EVENTS
EVENTS/DAY
0
EVENTS
0
EVENTS/DAY
0

Motivations August H1 2023

No Data Found

Attack Techniques August H1 2023

No Data Found

In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July (217 events, that is 13.56 events per day) but equally a value well above the thresholds of the pre-MOVEit age. Despite new victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability continued to emerge, the trail of disclosures seems to have taken a decreasing trend.

And after one month, attacks carried out via malware took again the lead of the motivations with 36.1% (64 out of 169), whereas vulnerabilities, despite still at an important percentage, slid immediately behind with 21.9%. By coincidence, ransomware was directly or indirectly involved in 36.1% of the attacks as well.

The fintech sector continued to be under pressure even in this fortnight with several companies  suffering the theft of crypto assets for millions of dollars worth, and in particular the Zunami Protocol lost the equivalent of $2.1 million worth. Also individuals operating in the crypto space were the targets of multiple campaigns.

The multiple attacks carried out exploiting the MOVEit breach continued to affect also the mega breaches landscape. For example IBM Consulting was hit in the hacking spree as well, and the Colorado Department of Health Care Policy & Financing (HCPF) alerted more than four million individuals that their personal and health information had been compromised. Same fate for the Missouri’s Department of Social Services (six million records potentially involved), whilst, nearly 1.5 million records were stolen from Alberta Dental Service Corporation (ADSC) by the 8Base ransomware gang.

In terms of Cyber Espionage, the Russian state-sponsored threat actors from APT29 were quite busy in this period, exploiting the MS Teams flaw to launch attacks against multiple organizations worldwide, and attacking Foreign ministries of NATO-aligned governments. The Sandworm group continued their activity against Ukraine, while several Chinese groups targeted multiple organizations including a classified military network in Japan. Other remarkable events include an operations launched by the North Korean threat group
ScarCruft against the IT infrastructure and email server for NPO Mashinostroyeniya, a Russian space rocket designer, an operation carried out by the Iranian Charming Kittnen against Iranian opposition and exiles based in Germany and a new actor dubbed MoustachedBouncer against Foreign embassies in Belarus.

In terms of hacktivism: the pro-Russia hacktivists from NoName057(16) were particularly active against targets in Italy, France, Spain, and the Netherlands, all countries aligned to Ukraine. Other pro-Russia hacktivists from the Killnet group claimed to have targeted the London Metal Exchange (LME) and the ones from Anonymous Sudan hit the Nigerian mobile telecommunication company, MTN.

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map August H1 2023

No Data Found

BE NOTIFIED OF NEW POSTS

SUPPORT MY WORK!
MAKE A DONATION

Creating the timelines is a very time-consuming task.

Any little helps!

BREACHOMETER

No Data Found

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

12 MONTHS TREND

No Data Found

POPULAR POSTS
  • blue and red galaxy artwork16-29 February 2024 Cyber Attacks Timeline

    In the second timeline of February 2024 I collected 100 events characterized by a majority of malware and ransomware attacks and by a plethora of cyber espionage and cyber warfare campaigns.

  • network servers on an enclosureCVEs Targeting Remote Access Technologies

    In this first quarter of 2024, threat actors have been particularly busy in exploiting vulnerabilities (0-days but also old unpatched flaws) targeting traditional remote access technologies. In this blog post I summarized the main CVEs exploited so far in 2024.

  • 2023 Stats Featrured Image2024 Cyber Attacks Statistics

    In 2023, there was a 35% increase in cyber attacks to 4,128 events, with the MOVEit CVE-2023-34362 vulnerability being heavily exploited. Cybercrime dominated as the main motivation at 79%, while malware led attack techniques with 35.9%. Healthcare remained a top target for ransomware. The data ...

  • List Of Hacked Celebrities Who Had (Nude) Photos Leaked

    During Summer we always try to spend our free time in a more profitable manner, for instance reading gossip chronicles. From this point of view, July 2012 has not been a particularly lucky month for Carly Rae Jepsen. On July the 7th, her website has been ...

  • computer program language text1-15 February 2024 Cyber Attacks Timeline

    In the cyber attacks timeline of February H1 2024, I collected 139 events dominated by malware attacks. Ransomware and vulnerabilities also played an important role in the threat landscape.

TWITTER

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.