and technical
Cyber Crime
IT
Cactus, ransomware, CWS
85
20/07/2023
-
-
Cactus
Artemide
The Cactus ransomware gang claims responsibility for an attack to Artemide.
Malware
Manufacturing
Cyber Crime
IT
Cactus, ransomware, Artemide
86
21/07/2023
-
-
Unidentified Chinese Threat Actor
Multiple Organizations
Researchers from Mandiant reveal that an unidentified espionage-focused hacking group believed to be aligned to the Chinese government is behind recent attacks against Citrix NetScaler application delivery controller (ADC) appliances exploiting CVE-2023-3519.
The American Civil Liberties Union Foundation confirms that the Clop Ransomware gang, exploiting the vulnerability in MOVEit Transfer accessed the information of about 575 people.
CVE-2023-34362 Vulnerability
Human health and social work
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, American Civil Liberties Union Foundation, F&G, MOVEit, CVE-2023-34362
90
21/07/2023
-
12/07/2023
Clop AKA Lace Tempest, TA505 and FIN11
Mary Kay Corporation
Mary Kay Corporation is added to the list of the victims of the Clop ransomware gang exploiting the CVE-2023-34362 vulnerability.
CVE-2023-34362 Vulnerability
Wholesale and retail
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, Mary Kay Corporation, MOVEit, CVE-2023-34362
91
21/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Bates Technical College
The Bates Technical College confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability against the National Student Clearinghouse.
The Lake Sumter Community College confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability against the National Student Clearinghouse.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
US
Lake Sumter Community College, National Student Clearinghouse, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
93
21/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
University at Buffalo
The University at Buffalo confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability against the National Student Clearinghouse.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
US
University at Buffalo, National Student Clearinghouse, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
94
21/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
University at Buffalo
The University at Buffalo confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability against the National Student Clearinghouse.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
US
University at Buffalo, National Student Clearinghouse, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
95
21/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
State University of New York at Fredonia (SUNY Freedonia)
The State University of New York at Fredonia (SUNY Freedonia) confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability against the National Student Clearinghouse.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
US
State University of New York at Fredonia, SUNY Freedonia, National Student Clearinghouse, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
96
21/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Olympic College
The Olympic College confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability against the National Student Clearinghouse.
The St. Petersburg College confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability against the National Student Clearinghouse.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
US
St. Petersburg College, National Student Clearinghouse, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
98
21/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Massachusetts Mutual Life (MassMutual)
Massachusetts Mutual Life (MassMutual) joins the list of the victims of the MOVEit CVE-2023-34362 exploitation by the Clop ransomware group.
Researchers from Checkmarx disclose the first example of a bank targeted by open-source software supply chain attacks.
Malware
Finance and insurance
Cyber Crime
N/A
Checkmarx, NPM
100
21/07/2023
05/04/2023
-
?
Undisclosed Bank
Researchers from Checkmarx disclose an additional example of a bank targeted by open-source software supply chain attacks.
Malware
Finance and insurance
Cyber Crime
N/A
Checkmarx, NPM
101
21/07/2023
07/06/2023
07/06/2023
?
Japanese Android Users
Researchers from McAfee observe a smishing campaign against Japanese Android users posing as a power and water infrastructure company, alerting victims about payment problems to lure them to a phishing website to infect the target devices with a remote-controlled SpyNote malware.
Malware
Individual
Cyber Crime
JP
McAfee, Japan, Android, SpyNote
102
21/07/2023
-
-
?
American United Life Insurance
American United Life Insurance Company files a notice of data breach after discovering that confidential consumer information in the company’s care was subject to unauthorized access.
Unknown
Finance and insurance
Cyber Crime
US
American United Life Insurance
103
21/07/2023
-
24/05/2023
?
New England Life Care (NELC)
New England Life Care (NELC) files a notice of data breach after discovering that certain files on the company’s computer network were unauthorized.
Unknown
Human health and social work
Cyber Crime
US
New England Life Care, NELC
104
21/07/2023
-
29/03/2023
?
Lancaster Orthopedic Group
Lancaster Orthopedic Group discloses an unauthorized access to its network.
Unknown
Human health and social work
Cyber Crime
US
Lancaster Orthopedic Group
105
21/07/2023
During late May 2023
During late May 2023
?
Paramedic Billing Services
Paramedic Billing Services announces that it fell victim to a cyberattack in late May 2023.
Unknown
Human health and social work
Cyber Crime
US
Paramedic Billing Services
106
21/07/2023
21/07/2023
21/07/2023
?
Conic Finance
Attackers exploit two separate vulnerabilities in as many days to steal more than $3.2 million from Conic Finance.
Vulnerability
Fintech
Cyber Crime
N/A
Conic Finance
107
21/07/2023
21/07/2023
21/07/2023
?
Regione Umbria
The institutional webistes of the Italian region of Umbra are hit with a DDoS attack.
DDoS
Public admin and defence, social security
Cyber Crime
IT
Regione Umbria, DDoS
108
22/07/2023
-
Clop AKA Lace Tempest, TA505 and FIN11
SeniorCare PACE (Sutter Senior Care)
Cognisight files a notice of data breach on behalf of SeniorCare PACE (Sutter Senior Care) after confirming that confidential data belonging to Sutter Senior Care patients was exposed as a result of a vulnerability in MOVEit.
Sovos Compliance files a notice of data breach on behalf of Northwestern Mutual after discovering that the secure file transfer program used by Sovos contained a vulnerability resulting in an unauthorized party being able to access files on the company’s MOVEit server.
Buckingham County Public Schools sends notifications to parents of 86 students after a compromise of a district’s business email account.
Account Takeover
Education
Cyber Crime
US
Buckingham County Public Schools
111
23/07/2023
23/07/2023
23/07/2023
Lazarus Group AKA Jade Sleet and TraderTraitor
Alphapo
Blockchain analysts blame the North Korean Lazarus hacking group for an attack on payment processing platform Alphapo where the attackers stole almost $60 million in crypto.
Account Takeover
Fintech
Cyber Crime
VC
Lazarus Group, Jade Sleet, TraderTraitor, Alphapo, North Korea
112
23/07/2023
23/07/2023
23/07/2023
ALPHV AKA BlackCat
Tempur Sealy
Mattress giant Tempur Sealy is hit with a ALPHV/BlackCat ransomware attack forcing system shutdown.
Malware
Manufacturing
Cyber Crime
US
Tempur Sealy, ALPHV, BlackCat, ransomware
113
23/07/2023
-
-
?
Egyptian Ministry of Health and Population
An ‘established’ threat actor claims to be in possession of two million data records stolen from the Egyptian Ministry of Health and Population.
Unknown
Public admin and defence, social security
Cyber Crime
EG
Egyptian Ministry of Health and Population
114
23/07/2023
-
-
Akira
Organzations in India
The Indian Computer Emergency Response Team (CERT-In) warns local organizations against the risks of the Akira ransomware.
Malware
Multiple Industries
Cyber Crime
IN
Indian Computer Emergency Response Team, CERT-In, Akira, Ransomware
115
23/07/2023
-
-
Cyclops
Cvlan
The Cyclops ransomware gang claims responsibility for an attack to Cvlan, an IT service provider, and dumps 1,25GB of data.
Malware
Professional, scientific and technical
Cyber Crime
IT
Cvlan, ransomware, Cyclops
116
24/07/2023
Since April 2023
-
?
Norwegian Government
The Norwegian government warns that its ICT platform used by 12 ministries suffered a cyberattack after hackers exploited a zero-day vulnerability in third-party software.
CVE-2023-35078 Vulnerability
Public admin and defence, social security
N/A
NO
Norwegian Government
117
24/07/2023
-
-
?
Unknown organization(s)
Apple patches a new Kernel flaw tracked as CVE-2023-38606 exploited in attacks targeting devices running older iOS releases.
CVE-2023-38606 Vulnerability
Unknown
N/A
N/A
Apple, CVE-2023-38606, iOS
118
24/07/2023
-
-
?
Unknown organization(s)
US-based IT software company Ivanti patches CVE-2023-35078, an actively exploited zero-day authentication bypass vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core).
Researchers from AhnLab Security Emergency response Center (ASEC) discover that Lazarus, a threat group deemed to be nationally funded, is attacking Windows Internet Information Service (IIS) web servers and using them as distribution points for their malware.
Windows Internet Information Service (IIS) Vulnerability
Unknown
Cyber Crime
N/A
Lazarus Group, Jade Sleet, TraderTraitor, AhnLab Security Emergency response Center, ASEC, Windows Internet Information Service, IIS
120
24/07/2023
During 2023
During 2023
Haixun
Individuals in the U.S.
Researchers from Mandiant reveal that a new wave of HaiEnergy, a Chinese influence campaign, used newswire services, staged protests, and billboard ads to spread pro-Beijing propaganda in the U.S.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
US
Haixun, Mandiant, HaiEnergy, China
121
24/07/2023
Since 2016
Since 2016
Spyhide
Android users worldwide
phone surveillance app called Spyhide is stealthily collecting private phone data from tens of thousands of Android devices around the world, new data shows.
Malware
Individual
Cyber Espionage
>1
SpyHide, Iran
122
24/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Michigan State University
Michigan State University (MSU) posts a notice on its website describing a third-party data breach that occurred at two vendors used by the University: the Teachers Insurance and Annuity Association (TIAA) and the National Student Clearinghouse (“NSC”) both data breaches were related to the file transfer program MOVEit, resulting in the potential exposure of student and retiree data.
U.S. law firm Quinn Emanuel Urquhart & Sullivan has data from a limited number of clients potentially stolen following a ransomware attack against its third-party data center provider last year.
Malware
Professional, scientific and technical
Cyber Crime
US
Quinn Emanuel Urquhart & Sullivan, ransomware
125
24/07/2023
Since 21/07/2023
21/07/2023
UAC-0006
Financial organizations in Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a new campaign by the threat actor tracked as UAC-0006 delivering the SmokeLoader malware to domestic organizations.
Malware
Finance and insurance
Cyber Crime
UA
Computer Emergency Response Team of Ukraine, CERT-UA, UAC-0006, SmokeLoader
126
24/07/2023
-
-
ALPHV AKA BlackCat
Azimut Capital Management
Azimut Capital Management confirms to have suffered an ALPHV/BlackCat ransomware attack.
Malware
Finance and insurance
Cyber Crime
IT
Azimut Capital Management, ALPHV, BlackCat, Ransomware
127
24/07/2023
During the past year
24/07/2023
Space Pirates
16 Government agencies, educational institutions, private security companies, aerospace manufacturers, agricultural producers, defense, energy, and healthcare firms in Russia and Serbia.
Researchers from Positive Technologies reveal that the threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal.
CardioComm Solutions, a Canadian provider of consumer and professional-grade heart monitoring technologies, is taken down by an ongoing cybersecurity incident.
Unknown
Manufacturing
Cyber Crime
CA
CardioComm Solutions
130
25/07/2023
-
-
Casbaneiro (AKA Metamorfo and Ponteiro)
Banks in LATAM
Researchers from Sygnia discover a new campaign of the Casbaneiro banking malware, making use of a User Account Control (UAC) bypass technique to gain full administrative privileges on a machine.
Malware
Finance and insurance
Cyber Crime
>1
Casbaneiro, Metamorfo, Ponteiro, User Account Control, UAC, Sygnia
131
25/07/2023
-
22/07/2023
FraudGPT
Multiple Organizations
Threat actors are advertising yet another cybercrime generative artificial intelligence (AI) tool dubbed FraudGPT on various dark web marketplaces and Telegram channels.
AI Chatbot
Multiple Industries
Cyber Crime
>1
FraudGPT
132
25/07/2023
Since Summer 2023
-
Decoy Dog
Organizations in Russia and Eastern Europe
Researchers from Infoblox reveal new details about Decoy Dog, a largely undetected sophisticated toolkit likely used for at least a year in cyber intelligence operations, relying on the domain name system (DNS) for command and control activity.
Malware
Multiple Industries
Cyber Espionage
>1
Decoy Dog, DNS, Infoblox
133
25/07/2023
-
-
?
Care N’ Care Insurance Company
Care N’ Care Insurance Company files a notice of data breach after discovering that the confidential information of tens of thousands of patients was compromised in a cybersecurity incident.
Unknown
Finance and insurance
Cyber Crime
US
Care N’ Care Insurance Company
134
25/07/2023
'Recently'
'Recently'
?
Valley National Bank
Valley National Bank files a notice of data breach after discovering that confidential data that had been provided to the bank was compromised.
Unknown
Finance and insurance
Cyber Crime
US
Valley National Bank
135
25/07/2023
27/05/2023
31/05/2023
Clop AKA Lace Tempest, TA505 and FIN11
UnitedHealthcare Student Resources
UnitedHealthcare Student Resources (Student Resources) files a notice of data breach after discovering that an unauthorized party was able to access confidential information stored on the organization’s MOVEit server.
The Johns Hopkins University and the Johns Hopkins Health System Corporation (collectively “Johns Hopkins'') file a notice of data breach on behalf of the Kennedy Krieger Institute after learning that a software vulnerability resulted in confidential consumer information being leaked.
CVE-2023-34362 Vulnerability
Human health and social work
Cyber Crime
US
Johns Hopkins University, Johns Hopkins Health System Corporation, Johns Hopkins, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit, CVE-2023-34362, ransomware
137
25/07/2023
29/05/2023
25/06/2023
?
Aurora National Life Assurance Company
Aurora National Life Assurance Company files a notice of data breach after discovering that an incident at a third-party vendor resulted in confidential consumer information being exposed to unauthorized access.
Unknown
Finance and insurance
Cyber Crime
US
Aurora National Life Assurance Company
138
25/07/2023
30/04/2023
08/05/2023
?
Catholic Charities of the Archdiocese of Newark
Catholic Charities of the Archdiocese of Newark confirms that unauthorized individuals gained access to some of its computer systems.
Unknown
Other service activities
Cyber Crime
US
Catholic Charities of the Archdiocese of Newark
139
25/07/2023
12/12/2022
12/12/2022
?
Cheyenne Radiology Group & MRI
Cheyenne Radiology Group & MRI issues notifications to its patients about a ransomware attack that was discovered and stopped on December 12, 2022.
Malware
Human health and social work
Cyber Crime
US
Cheyenne Radiology Group & MRI, ransomware
140
25/07/2023
-
31/03/2023
?
Life Management Center of Northwest Florida
Life Management Center of Northwest Florida experiences a data security incident that may have involved personal and / or protected health information belonging to certain current and former patients and employees.
Unknown
Human health and social work
Cyber Crime
US
Life Management Center of Northwest Florida
141
25/07/2023
25/07/2023
25/07/2023
?
Era Lend
Decentralized lending protocol Era Lend is the victim of a cyberattack, losing $3.4 million.
Unknown
Fintech
Cyber Crime
N/A
Era Land
142
26/07/2023
Since at least mid-June 2023
mid-June 2023
Nitrogen
Several organizations in the technology and non-profit sectors in North America
Researchers from Sophos reveal the details of a new 'Nitrogen' initial access malware campaign using Google and Bing search ads to promote fake software sites that infect unsuspecting users with Cobalt Strike and ransomware payloads.
NATO Communities of Interest (COI) Cooperation Portal
NATO confirms that its IT team is investigating claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal (dnbl.ncia.nato.int) by the hacking group known as SiegedSec.
Unknown
Extraterritorial orgs and bodies
Hacktivism
INT
SiegedSec, NATO, Communities of Interest, COI, Cooperation Portal, dnbl.ncia.nato.int, SiegedSec
144
26/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Maximus
U.S. government contractor Maximus confirms that the Clop Ransomware gang, exploiting the vulnerability in MOVEit Transfer accessed the protected health information of as many as 11 million individuals.
Estonian crypto-payments service provider CoinsPaid announces that it experienced a cyber attack that resulted in the theft of $37,200,000 worth of cryptocurrency, blaming the attack on the North Korean hacking group Lazarus.
Account Takeover
Fintech
Cyber Crime
EE
Lazarus Group, Jade Sleet, TraderTraitor, CoinsPaid, North Korea
146
26/07/2023
'Recently'
'Recently'
U.S.?
Wuhan Earthquake Monitoring Center
China accuses U.S. of hacking the Wuhan Earthquake Monitoring Center.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
CN
China, U.S., Wuhan Earthquake Monitoring Center
147
26/07/2023
Since March 2023
During March 2023
Akira
Multiple organizations
Researchers from Arctic Wolf reveal that the recently discovered Akira ransomware is actively targeting small and medium-sized businesses around the world, with the main focus on the U.S. and Canada.
Malware
Multiple Industries
Cyber Crime
CA
US
Arctic Wolf, Akira, ransomware
148
26/07/2023
25/07/2023
25/07/2023
?
Multiple organizations
Researcgers from Greynoise observe the first attempts to exploit CVE-2023-24489, a recent critical remote code execution (RCE) vulnerability in Citrix ShareFile.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability, tracked as CVE-2023-35078, to its Known Exploited Vulnerabilities Catalog.
CVE-2023-35078 Vulnerability
Multiple Industries
N/A
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, Ivanti, Endpoint Manager Mobile, EPMM, CVE-2023-35078
150
26/07/2023
21/05/2023
22/05/2023
?
Family Vision of Anderson
Family Vision of Anderson files a notice of data breach after a ransomware attack exposed confidential patient information to unauthorized access
Malware
Human health and social work
Cyber Crime
US
Family Vision of Anderson, ransomware
151
26/07/2023
24/10/2021
08/06/2023
?
Commerce V3
HRM Enterprises, owner of the US's largest independent hardware store, is hit by a cyberattack resulting in the credit cards of more than 40K clients being stolen after HRM’s ecommerce platform provider, Commerce V3, is breached.
Unknown
Professional, scientific and technical
Cyber Crime
US
HRM Enterprises, Commerce V3
152
26/07/2023
Since at least 26/06/2023
26/06/2023
?
Players of Call of Duty: Modern Warfare 2
Attackers are infecting players of an old Call of Duty game with a worm that spreads automatically in online lobbies, according to two analyses of the malware.
Vulnerability
Arts entertainment, recreation
Cyber Crime
>1
Call of Duty: Modern Warfare 2
153
26/07/2023
-
-
Fenix
Tax-paying individuals in Mexico and Chile
Researchers from Metabase Q reveal that tax-paying individuals in Mexico and Chile are being targeted by a Mexico-based cybercrime group that goes by the name Fenix to breach targeted networks and steal valuable data.
Malware
Individual
Cyber Crime
CL
MX
Metabase Q, Fenix
154
26/07/2023
-
-
?
Multiple Organizations
Researchers from Aqua Security reveal that misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners dropping a web shell script dubbed "neww."
Misconfiguration
Multiple Industries
Cyber Crime
>1
Aqua Security, Apache Tomcat, Mirai, neww
155
26/07/2023
-
03/03/2023
Clop AKA Lace Tempest, TA505 and FIN11
Gallivan
Gallivan, the provider of the student health, dental, and wellness program for students at the University of Guelph, notifies students of a data breach which included access to personal information, occurred exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability
Human health and social work
Cyber Crime
CA
Gallivan, University of Guelph, CVE-2023-0669, Fortra, GoAnywhere MFT
Researchers from Knownsec 404 discover a campaign carried out by threat actors associated with the hacking crew known as Patchwork, targeting universities and research organizations in China using a backdoor codenamed EyeShell.
Transactions Applications Group joins the list of the victims that the Russian ransomware crew Clop claims to have compromised via the MOVEit vulnerability.
The College of Lake Forest joins the list of the victims that the Russian ransomware crew Clop claims to have compromised via the MOVEit vulnerability.
CVE-2023-34362 Vulnerability
Education
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11,College of Lake Forest, MOVEit, CVE-2023-34362, ransomware
163
26/07/2023
18/01/2023
18/01/2023
?
CRC Insurance Services
CRC Insurance Services files a notice of data breach after discovering that an unauthorized party had accessed several employee email accounts.
Account Takeover
Finance and insurance
Cyber Crime
US
CRC Insurance Services
164
26/07/2023
29/05/2023
31/05/2023
Clop AKA Lace Tempest, TA505 and FIN11
VALIC Retirement Services Company
VALIC Retirement Services Company (VRSCO, VALIC) files a notice of data breach after discovering that one of the company’s vendors experienced a MOVEit data breach resulting in confidential client information being leaked.
Pension Benefit Information (PBI) files a notice of data breach on behalf of Transamerica Life Insurance Company after confirming that a vulnerability in the file-transfer program MOVEit resulted in confidential information of Transamerica Life customers being leaked.
DESORDEN Group claims responsibility for an attack disrupting the activities of Ranhill Utilities Berhad, a conglomerate providing water and power supply in Malaysia, affecting over 1 million customers.
Unknown
Water supply, waste mgmt, remediation
Hacktivism
MY
DESORDEN Group, Ranhill Utilities Berhad
167
26/07/2023
-
-
ALPHV AKA BlackCat
GF Assicurazioni
The ALPHV/BlackCat ransomware gang claims responsibility for a ransomware attack to GF Assicurazioni.
Malware
Finance and insurance
Cyber Crime
IT
ALPHV, BlackCat, Ransomware, GF Assicurazioni
168
27/07/2023
31/05/2023
-
Clop AKA Lace Tempest, TA505 and FIN11
T. Rowe Price Retirement Plan Services
T. Rowe Price Retirement Plan Services files a notice of data breach after discovering that hackers accessed a MOVEit server belonging to Pension Benefit Information (PBI), one of TRP’s third-party vendors.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, Pension Benefit Information, PBI, T. Rowe Price Retirement Plan Services, MOVEit, CVE-2023-34362, ransomware
169
27/07/2023
-
27/06/2023
Clop AKA Lace Tempest, TA505 and FIN11
CareSource
CareSource notifies of a data breach involving the company’s use of the MOVEit file transfer application.
Government entities in Europe with interest in Ukraine
Ssecurity researchers at Recorded Future unearth a cyber espionage campaign by the Russian threat actor APT29 targeting government-sector entities in Europe with interest in Ukraine.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
>1
Dropbox, Microsoft OneDrive, GraphicalProton
172
27/07/2023
-
-
?
Organizations in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds the CVE-2023-38750 Zimbra Collaboration Suite (ZCS) vulnerability, to the list of exploited vulnerabilities.
CVE-2023-38750 Vulnerability
Multiple Industries
N/A
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2023-38750 , Zimbra Collaboration Suite, ZCS
173
27/07/2023
15/12/2022
During December 2022
?
Synergy Healthcare Services
Synergy Healthcare Services files a notice of data breach after discovering that an unauthorized actor had gained access to portions of the company’s computer network.
Unknown
Professional, scientific and technical
Cyber Crime
US
Synergy Healthcare Services
174
27/07/2023
'Recently'
'Recently'
APT34 AKA OilRig
Undisclosed IT Company in UAE
Researchers from Kaspersky reveal the details of a new campaign by the Iranian threat Actor APT34 targeting an IT company in the UAE for gaining access to government targets inside the United Arab Emirates (UAE).
Targeted Attack
Professional, scientific and technical
Cyber Espionage
UAE
Kaspersky, APT34, OilRig
175
27/07/2023
'Recently'
'Recently'
Mysterious Elephant
Organizations in Pakistan
Researchers from Kaspersky discover a cluster of activity focusing on Pakistani victims by a threat actor dubbed “Mysterious Elephant.”
Targeted Attack
Multiple Industries
Cyber Espionage
PK
Kaspersky, Pakistan, Mysterious Elephant
176
27/07/2023
Since 11/07/2023
-
Lazarus Group?
Cryptocurrency Providers
Researchers from ReversingLabs uncover evidence of more malicious npm packages, with links to the infrastructure used to launch the attack against JumpCloud, which also appear to target cryptocurrency providers.
Malware
Fintech
Cyber Crime
>1
Lazarus Group, ReversingLabs, JumpCloud, North Korea
177
27/07/2023
-
-
?
Multiple Organizations
Researchers from Dr.Web reveal thast t\hreat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT.
Malware
Multiple Industries
Cyber Crime
>1
Dr.Web, Fruity, Remcos RAT
178
27/07/2023
'Recently'
'Recently'
?
Fidelity Life Association
Fidelity Life Association files a notice of data breach after discovering that confidential consumer information that had been entrusted to the company was subject to unauthorized access.
Unknown
Finance and insurance
Cyber Crime
US
Fidelity Life Association
179
27/07/2023
01/09/2022
During June 2022
?
IMX Medical Management Services
IMX Medical Management Services confirms that malware was found on a laptop computer that potentially allowed unauthorized individuals to access the protected health information of 7,594 individuals
Malware
Professional, scientific and technical
Cyber Crime
US
IMX Medical Management Services
180
27/07/2023
20/05/2023
-
?
LifeWorks Wellness Center
LifeWorks Wellness Center recently reports a data breach that has affected 17,000 patients, after attackers gained access to its internal file system.
Unknown
Arts entertainment, recreation
Cyber Crime
US
LifeWorks Wellness Center
181
27/07/2023
24/05/2023
24/05/2023
?
UC Davis Health
UC Davis Health confirms that the email account of an employee had been accessed by an unauthorized individual.
Account Takeover
Human health and social work
Cyber Crime
US
UC Davis Health
182
28/07/2023
Since April 2023
During April 2023
CherryBlos
Android users
Researchers from Trend Micro discover a new Android malware family named 'CherryBlos' on Google Play, aiming to steal cryptocurrency credentials and funds or conduct scams and using OCR to steal credentials from images.
Malware
Individual
Cyber Crime
>1
Trend Micro, Android, CherryBlos, Google Play, OCR
183
28/07/2023
Between 2021 and 2022
Between 2021 and 2022
FakeTrade
Android users
Researchers from Trend Micro discover a new Android malware family named 'FakeTrade' on Google Play, connected to the previous one, aiming to steal cryptocurrency credentials and funds or conduct scams.
Malware
Individual
Cyber Crime
>1
Trend Micro, Android, FakeTrade, Google Play
184
28/07/2023
'Recently'
'Recently'
Indian APT group 'Bahamut'
individuals in the South Asia region
Researchers from CYFIRMA reveal that attackers are using a fake Android app named 'SafeChat' to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones.
Malware
Individual
Cyber Espionage
>1
CYFIRMA, Android, SafeChat, India, Bahamut
185
28/07/2023
29/05/2023
30/06/2023
Clop AKA Lace Tempest, TA505 and FIN11
Fidelity & Guaranty Life Insurance Company (F&G)
Fidelity & Guaranty Life Insurance Company confirms that the Clop Ransomware gang, exploiting the vulnerability in MOVEit Transfer accessed the protected health information of about 873,000 people.
Attackers allegedly connected to the North Korean government (APT37)
Korean-speaking individuals
Researchers from Securonix reveal the details STARK#MULE, a campaign carried out by attackers allegedly connected to the North Korean government, using fake U.S. military job-recruitment documents to lure people into downloading malware staged on legitimate, but compromised, South Korean e-commerce sites.
Targeted Attack
Individual
Cyber Espionage
KR
Securonix, STARK#MULE, North Korea, U.S., South Korea, APT37
187
28/07/2023
-
-
?
Multiple organizations
Ivanti warns customers about CVE-2023-35081, a second zero-day vulnerability in its Endpoint Manager Mobile (EPMM) product that has been exploited in targeted attacks.
Researchers from Bitdefender Labs discover a malicious phishing campaign trying to infect users with the infamous Agent Tesla remote access Trojan.
Malware
Multiple Industries
Cyber Crime
>1
Bitdefender Labs, Agent Tesla
189
28/07/2023
08/03/2023
17/04/2023
Karakurt
Chattanooga Heart Institute
The Chattanooga Heart Institute notifies more than 170,000 patients and others that hackers may have stolen their sensitive personal and medical information in a cyberattack detected in April. The Karakurt ransomware group claimed credit for the hack a month later.
Malware
Human health and social work
Cyber Crime
US
Chattanooga Heart Institute, Karakurt, ransomware
190
28/07/2023
-
-
Predasus
Banking users in muultiple countries
IBM Security Lab discover a new malware, “Predasus,” designed to inject malicious code through a Chrome extension to target banking users.
Malware
Finance and insurance
Cyber Crime
>1
IBM Security Lab, Predasus, Chrome
191
28/07/2023
Between late April 2023 and June 2023
Between late April 2023 and June 2023
IcedID
8 Undisclosed Organizations
Researchers from Team Cymru discover a new campaign by the threat actors linked to the malware loader known as IcedID with an updated module used for post-compromise activity on hacked systems.
Malware
Multiple Industries
Cyber Crime
>1
Team Cymru, IcedID
192
28/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Teachers Retirement System of Georgia
Teachers Retirement System of Georgia (TRS) posts a notice of data breach after discovering that PBI Research Services (PBI), a third-party vendor used by TRS, experienced a data breach related to the company’s use of MOVEit.
CVE-2023-34362 Vulnerability
Administration and support service
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, Teachers Retirement System of Georgia, TRS, MOVEit, CVE-2023-34362
193
28/07/2023
-
01/06/2023
Clop AKA Lace Tempest, TA505 and FIN11
Allegheny County
Allegheny County, Pennsylvania, files a notice of data breach after confirming that a vulnerability in MOVEit, a file-transfer program used by Allegheny County, resulted in an unauthorized party being able to access confidential consumer information.
CVE-2023-34362 Vulnerability
Public admin and defence, social security
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, Allegheny County, MOVEit, CVE-2023-34362
194
28/07/2023
-
End of May 2023
Clop AKA Lace Tempest, TA505 and FIN11
Centers for Medicare & Medicaid Services
The Centers for Medicare & Medicaid Services (CMS) notified 612,000 Medicare beneficiaries of a data breach stemming from a vulnerability in Progress Software’s MOVEit Transfer software.
United Healthcare Services files a notice of data breach. As a result of the incident, an unauthorized party was able to access sensitive information belonging to 398,319 individuals.
Unknown
Human health and social work
Cyber Crime
US
United Healthcare Services
196
28/07/2023
End of July 2023
End of July 2023
Anonymous Sudan
Kenya's eCitizen Portal
Kenya's eCitizen Portal suffers a huge DDoS attack that affects services on the key government online platform eCitizen for almost a week.
DDoS
Public admin and defence, social security
Hacktivism
KE
Anonymous Sudan, Kenya's eCitizen Portal, Russia
197
28/07/2023
-
-
Black Basta
BankCard USA
BankCard USA pays a $50,000 ransom to the Black Basta group after suffering a ransomware attack.
Malware
Professional, scientific and technical
Cyber Crime
US
BankCard USA, ransomware, Black Basta
198
28/07/2023
05/11/2022
30/05/2023
Hive
MHMR Authority of Brazos Valley
The MHMR Authority of Brazos Valley reveals to have suffered a Hive ransomware attack.
Malware
Human health and social work
Cyber Crime
US
The MHMR Authority of Brazos Valley, ransomware, Hive
199
29/07/2023
-
-
China (Volt Typhoon)
Critical Infrastructures in the U.S.
According to sources of the U.S. government, China has implanted malware in key U.S. power and communications networks in a “ticking time bomb” that could disrupt the military in event of a conflict,
Malware
Electricity, gas steam, air conditioning
Cyber Warfare
US
China, United States, U.S., Volt Typhoon
200
29/07/2023
Since March 2023
End of July 2023
Abyss Locker
Multiple Organizations
The Abyss Locker ransomware operation is the latest to develop a Linux encryptor to target VMware's ESXi virtual machines platform in attacks on the enterprise.
Malware
Multiple Industries
Cyber Crime
>1
Abyss Locker, ransomware, VMware's ESXi
201
29/07/2023
Since at least 09/07/2023
09/07/2023
?
Minecraft users
Attackers are actively exploiting a 'BleedingPipe' remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices.
BleedingPipe remote code execution vulnerability
Arts entertainment, recreation
Cyber Crime
>1
BleedingPipe, Remote code execution, Minecraft
202
29/07/2023
-
-
Clop AKA Lace Tempest, TA505 and FIN11
Brighthouse Financial
Brighthouse Financial confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability.
Website of Israel's largest oil refinery operator, BAZAN Group is inaccessible from most parts of the world as threat actors claim to have hacked the Group's cyber systems.
DDoS
Water supply, waste mgmt, remediation
Hacktivism
IL
BAZAN Group, Iran, Cyber Avengers, CyberAv3ngers
204
30/07/2023
29/07/2023
29/07/2023
?
Curve Finance
Decentralized Finance (DeFi) platform Curve Finance says in a post-mortem that at least $61 million worth of cryptocurrency was stolen from the platform through a vulnerability in the Vyper language.
Vyper vulnerability
Fintech
Cyber Crime
N/A
Curve Finance, Vyper
205
30/07/2023
29/07/2023
29/07/2023
?
Ellipsis
Decentralized Finance (DeFi) platform Ellipsis is also victim of a theft of crypto assets exploiting the vulnerability in the Vyper language.
Vyper vulnerability
Fintech
Cyber Crime
N/A
Ellipsis, Vyper
206
30/07/2023
29/07/2023
29/07/2023
?
Alchemix
Decentralized Finance (DeFi) platform Alchemix is also victim of a theft of crypto assets exploiting the vulnerability in the Vyper language.
Vyper vulnerability
Fintech
Cyber Crime
N/A
Alchemix, Vyper
207
30/07/2023
29/07/2023
29/07/2023
?
MetronomeDAO
Decentralized Finance (DeFi) platform Alchemix is also victim of a theft of crypto assets exploiting the vulnerability in the Vyper language.
Vyper vulnerability
Fintech
Cyber Crime
N/A
MetronomeDAO, Vyper
208
30/07/2023
-
-
SkidMap
Multiple organizations
Researchers from Trustwave reveal that vulnerable Redis services are being targeted by a "new, improved, dangerous" variant of a malware called SkidMap that's engineered to target a wide range of Linux distributions.
Misconfiguration
Multiple Industries
Cyber Crime
>1
Trustwave, Redis, SkidMap, Linux
209
30/07/2023
In recent months'
-
Threat actors from Iran
State employees and researchers in Israel
The Israeli Shin Bet security agency reveals to have uncovered an Iranian phishing campaign against Israeli civilians in recent months, mostly targeting state employees and researchers, in a bid to obtain intelligence on state policy.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
IL
Israel, Iran, Shin Bet
210
31/07/2023
Since April 2022
Since April 2022
APT31 AKA Judgment Panda, Zirconium, Bronze Vinewood, Red Keres
Organizations in Eastern Europe
Researchers from Kaspersky reveal that Chinese state-sponsored hackers have been targeting industrial organizations with new malware that can steal data from air-gapped systems.
Targeted Attack
Water supply, waste mgmt, remediation
Cyber Espionage
>1
APT31, Judgment Panda, Zirconium, Bronze Vinewood, Red Keres, Kaspersky, China
211
31/07/2023
Since December 2022
Since December 2022
TA544 and TA551
Organizations in Italy
Researchers from Proofpoint discover WikiLoader, a new malware strain aimed at Italian organizations through several phishing campaigns.
Malware
Multiple Industries
Cyber Crime
IT
TA544, TA551, Proofpoint, WikiLoader
212
31/07/2023
During June and July 2023
During June and July 2023
SpyNote
Multiple banks in Europe
Researchers from Cleafy observe an extensive campaign against multiple European customers of different banks carried out via the SpyNote Android spyware.
Malware
Finance and insurance
Cyber Crime
>1
Cleafy, SpyNote, Android
213
31/07/2023
End of July 2023
End of July 2023
Meow
Multiple Organizations
Researcher from Aqua Security discover a new 'Meow' campaign targeting misconfigured Jupyter Notebook instances.
Misconfiguration
Multiple Industries
Cyber Crime
>1
Aqua Security, Meow, Jupyter Notebook
214
31/07/2023
01/03/2023
26/03/2023
?
MW Components
MW Components files a notice of data breach after discovering that an unauthorized party was able to access certain information contained on its computer network after a ransomware attack.
Malware
Manufacturing
Cyber Crime
US
Multiple Organizations, ransomware
215
31/07/2023
-
31/05/2023
Clop AKA Lace Tempest, TA505 and FIN11
Prudential Insurance Company of America
Prudential Insurance Company of America files a notice of data breach after discovering that one of the company’s vendors (PBI) experienced a data breach related to the file transfer program MOVEit.
CVE-2023-34362 Vulnerability
Finance and insurance
Cyber Crime
US
Clop, Cl0p, Lace Tempest, TA505, FIN11, Prudential Insurance Company of America, PBI, MOVEit, CVE-2023-34362
216
31/07/2023
-
-
Karakurt
McAlester Regional Health Center
The McAlester Regional Health Center is targeted by the Karakurt ransomware group claiming to have stolen over 126GB of data from the facility, including a swath of DNA patient records to be auctioned off to the highest bidder.
Malware
Human health and social work
Cyber Crime
US
McAlester Regional Health Center, Karakurt, ransomware
217
31/07/2023
-
25/07/2023
UsNsA
Portal for Health Informatics - IIIT-Delhi
Researchers from CloudSEK discover a post on an English speaking cybercrime forum, sharing a database of PHI-IIIT Delhi for Forum credits. A total of 82 Databases were compromised and leaked data.
SQLi
Human health and social work
Cyber Crime
IN
Portal for Health Informatics - IIIT-Delhi, PHI, UsNsA, CloudSEK
218
31/07/2023
-
-
?
Tecnova Group
Tecnova Group suffers a cyber attack leading to the exfiltration of 7GB of data, of which 800MB are leaked.
SQLi
Professional, scientific and technical
Cyber Crime
IT
Tecnova Group
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
BE NOTIFIED OF NEW POSTS
SUPPORT MY WORK! MAKE A DONATION
Creating the timelines is a very time-consuming task.
Any little helps!
BREACHOMETER
No Data Found
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...