1-15 August 2023 Cyber Attacks Timeline

Last modified: September 26, 2023

Follow me on Twitter

Connect on Linkedin

Connect on Mastodon

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Motivations August H1 2023

Attack Techniques August H1 2023

In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July (217 events, that is 13.56 events per day) but equally a value well above the thresholds of the pre-MOVEit age. Despite new victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability continued to emerge, the trail of disclosures seems to have taken a decreasing trend.

And after one month, attacks carried out via malware took again the lead of the motivations with 36.1% (64 out of 169), whereas vulnerabilities, despite still at an important percentage, slid immediately behind with 21.9%. By coincidence, ransomware was directly or indirectly involved in 36.1% of the attacks as well.

16-31 July 2023 Cyber Attacks Timeline

New victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability emerged even during…

The fintech sector continued to be under pressure even in this fortnight with several companies suffering the theft of crypto assets for millions of dollars worth, and in particular the Zunami Protocol lost the equivalent of $2.1 million worth. Also individuals operating in the crypto space were the targets of multiple campaigns.

The multiple attacks carried out exploiting the MOVEit breach continued to affect also the mega breaches landscape. For example IBM Consulting was hit in the hacking spree as well, and the Colorado Department of Health Care Policy & Financing (HCPF) alerted more than four million individuals that their personal and health information had been compromised. Same fate for the Missouri’s Department of Social Services (six million records potentially involved), whilst, nearly 1.5 million records were stolen from Alberta Dental Service Corporation (ADSC) by the 8Base ransomware gang.

In terms of Cyber Espionage, the Russian state-sponsored threat actors from APT29 were quite busy in this period, exploiting the MS Teams flaw to launch attacks against multiple organizations worldwide, and attacking Foreign ministries of NATO-aligned governments. The Sandworm group continued their activity against Ukraine, while several Chinese groups targeted multiple organizations including a classified military network in Japan. Other remarkable events include an operations launched by the North Korean threat group
ScarCruft against the IT infrastructure and email server for NPO Mashinostroyeniya, a Russian space rocket designer, an operation carried out by the Iranian Charming Kittnen against Iranian opposition and exiles based in Germany and a new actor dubbed MoustachedBouncer against Foreign embassies in Belarus.

In terms of hacktivism: the pro-Russia hacktivists from NoName057(16) were particularly active against targets in Italy, France, Spain, and the Netherlands, all countries aligned to Ukraine. Other pro-Russia hacktivists from the Killnet group claimed to have targeted the London Metal Exchange (LME) and the ones from Anonymous Sudan hit the Nigerian mobile telecommunication company, MTN.

My suggestion is always the same: browse the timeline, and obviously thanks for sharing it and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Geo Map August H1 2023

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/08/2023	Since 31/07/2023	Since 31/07/2023	NoName057(16)	Multiple targets in Italy	The pro-Russian hacktivist group NoName057(16) claims responsibility for multiple DDoS attacks against the websites of at least five banks, including Intesa Sanpaolo, the largest bank in Italy, and the websites of an Italian water supply company, a national business newspaper, and a public transport website.	DDoS	Multiple Industries	Hacktivism	IT		NoName057(16), Intesa Sanpaolo, Russia
2	01/08/2023	February 7, March 11, May 19-21, May 27-28, and June 18-21	'Recently'	?	Hot Topic	American apparel retailer Hot Topic notifies customers about multiple cyberattacks between February 7 and June 21 that resulted in exposing sensitive information to hackers.	Credential stuffing	Wholesale and retail	Cyber Crime	US		Hot Topic
3	01/08/2023	Since April 2023	-	Multiple threat actors	Multiple organizations in the U.S.	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) discloses that state hackers have been exploiting two flaws in Ivanti's Endpoint Manager Mobile (EPMM), formerly MobileIron Core, since April.	CVE-2023-35078 and CVE-2023-35081 vulnerabilities	Multiple Industries	Cyber Espionage	US		U.S. Cybersecurity and Infrastructure Security Agency, CISA, Ivanti, Endpoint Manager Mobile, EPMM, MobileIron Core, CVE-2023-35078, CVE-2023-35081
4	01/08/2023	Since mid-July 2023	Mid-July 2023	Multiple threat actors	Multiple organizations	Researchers from Cofense warn of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to inboxes of enterprise employees.	Account Takeover	Multiple Industries	Cyber Crime	>1		Cofense, Google, Accelerated Mobile Pages, AMP
5	01/08/2023	Since December 2022	During March 2023	Vietnamese threat actors	Multiple organizations	Researchers from Palo Alto Networks uncover a previously unreported phishing campaign that uses new variants of the NodeStealer malware to compromise Facebook corporate accounts.	Malware	Multiple Industries	Cyber Crime	>1		Palo Alto Networks, NodeStealer, Facebook
6	01/08/2023	31/05/2023	03/07/2023	Clop AKA Lace Tempest, TA505 and FIN11	Serco	Serco Inc, the Americas division of multinational outsourcing company Serco Group, discloses a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer (MFT) server.	CVE-2023-34362 Vulnerability	Professional, scientific and technical	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Serco, CVE-2023-34362, ransomware
7	01/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	Lumico Life Insurance Company	Lumico Life Insurance Company files a notice of data breach after discovering that a MOVEit data breach at Pension Benefits Information.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware, Lumico Life Insurance Company
8	01/08/2023	01/08/2023	01/08/2023	?	Hawaii's Gemini North Observatory	The National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory (NOIRLab) detects a cyber incident in its computer systems, forcing the suspension of astronomical observations at Gemini North in Hawai‘i.	Unknown	Professional, scientific and technical	Cyber Crime	US		National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory, NOIRLab, Gemini North, Hawai‘i
9	01/08/2023	Since April 2023	'Recently'	?	Multiple organizations	Researchers from Guardz reveal that a new Hidden Virtual Network Computing (hVNC) malware targeting macOS devices is being advertised on a prominent cybercrime forum.	Malware	Multiple Industries	Cyber Crime	>1		Guardz, Hidden Virtual Network Computing, hVNC, macOS
10	01/08/2023	01/08/2023	01/08/2023	Killnet	London Metal Exchange (LME)	The pro-Russian group Killnet along with other hacker groups claims to have targeted the London Metal Exchange (LME) with a cyber attack. The London Metal Exchange cyber attack has not been confirmed by the organization.	DDoS	Finance and insurance	Hacktivism	GB		Killnet, London Metal Exchange, LME
11	01/08/2023	-	-	?	Individuals in the U.S.	The North American Better Business Bureau has been warning consumers that scammers are exploiting QR code payment methods in parking lots across the US.	Account Takeover	Individual	Cyber Crime	US		Better Business Bureau, QR Code
12	01/08/2023	02/03/2023 and 30/03/2023	02/06/2023	?	Hospitality Staffing Solutions (HSS)	Hospitality Staffing Solutions (HSS) files a notice of data breach after discovering that an unauthorized party accessed the company’s computer network.	Unknown	Administration and support service	Cyber Crime	US		Hospitality Staffing Solutions, HSS
13	01/08/2023	13/07/2023	09/05/2023	?	Health Employers Association of BC (HEABC)	Thousands of health-care workers’ personal information is compromised in a data breach that’s targeted three websites on servers at the Health Employers Association of BC.	Unknown	Human health and social work	Cyber Crime	CA		Health Employers Association of BC, HEABC
14	01/08/2023	-	31/07/2023	?	Discovery at Home	Discovery at Home issues a website notice about a phishing incident they discovered on June 1.	Account Takeover	Administration and support service	Cyber Crime	US		Discovery at Home
15	01/08/2023	01/08/2023	01/08/2023	?	LeetSwap	LeetSwap halts transactions, after an attacker exploits a smart contract function to inflate the price of $630,000 worth of ETH tokens on the platform before draining them	Vulnerability	Fintech	Cyber Crime	N/A		LeetSwap
16	02/08/2023	30/05/2023	02/06/2023	Clop AKA Lace Tempest, TA505 and, FIN11	Performance Health Technology (PH Tech)	Performance Health Technology (PH Tech), a company that provides data management services to U.S. healthcare insurers, confirms in a notice that it was impacted by the MOVEit mass-hacks	CVE-2023-34362 Vulnerability	Professional, scientific and technical	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Performance Health Technology, PH Tech, MOVEit, CVE-2023-34362, ransomware
17	02/08/2023	'Recently'	'Recently'	?	Valuable Facebook accounts of Multiple Organizations	Researchers from Guardio Labs reveal that attackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers dubbed 'PhishForce', to launch a sophisticated phishing campaign targeting valuable Facebook accounts.	Account Takeover	Multiple Industries	Cyber Crime	>1		Guardio Labs, Salesforce, SMTP, PhishForce, Facebook
18	02/08/2023	SInce 20/07/2023	SInce 20/07/2023	Multiple threat actors	Multiple Organizations	Researchers from the Shadow Server Foundation reveal that hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting the critical remote code execution (RCE) vulnerability tracked as CVE-2023-3519.	CVE-2023-3519 Vulnerability	Multiple Industries	Cyber Espionage	>1		Shadow Server Foundation, Citrix Netscaler, ADC, Gateway, Remote Code Execution, RCE, CVE-2023-3519
19	02/08/2023	Since at least late May 2023	During May 2023	APT29 (AKA Cozy Bear, Cloaked Ursa, BlueBravo, Midnight Blizzard, and formerly Nobelium)	Fewer than 40 Government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors organizations	Microsoft reveals that the hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service (SVR) targeted dozens of organizations worldwide, including government agencies, in Microsoft Teams phishing attacks.	Account Takeover	Multiple Industries	Cyber Espionage	>1		APT29, Cozy Bear, Cloaked Ursa, BlueBravo, Midnight Blizzard, Nobelium, APT29, Russia. Foreign Intelligence Service, SVR, Microsoft Teams
20	02/08/2023	End of July 2023	End of July 2023	?	Individuals	A site impersonating Flipper Devices promises a free Flipper Zero after completing an offer but only leads to shady browser extensions and scam sites.	Malware	Individual	Cyber Crime	>1		Flipper Zero
21	02/08/2023	-	31/07/2023	LockBit 3.0	West Oaks School	The West Oaks School is hit with a LockBit ransomware attack.	Malware	Education	Cyber Crime	GB		West Oaks School, LockBit, ransomware
22	02/08/2023	Since at least March 2023	Since at least March 2023	BlueCharlie AKA Callisto/Calisto, COLDRIVER, Star Blizzard/SEABORGIUM, TAG53	Multiple organizations	Researchers from Recorded Future discover a new infrastructure attributed with associated with the threat activity group BlueCharlie to launch attacks against a variety of targets.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		Recorded Future, BlueCharlie, Callisto, Calisto, COLDRIVER, Star Blizzard, SEABORGIUM, TAG53
23	02/08/2023	19/07/2023	19/07/2023	NoName057(16)	Over 50 different government, finance, telecom, travel, public transport and news organizations across Spain	The Russian collective NoName057(16) launches a total of 85 DDoS attacks targeting over 50 different government, finance, telecom, travel, public transport and news organizations across Spain.	DDoS	Multiple Industries	Hacktivism	ES		NoName057(16), Russia, Spain
24	02/08/2023	-	-	Akira	Parathon	The Akira ransomware group adds U.S.-based software company Parathon to its victim list. The hackers claimed to have 560 GB of data of employee data and other information, exfiltrated after the Parathon cyber attack.	Malware	Professional, scientific and technical	Cyber Crime	US		Akira, ransomware, Parathon
25	02/08/2023	02/08/2023	02/08/2023	Anonymous Sudan	MTN	Anonymous Sudan claims responsibility for a cyber attack on the website of a Nigerian mobile telecommunication company, MTN,	DDoS	Information and communication	Hacktivism	NG		Anonymous Sudan, Russia, MTN
26	02/08/2023	Since May 2023	Since May 2023	?	Crypto Investors	Researchers from Sophos discover a new CryptoRom scam campaign using generative AI to assist in the interaction with victims.	Account Takeover	Fintech	Cyber Crime	>1		Sophos, CryptoROM, ChatGPT
27	02/08/2023	'Recently'	'Recently'	?	Users of OpenBullet	Researchers from Kasada discover a new malware campaign making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan (RAT) capable of stealing sensitive information.	Malware	Individual	Cyber Crime	>1		Kasada, OpenBullet
28	02/08/2023	-	30/06/2023	?	EP Global Production Solutions (Entertainment Partners)	EP Global Production Solutions (Entertainment Partners) files a notice of data breach after discovering that an unauthorized party was able to access and acquire files from the company’s computer network.	Unknown	Administration and support service	Cyber Crime	US		EP Global Production Solutions, Entertainment Partners
29	02/08/2023	-	-	?	Digital infrastructures in Nigeria	The Nigerian National Information Technology Development Agency (NIDTA) warns about DDoS attacks of hacktivists targeting important digital infrastructure in the country.	DDoS	Public admin and defence, social security	Hacktivism	NG		National Information Technology Development Agency, NIDTA
30	03/08/2023	-	-	Rilide	Multiple organizations	Researchers from Trustwave discover a new version of the Rilide Stealer extension targeting Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera.	Malware	Multiple Industries	Cyber Crime	>1		Trustwave, Rilide Stealer, Chromium, Google Chrome, Microsoft Edge, Brave, Opera
31	03/08/2023	28/07/2023	28/07/2023	Lazarus Group	IT Professionals	Researchers from ReversingLabs and Sonatype discover a malicious package that mimics the VMware vSphere connector module ‘vConnector’, uploaded on the Python Package Index (PyPI) under the name ‘VMConnect,’ targeting IT professionals.	Malware	Individual	Cyber Espionage	>1		VMware vSphere, vConnector, Python Package Index, PyPI, VMConnect, Sonatype, ReversingLabs
32	03/08/2023	'Recently'	'Recently'	?	Multiple organizations	Researchers from Guidepoint reveal that attackers are increasingly abusing the legitimate Cloudflare Tunnels feature to create stealthy HTTPS connections from compromised devices, bypass firewalls, and maintain long-term persistence.	Malware	Multiple Industries	Cyber Crime	>1		Guidepoint, Cloudflare
33	03/08/2023	Since 18/05/2022	Since 18/05/2022	?	Multiple organizations in Finland	According to a senior official, ransomware attacks targeting Finnish organizations have increased four-fold since the Nordic country began the process of joining NATO.	Malware	Multiple Industries	Cyber Warfare	FI		FInland, NATO, Russia
34	03/08/2023	Since June 2022	Since June 2022	Mysterious Team Bangladesh	Government, financial, and transportation industries primarily in India and Israel	Researchers from Group-IB reveal that the hacktivist group Mysterious Team Bangladesh has launched more than 750 DDoS attacks since June 2022, primarily against Government, financial, and transportation industries in India and Israel.	DDoS	Multiple Industries	Hacktivism	IL IN		Group-IB, Mysterious Team Bangladesh
35	03/08/2023	-	-	LockBit 3.0	Best Motel	The LockBit ransomware group adds Best Motel to the list of their victims.	Malware	Accommodation and food service	Cyber Crime	DE		LockBit, LockBit 3.0, ransomware, Best Motel
36	03/08/2023	-	-	LockBit 3.0	Federal Electric Corp (FEC)	The LockBit ransomware group adds Federal Electric Corp (FEC) to the list of their victims.	Malware	Manufacturing	Cyber Crime	TH		LockBit, LockBit 3.0, ransomware, Federal Electric Corp, FEC
37	03/08/2023	-	-	LockBit 3.0	Construction CRD	The LockBit ransomware group adds Construction CRD to the list of their victims.	Malware	Professional, scientific and technical	Cyber Crime	CA		LockBit, LockBit 3.0, ransomware, Construction CRD
38	03/08/2023	Since March 2023	Since March 2023	STRRAT	Multiple organizations	Researchers from Cyble discover a new campaign distributing a new version 1.6 of the STRRAT malware with a new infection technique.	Malware	Multiple Industries	Cyber Crime	>1		Cyble, STRRAT
39	03/08/2023	-	-	?	Multiple organizations in South Korea	Researchers from AhnLab reveal that Linux systems in South Korea are under attack by threat actors utilizing an open-source rootkit named Reptile.	Malware	Multiple Industries	Cyber Crime	KR		AhnLab, Linux, Reptile
40	03/08/2023	31/07/2023	31/07/2023	?	Developers involved in the cryptocurrency sphere	Researchers from Phylum discover a stealthy malware on npm, the popular package manager for JavaScript, posing a severe threat by exposing sensitive developer data.	Malware	Fintech	Cyber Crime	>1		Phylum, npm
41	03/08/2023	30/05/2023	21/06/2023	?	Omaha Health Insurance Company	Omaha Health Insurance Company files a notice of data breach after discovering that an incident at a third-party vendor compromised consumers enrolled in the Medicare Part D Prescription Drug Plan.	Unknown	Finance and insurance	Cyber Crime	US		Omaha Health Insurance Company
42	03/08/2023	31/05/2023	01/06/2023	Clop AKA Lace Tempest, TA505 and, FIN11	Starmount Life Insurance Company	Unum Group’s subsidiary Starmount Life Insurance Company posts a notice of data breach on its website after discovering that the company’s MOVEit server was accessed by an unauthorized party.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Unum Group, Starmount Life Insurance Company, MOVEit, CVE-2023-34362, ransomware
43	04/08/2023	-	-	Multiple threat actors	NFT collectors in the U.S.	The FBI warns of fraudsters posing as Non-Fungible Token (NFT) developers to prey upon NFT enthusiasts and steal their cryptocurrency and NFT assets.	Account Takeover	Fintech	Cyber Crime	US		FBI, Non-Fungible Token, NFT
44	04/08/2023	19/06/2023	19/06/2023	?	Colorado Department of Higher Education (CDHE)	The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in June.	Malware	Public admin and defence, social security	Cyber Crime	US		Colorado Department of Higher Education, CDHE, ransomware
45	04/08/2023	-	-	?	Android users	Researchers from McAfee reveal that the Google Play store was infiltrated by 43 Android applications with 2.5 million installs that secretly displayed advertisements while a phone's screen was off, running down a device's battery.	Malware	Individual	Cyber Crime	>1		McAfee, Google Play, Android
46	04/08/2023	Since 17/05/2023	Since 17/05/2023	Rhysida	Healthcare organizations in the U.S.	The U.S. Health Sector Cybersecurity Coordination Center (H3C) warns about a wave of Rhysida ransomware attacks targeting healthcare organizations in the U.S.	Malware	Human health and social work	Cyber Crime	US		U.S. Health Sector Cybersecurity Coordination Center, H3C, Rhysida, ransomware
47	04/08/2023	03/08/2023	03/08/2023	Rhysida	Prospect Medical Holdings	Prospect Medical Holdings, a major hospital network with arms in multiple states, dealing with widespread network outages due to a cyberattack, which the FBI confirmed to be ransomware.	Malware	Human health and social work	Cyber Crime	US		Prospect Medical Holdings, FBI, ransomware
48	04/08/2023	04/08/2023	04/08/2023	NDT SEC	Delta Electronics	The NDT SEC group claims responsibility for an attack to Delta Electronics in Thailand.	DDoS	Manufacturing	Cyber Crime	TH		NDT SEC, Delta Electronics
49	04/08/2023	04/08/2023	04/08/2023	Team R70	Chhattisgarh State Biodiversity Board	In name of OpIndia, Team R70 claims responsibility for defacing the website of the Chhattisgarh State Biodiversity Board.	Defacement	Public admin and defence, social security	Hacktivism	IN		OpIndia, Team R70, Chhattisgarh State Biodiversity Board
50	04/08/2023	Earlier in 2023	Mid-June 2023	?	Israel’s National Cybersecurity Directorate	Israel’s National Cybersecurity Directorate declares there was “no breach” of its network after passwords belonging to a senior agency official were stolen from their home computer earlier this year and published online.	Malware	Public admin and defence, social security	Cyber Crime	IL		Israel, National Cybersecurity Directorate
51	04/08/2023	'Recently'	'Recently'	?	Android users in South Korea	Researchers from McAfee discover a new adware campaign specifically targeting Korean Android users.	Malware	Individual	Cyber Crime	KR		McAfee, Android
52	04/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	Radius Global Solutions	Radius Global Solutions files a notice of data breach after learning that an unauthorized party was able to access the company’s MOVEit server.	CVE-2023-34362 Vulnerability	Administration and support service	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Radius Global Solutions, CVE-2023-34362, ransomware
53	04/08/2023	30/05/2023	22/06/2023	Clop AKA Lace Tempest, TA505 and FIN11	Indiana University Health (IU Health)	Indiana University Health (IU Health) posts a notice on its website announcing a data breach that occurred as a result of a third-party vendor’s (TMG Health) use of the file transfer program MOVEit.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Indiana University Health, IU Health, TMG Health, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
54	04/08/2023	'Recently'	'Recently'	?	Loren D. Stark Company	Loren D. Stark Company files a notice of data breach after discovering that the company was the target of a recent cyberattack.	Unknown	Finance and insurance	Cyber Crime	US		Loren D. Stark Company
55	04/08/2023	17/06/2023	-	?	Capital Neurological Surgeons	Capital Neurological Surgeons discloses that an unauthorized individual gained access to an employee email account and potentially obtained patient information.	Account Takeover	Human health and social work	Cyber Crime	US		Capital Neurological Surgeons
56	04/08/2023	Between 21/07/2023 and 28/07/2023	Between 21/07/2023 and 28/07/2023	Lone Wolf	Organizations in Russia	Researchers from Bi.Zone reveal that the Lone Wolf ransomware group launches multiple campaigns against organizations In Russia in the logistics, manufacturing, and financial sectors.	Malware	Multiple Industries	Cyber Crime	RU		Bi.Zone, Lone Wolf, ransomware
57	05/08/2023	-	-	?	State organizations in Ukraine	The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a wave of attacks targeting state organizations using 'Merlin,' an open-source post-exploitation and command and control framework.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	UA		Computer Emergency Response Team of Ukraine, CERT-UA, Merlin
58	05/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	K & L Gates	K & L Gates is added to the list of the victims of the Clop ransomware gang exploiting the CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Professional, scientific and technical	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, K & L Gates, CVE-2023-34362, ransomware
59	05/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	Delaware Life	Delaware Life is added to the list of the victims of the Clop ransomware gang exploiting the CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Delaware Life, CVE-2023-34362, ransomware
60	05/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	Zurich Brazil	Zurich Brazil is added to the list of the victims of the Clop ransomware gang exploiting the CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	BR		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Zurich Brazil, CVE-2023-34362, ransomware
61	06/08/2023	-	-	ALPHV AKA BlackCat	IBL Healthcare	IBL Healthcare is listed as a new victim by the ALPHV ransomware group on their dark web portal.	Malware	Human health and social work	Cyber Crime	PK		ALPHV, BlackCat, ransomware, IBL Healthcare
62	06/08/2023	-	-	8BASE	Delaney Browne Recruitment	The 8BASE ransomware group has disclosed information regarding a cyberattack targeting the website of Delaney Browne Recruitment, an England-based recruitment agency.	Malware	Professional, scientific and technical	Cyber Crime	GB		8BASE, ransomware, Delaney Browne Recruitment
63	07/08/2023			ScarCruft	NPO Mashinostroyeniya	Researchers from Sentinel One reveal that the North Korean threat group ScarCruft hacked the IT infrastructure and email server for NPO Mashinostroyeniya, a Russian space rocket designer and intercontinental ballistic missile engineering organization using a Windows backdoor named 'OpenCarrot'.	Targeted Attack	Manufacturing	Cyber Espionage	RU		Sentinel One, ScarCruft, NPO Mashinostroyeniya, OpenCarrot, North Korea
64	07/08/2023	Since at least 04/06/2023.	Since at least 04/06/2023.	Yashma (Vietnamese threat actors)	Organizations in China, Vietnam, Bulgaria and several other English-speaking countries.	Researchers from Cisco Talos discover an unknown threat actor, seemingly of Vietnamese origin, conducting a ransomware operation targeting organizations in China, Vietnam, Bulgaria and several other English-speaking countries.	Malware	Multiple Industries	Cyber Crime	BG CN VN		Cisco Talos, China, Vietnam, Bulgaria, ransomware, Yashma
65	07/08/2023	-	-	LockBit 3.0	Varian Medical Systems	The LockBit ransomware gang adds to its leak site Varian Medical Systems, a radiation oncology treatments and software maker acquired by Siemens Healthineers two years ago.	Malware	Professional, scientific and technical	Cyber Crime	US		LockBit 3.0, LockBit, ransomware, Varian, Siemens Healthineers
66	07/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	Aristocrat	Aristocrat confirms to have been hit by the Clop ransomware gang exploiting the CVE-2023-34362 vulnerability.	CVE-2023-34362 Vulnerability	Arts entertainment, recreation	Cyber Crime	AU		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Aristocrat, CVE-2023-34362, ransomware
67	07/08/2023	'Recently'	'Recently'	Clop AKA Lace Tempest, TA505 and FIN11	Bank OZK	Bank OZK files a notice of data breach after discovering that one of the company’s business partners experienced a data breach related to a vulnerability in MOVEit.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Bank OZK, CVE-2023-34362, ransomware
68	07/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	Hartford Life and Accident Insurance Company (The Hartford)	Hartford Life and Accident Insurance Company (The Hartford) files a notice of data breach explaining that a cyber incident resulted in an unauthorized party being able to access consumers’ sensitive information, including their names and Social Security numbers. The breach is probably related to the exploitation of the MOVEit vulnerability.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Hartford Life and Accident Insurance Company, The Hartford, CVE-2023-34362, ransomware
69	07/08/2023	30/05/2023	-	Clop AKA Lace Tempest, TA505 and FIN11	Vecino Health Centers	Vecino Health Centers announces it was affected by the recent MOVEit cyber attack	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Vecino Health Centers, CVE-2023-34362, ransomware
70	07/08/2023	-	-	ThreatSec	MindX Technology School (mindx.edu.vn)	The ThreatSec group allegedly claims to have hacked into MindX Technology School (mindx.edu.vn), database and is kept for sale	Unknown	Education	Hacktivism	VN		ThreatSec, MindX Technology School, mindx.edu.vn
71	07/08/2023	-	-	?	Individuals	Researchers from Imperva discover a massive phishing campaign involving 800 different scam domains and impersonated around 340 legitimate companies all over the world.	Account Takeover	Individual	Cyber Crime	>1		Imperva
72	07/08/2023	-	-	?	Health Service of Madeira (SESARAM)	The Health Service of Madeira (SESARAM) confirms a cyber attack and suspends non-urgent activity.	Malware	Human health and social work	Cyber Crime	PT		Health Service of Madeira, SESARAM
73	07/08/2023	During 2020	-	Chinese cyberespionage group	Classified military networks	Classified military networks run by Japan reportedly suffered a massive breach in 2020 at the hands of a Chinese cyberespionage group. Attackers accessed Ministry of Defense plans as well as information about military capabilities and shortcomings.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	JP		China, Japan Ministry of Defense
74	07/08/2023	'Earlier in 2023'	'Earlier in 2023'	Mallox (AKA TargetCompany, Fargo, and Tohnichi)	Multiple organizations	Researchers from Trend Micro reveal that the Mallox ransomware group is stepping up in a new campaign of targeted attacks against organizations with vulnerable SQL servers.	Malware	Multiple Industries	Cyber Crime	>1		Mallox, TargetCompany, Fargo, Tohnichi, Trend Micro, ransomware, SQL servers
75	07/08/2023	25/02/2023	25/02/2023	?	IVF Michigan and Ohio Fertility Centers	IVF Michigan and Ohio Fertility Centers notifies 9,383 patients that some of their protected health information was compromised in a February 25, 2023, ransomware attack.	Malware	Human health and social work	Cyber Crime	US		IVF Michigan and Ohio Fertility Centers, ransomware
76	08/08/2023	During August 2021	During October 2022	?	UK Electoral Commission	The UK Electoral Commission discloses a massive data breach exposing the personal information of anyone who registered to vote in the United Kingdom between 2014 and 2022 after suffering a cyber attack.	Unknown	Public admin and defence, social security	N/A	GB		UK Electoral Commission
77	08/08/2023	-	-	Sandworm	Ukraine Military	Ukrainian security services say they prevented an attempt by Russian state-controlled hackers from the Sandworm group to break into the battlefield management system used by the Ukrainian military.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	UA		Sandworm, Russia, Ukraine
78	08/08/2023	-	-	?	Unknown organization(s)	Microsoft provides security updates for 87 flaws, including CVE-2023-36884 and CVE-2023-38180, two actively exploited and twenty-three remote code execution vulnerabilities.	CVE-2023-36884 and CVE-2023-38180 vulnerabilities	Unknown	N/A	N/A		Microsoft, CVE-2023-36884, CVE-2023-38180
79	08/08/2023	-	13/06/2023	Clop AKA Lace Tempest, TA505 and FIN11	Missouri's Department of Social Services	Missouri's Department of Social Services (DSS) warns that protected Medicaid healthcare information was exposed in a data breach after IBM suffered a MOVEit data theft attack.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, IBM Consulting, Missouri's Department of Social Services, CVE-2023-34362, ransomware, DSS
80	08/08/2023	29/05/2023	30/05/2023	Clop AKA Lace Tempest, TA505 and FIN11	Global Atlantic Financial Group	Global Atlantic Financial Group files a notice of data breach after discovering the MOVEit-related data breach at Pension Benefit Information.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Global Atlantic Financial Group, Pension Benefit Information, CVE-2023-34362, ransomware
81	08/08/2023	Since 2021	Since 2021	RedHotel, AKA TAG-22, Charcoal Typhoon and BRONZE UNIVERSITY	Organizations across at least 17 countries across Asia, Europe and North America	Researchers from Recorded Future reveal that the RedHotel group, affiliated with China’s Ministry of State Security targeted a range of government, telecommunications and research organizations across at least 17 countries since 2021.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		RedHotel, TAG-22, Charcoal Typhoon, BRONZE UNIVERSITY, Recorded Future, China, Ministry of State Security
82	08/08/2023	08/08/2023	08/08/2023	?	Mayanei Hayeshua Medical Center	The Israeli hospital Mayanei Hayeshua Medical Center, near Tel Aviv, is hit with a ransomware attack, prompting it to stop admitting new patients and redirecting people to nearby hospitals.	Malware	Human health and social work	Cyber Crime	IL		Mayanei Hayeshua Medical Center, ransomware
83	08/08/2023	08/08/2023	08/08/2023	NoName057(16)	Government and public services websites in France	The pro-Russia collective NoName057(16) claims responsibility for cyberattacks on government and public services websites in France. The list of the targets include the country’s customs service (Direction générale des douanes et droits indirects) and the French financial regulator.	DDoS	Public admin and defence, social security	Hacktivism	FR		Russia, NoName057(16), France, Customs Service, Direction générale des douanes et droits indirects, France financial regulator
84	08/08/2023	08/08/2023	08/08/2023	NoName057(16)	Government and public services websites in the Netherlands	The pro-Russia collective NoName057(16) claims responsibility for cyberattacks on government and public services websites in the Netherlands. The list of the target includes: Dutch public transport website, local bank SNS, the Groningen seaport, and the website of the municipality of Vlardingen.	DDoS	Public admin and defence, social security	Hacktivism	NL		Russia, NoName057(16), Dutch public transport authority, SNS, Groningen seaport, Vlardingen
85	08/08/2023	-	-	K0LzSec	Bank of Ayudhya, also known as Krungsri	The fifth-largest bank in Thailand, the Bank of Ayudhya, also known as Krungsri is allegedly hacked by K0LzSec group.	Unknown	Finance and insurance	Cyber Crime	TH		Bank of Ayudhya, Krungsri, K0LzSec
86	08/08/2023	07/08/2023	07/08/2023	UserSec	Birmingham Airport	The UserSec collective takes responsibility for taking down the website of the Birmingham Airport.	DDoS	Transportation and storage	Hacktivism	GB		UserSec, Birmingham Airport
87	08/08/2023	07/08/2023	07/08/2023	UserSec	Birmingham Airport	The UserSec collective takes responsibility for taking down the website of the Belfast Airport.	DDoS	Transportation and storage	Hacktivism	GB		UserSec, Belfast Airport
88	08/08/2023	-	-	Agniane stealer	Multiple organizations	A new information stealer, dubbed Agniane stealer, emerges on the dark web. promoted in the hacking community.	Malware	Multiple Industries	Cyber Crime	>1		Agniane stealer
89	08/08/2023	-	07/08/2023	Qilin	Thonburi Energy Storage Systems (TESM)	The Qilin ransomware adds Thonburi Energy Storage Systems (TESM) to its victim list.	Malware	Manufacturing	Cyber Crime	TH		Qilin, ransomware, Thonburi Energy Storage Systems, TESM
90	08/08/2023	'Recently'	'Recently'	?	Individuals	Researchers from Cyble discover a new tech scam campaign, involving scammers setting up a non-existent antivirus solution site to deceive users into paying for non-existent services, and leveraging various ransomware variants to propagate the fraudulent schemes.	Scam	Individual	Cyber Crime	>1		Cyble, tech scam campaign, ransomware
91	08/08/2023	Over the last two years	-	Lchaia/xmrig	Multiple organizations	Researchers from Aqua Security reveal the details of the Lchaia/xmrig campaign, exploiting misconfigured Kubernetes clusters for cyrptomining.	Misconfiguration	Multiple Industries	Cyber Crime	>1		Aqua Security, Lchaia/xmrig, Kubernetes
92	08/08/2023	Over the last two years	-	ssww	Multiple organizations	Researchers from Aqua Security reveal the details of the ssww campaign, exploiting misconfigured Kubernetes clusters for cyrptomining.	Misconfiguration	Multiple Industries	Cyber Crime	>1		Aqua Security, ssww, Kubernetes
93	08/08/2023	'Recently'	'Recently'	Statc Stealer	Multiple organizations	Researchers from Zscaler discover a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices.	Malware	Multiple Industries	Cyber Crime	>1		Zscaler, Statc Stealer
94	08/08/2023	04/04/2023	30/05/2023	Karakurt	Jefferson County Health Center	Jefferson County Health Center reveals that unauthorized individuals gained access to its network between April 04, 2023, and May 30, 2023, and may have obtained files containing patients’ protected health information. The Karakurt ransomware gang claims responsibility for the attack.	Malware	Human health and social work	Cyber Crime	US		Jefferson County Health Center, Karakurtl, ransomware
95	08/08/2023	-	-	8base	Oregon Sports Medicine	Oregon Sports Medicine is added to the 8Base ransomware leake site.	Malware	Human health and social work	Cyber Crime	US		8base, Oregon Sports Medicine, ransomware
96	08/08/2023	-	01/08/2023	NoEscape	Kreacta	The NoEscape ransomware gang claims responsibility for a cyber attack to Kreacta, a consulting company in Italy	Malware	Professional, scientific and technical	Cyber Crime	IT		NoEscape, Kreacta, ransomware
97	09/08/2023	Over the last six months	H1 2023	?	Multiple organizations worldwide	Researchers from Proofpoint discover a campaign using 120,000 phishing emails sent to over a hundred organizations to steal Microsoft 365 accounts via the EvilProxy phishing-as-a-service platform.	Account Takeover	Multiple Industries	Cyber Crime	>1		Proofpoint, Microsoft 365, EvilProxy, phishing-as-a-service
98	09/08/2023	-	-	Rhysida	Undisclosed healthcare organization in Australia	The Rhysida ransomware operation lists an undisclosed healthcare organization in Australia in their website.	Malware	Human health and social work	Cyber Crime	AU		Rhysida, ransomware
99	09/08/2023	Since October 2022	During June 2023	Chinese Threat Actors	Multiple organizations	The U.S. Cybersecurity & Infrastructure Security Agency (CISA) discloses the discovery of a backdoor malware named 'Whirlpool' used in attacks on compromised Barracuda Email Security Gateway (ESG) devices.	CVE-2023-2868 Vulnerability	Multiple Industries	Cyber Espionage	US		U.S. Cybersecurity & Infrastructure Security Agency, CISA, Whirlpool, Barracuda, Email Security Gateway, ESG, CVE-2023-2868
100	09/08/2023	Since 07/08/2023	Since 07/08/2023	Gafgyt	Multiple organizations	Researchers from Fortinet issue an alert warning that the Gafgyt botnet malware is actively trying to exploit CVE-2017-18368, a vulnerability in the end-of-life Zyxel P660HN-T1A router in thousands of daily attacks.	CVE-2017-18368 Vulnerability	Multiple Industries	Cyber Crime	>1		Fortinet, Gafgyt, CVE-2017-18368, Zyxel P660HN-T1A
101	09/08/2023	'Recently'	'Recently'	Agent Tesla	Individuals	Researchers from Cyble discover a new campaign using “Tax-related documents and accompanying control panel files (CPL)” to deliver the Agent Tesla malware.	Malware	Individual	Cyber Crime	>1		Cyble, Control panel files, CPL, Agent Tesla
102	09/08/2023	Since at least January 2023	Since at least January 2023	Xurum	Multiple organizations	Researchers from Akamai discover Xurum, a campaign targeting ecommerce stores using Adobe's open source Magento 2, exploiting CVE-2022-24086, a critical vulnerability that was patched on 2022.	CVE-2022-24086 Vulnerability	Wholesale and retail	Cyber Crime	>1		Akamai, Xurum, Adobe, Magento 2, CVE-2022-24086
103	09/08/2023	Since at least 13/07/2023	13/07/2023	?	Organizations in Europe and North America	Researchers from Fortinet discover a new campaign using the Rust-based injector Freeze[.]rs to introduce a combination of XWorm and Remcos.	Malware	Multiple Industries	Cyber Crime	>1		Fortinet, Freeze.rs, XWorm, Remcos
104	09/08/2023	-	-	?	Virginia Department of Medical Assistance Services	The Virginia Department of Medical Assistance Services files a notice of data breach after discovering that confidential information in its possession was subject to unauthorized access.	Unknown	Public admin and defence, social security	Cyber Crime	US		Virginia Department of Medical Assistance Services
105	09/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	EMS Management and Consultants	EMS Management and Consultants files a notice of data breach after discovering that the vulnerability in the MOVEit file transfer system allowed an unauthorized party to access consumer information.	CVE-2023-34362 Vulnerability	Professional, scientific and technical	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, EMS Management and Consultants, CVE-2023-34362, ransomware
106	10/08/2023	Since 19/11/2014	-	MoustachedBouncer	Foreign embassies in Belarus	Researchers from ESET discover a cyberespionage group named 'MoustachedBouncer', observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies in Belarus.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	>1		ESET, MoustachedBouncer, adversary-in-the-middle, AitM, Belarus
107	10/08/2023	Early August 2023	Early August 2023	Knight	Multiple organizations	Researchers from Sophos discover a campaign distributing the Knight ransomware in disguise of TripAdvisor complaints.	Malware	Multiple Industries	Cyber Crime	>1		Sophos, Knight, ransomware, TripAdvisor
108	10/08/2023	-	-	Charming Kitten	Iranian opposition and exiles based in Germany	Germany’s domestic intelligence service (Federal Office for the Protection of the Constitution - BfV) publishes a warning that Iranian dissident organizations and individuals in the country are being targeted by Charming Kitten, a suspected Iranian state-sponsored threat group.	Account Takeover	Individual	Cyber Espionage	DE		Germany, Iran, Federal Office for the Protection of the Constitution, BfV, Charming Kitten, Bundesamt für Verfassungsschutz
109	10/08/2023	09/08/2023	-	LockBit 3.0	City of El Cerrito	The California city of El Cerrito investigates the potential theft of data after the LockBit ransomware group adds the city’s government to its list of victims.	Malware	Public admin and defence, social security	Cyber Crime	US		El Cerrito, LockBit 3.0, LockBit, ransomware
110	10/08/2023	In the third and fourth week of March 2023	-	?	Undisclosed Power Generator in South Africa	Researchers from Kaspersky uncover a suspected cyberattack targeting a power generator in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload.	Malware	Electricity, gas steam, air conditioning	Cyber Crime	ZA		Kaspersky, Cobalt Strike, DroxiDat, SystemBC
111	10/08/2023	'Recently'	'Recently'	APT29 (AKA Cozy Bear, Cloaked Ursa, BlueBravo, Midnight Blizzard, The Dukes, UNC2452 and formerly Nobelium)	Foreign ministries of NATO-aligned governments	Researchers from EclecticIQ discover a recent campaign targeting the foreign ministries of NATO-aligned governments with two malicious PDF files camouflaged as diplomatic invitations from a German embassy.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	>1		APT29, Cozy Bear, Cloaked Ursa, BlueBravo, Midnight Blizzard, The Dukes, UNC2452, Nobelium, NATO, EclecticIQ, Germany
112	10/08/2023	-	09/07/2023	8base	Alberta Dental Service Corporation (ADSC)	Canadian dental benefits administrator Alberta Dental Service Corporation (ADSC) starts informing roughly 1.47 million individuals that their personal information was compromised in a 8base ransomware attack.	Malware	Administration and support service	Cyber Crime	CA		Alberta Dental Service Corporation, ADSC, 8base, ransomware
113	10/08/2023	During 2023	During 2023	AdLoad	Multiple organizations	Researchers from AT&T discover a new campaign infecting thousands of Mac systems with the AdLoad malware to act as proxy exit nodes.	Malware	Multiple Industries	Cyber Crime	>1		AT&T, Mac, AdLoad
114	10/08/2023	Since at least June 2023	During June 2023	?	FinTech users in the LATAM region	Researchers from Zscaler reveal the details of JanelaRAT, a malicious tool used in a campaign targeting FinTech users in the LATAM region.	Malware	Fintech	Cyber Crime	>1		Zscaler, JanelaRAT
115	10/08/2023	06/06/2023	11/06/2023	?	Coastal Orthopedics & Sports Medicine of Southwest Florida	Coastal Orthopedics & Sports Medicine of Southwest Florida posts a “Notice of Privacy Event” on its website after discovering that an unauthorized party was able to gain access to the company’s computer network.	Unknown	Human health and social work	Cyber Crime	US		Coastal Orthopedics & Sports Medicine of Southwest Florida
116	10/08/2023	Earlier in 2023	Earlier in 2023	?	City of New Haven	The city of New Haven suffers a $6 million theft in a cyber attack after the Board of Education’s Chief Executive Officer and Chief Operating Officer fall victims of a “business email compromise.	Account Takeover	Public admin and defence, social security	Cyber Crime	US		City of New Haven
117	11/08/2023	28/05/2023	13/06/2023	Clop AKA Lace Tempest, TA505 and FIN11	Colorado Department of Health Care Policy & Financing (HCPF)	The Colorado Department of Health Care Policy & Financing (HCPF) alerts more than four million individuals of a data breach that impacted their personal and health information, after IBM suffered a MOVEit data theft attack.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, IBM Consulting, Colorado Department of Health Care Policy & Financing, HCPF, CVE-2023-34362, ransomware
118	11/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	Fidelity National Information Services (FIS Global)	Fidelity National Information Services (FIS Global) files a notice of data breach after discovering that a vulnerability in the MOVEit file transfer program used by FIS Global compromised consumer information	CVE-2023-34362 Vulnerability	Administration and support service	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Fidelity National Information Services, FIS Global, CVE-2023-34362, ransomware
119	11/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	Florida Healthy Kids	Florida Healthy Kids join the list of the companies affected by the MOVEit breach after the breach suffered by Maximus, who issued the notification.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware, Florida Healthy Kids
120	11/08/2023	-	-	?	Cryptocurrency investors in the U.S.	The FBI warns of an increase in scammers pretending to be recovery companies that can help victims of cryptocurrency investment scams recover lost assets.	Cryptocurrency scam	Fintech	Cyber Crime	US		FBI, Crypto
121	11/08/2023	-	-	“Groups and individuals” linked to Chinese intelligence	New Zealand’s diverse ethnic Chinese communities	The New Zealand Security Intelligence Service (NZSIS) accuses China of “ongoing activity in and against New Zealand.”	Targeted Attack	Individual	Cyber Espionage	NZ		New Zealand Security Intelligence Service, NZSIS, China
122	11/08/2023	-	10/08/2023	Akira	Belt Railway Company of Chicago	Belt Railway Company of Chicago, the largest switching and terminal railroad in the U.S. investigates the theft of data after the Akira ransomware group adds the company to its leak site.	Malware	Transportation and storage	Cyber Crime	US		Belt Railway Company of Chicago, Akira, Ransomware
123	11/08/2023	-	-	ThreatSec	Government data center in Indonesia	The ThreatSec group takes responsibility for infiltrating a data center under the jurisdiction of the Indonesian government.	Unknown	Public admin and defence, social security	Hacktivism	ID		ThreatSec
124	11/08/2023	-	10/08/2023	Fredens of Security	India Ministry of Food Processing Industries	A threat actor dubbed Fredens of Security takes credit for exposing 4.5GB, purportedly containing 3 million records linked to India’s Ministry of Food Processing.	Unknown	Public admin and defence, social security	Hacktivism	IN		Fredens of Security, India, Ministry of Food Processing
125	11/08/2023	-	10/08/2023	Fredens of Security	India Ministry of Health & Family Welfare	A threat actor dubbed Fredens of Security takes credit for exposing 4.5GB, purportedly containing 3 million records linked to India's Ministry of Health & Family Welfare	Unknown	Public admin and defence, social security	Hacktivism	IN		Fredens of Security, India, Ministry of Health & Family Welfare
126	11/08/2023	-	10/08/2023	PieWithNothing	Shemaroo Entertainment	A user on a hacker forum is allegedly selling data attributed to Shemaroo Entertainment. The attacker claims that this compromised dataset contains 16.4 million user entries, exposing sensitive details such as email addresses, passwords, phone numbers, and additional personal information.	Unknown	Arts entertainment, recreation	Cyber Crime	IN		Shemaroo Entertainment, PieWithNothing
127	11/08/2023	'Recently'	'Recently'	?	Multiple organizations	Researchers from Cyble discover a campaign distributing the LummaC Stealer via the Amadey Bot to deploy the SectopRAT.	Malware	Multiple Industries	Cyber Crime	>1		Cyble, LummaC Stealer, Amadey Bot, SectopRAT
128	11/08/2023	-	-	?	Individuals in the U.S.	The Better Business Bureau warns again consumers of scammers exploiting the popularity of QR codes to defraud users across the US.	Account Takeover	Individual	Cyber Crime	US		Better Business Bureau, QR Code
129	11/08/2023	02/02/2023	09/03/2023	?	Cummins Behavioral Health Systems	Cummins Behavioral Health Systems files a notice of data breach after confirming the company was the recent victim of a ransomware attack.	Malware	Human health and social work	Cyber Crime	US		Cummins Behavioral Health Systems, ransomware
130	11/08/2023	17/01/2023	During December 2022	?	Hub International Limited	Hub International Limited files a notice of data breach after discovering that files on the company’s IT network were accessed and copied by an unauthorized party.	Unknown	Finance and insurance	Cyber Crime	US		Hub International Limited
131	11/08/2023	'Recently'	'Recently'	?	Law firms in multiple countries	Researcher from Trustwave discover a campaign carried out via the search engine optimization (SEO) water hole technique called Gootloader targeting legal-related search terms and has been identified as a threat to law firms and people doing searches for legal information online.	Malware	Professional, scientific and technical	Cyber Crime	DE ES KR FR PT US		Trustwave, GootLoader
132	11/08/2023				Puntozero	Puntozero, the company that provides the IT services to the Italian region of Umbria, is hit with a cyber attack.	Unknown	Professional, scientific and technical	Cyber Crime	IT		Puntozero, Umbria
133	12/08/2023	Since 09/08/2023	09/08/2023	Threat actors from North Korea	Multiple organizations	Researchers from Phylum discover a new wave of malicious npm packages part of an ongoing campaign allegedly launched by North Korean threat actors.	Malware	Multiple Industries	Cyber Espionage	>1		Phylum, npm, North Korea
134	12/08/2023	Between June 2022 and June 2023.	Between June 2022 and June 2023.	Multiple threat actors	Crypto users in X	Researchers at San Diego State University identify 95,111 scam lists and 87,617 accounts linked to scams between June 2022 and June 2023.	Account Takeover	Fintech	Cyber Crime	>1		San Diego State University, Crypto, X
135	13/08/2023	08/08/2023	08/08/2023	?	Rapattoni	Rapattoni, a real estate property listings in US, confirms to have been hit with a ransomware attack.	Malware	Real estate	Cyber Crime	US		Rapattoni, ransomware
136	14/08/2023	Since August 2023	Since August 2023	Monti	Organizations within the legal and government sectors	Researchers from Trend Micro reveal that the Monti ransomware gang has returned, after a two-month break from publishing victims on their data leak site, using a new Linux locker to target VMware ESXi servers, legal, and government organizations.	Malware	Multiple Industries	Cyber Crime	>1		Trend Micro, Monti, ransomware, VMware ESXi
137	14/08/2023	-	-	Multiple threat actors	Individuals	Researchers from Hudson Rock discover 120,000 infected systems containing credentials for cybercrime forums, many of the computers belonging to hackers.	Malware	Individual	Cyber Crime	>1		Hudson Rock, Cybercrime forums
138	14/08/2023	-	13/08/2023	Akihirah	Discord.io	The Discord.io custom invite service temporarily shuts down after suffering a data breach exposing the information of 760,000 members.	Unknown	Information and communication	Cyber Crime	N/A		Discord.io
139	14/08/2023	-	-	?	Cryptocurrency investors in the U.S.	The FBI is warns of a new tactic used by cybercriminals where they promote malicious "beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto.	Malware	Fintech	Cyber Crime	US		FBI, Crypto
140	14/08/2023	14/08/2023	14/08/2023	?	Prince George's County Public Schools	Prince George's County Public Schools, one of the largest school districts in the United States, announces that it discovered a cyberattack on its network.	Unknown	Education	Cyber Crime	US		Prince George's County Public Schools
141	14/08/2023	-	-	?	Clorox	Cleaning product giant Clorox announces a cybersecurity incident that forced it to take several systems offline.	Unknown	Manufacturing	Cyber Crime	US		Clorox
142	14/08/2023	02/08/2023	02/08/2023	NoEscape	German Federal Bar Association (BRAK)	The German Federal Bar Association (BRAK) suffers a NoEscape ransomware attack.	Malware	Administration and support service	Cyber Crime	DE		German Federal Bar Association, BRAK, NoEscape, ransomware
143	14/08/2023	14/08/2023	14/08/2023	NoName057(16)	Multiple organizations in Poland	The pro-Russia NoName057(16) collective takes down three Polish websites: PKP Polskie Linie Kolejowe, the custodians of Poland’s railway infrastructure, Plus Bank, a financial institution, and the Warsaw Metro.	DDoS	Multiple Industries	Hacktivism	PL		NoName057(16), Russia, PKP Polskie Linie Kolejowe, Plus Bank, Warsaw Metro
144	14/08/2023	-	-	Rhysida	Programa de Atencion Medica Integral (PAMI	The Rhysida ransomware group adds Programa de Atencion Medica Integral (PAMI), an Argentinian public health insurance agency to its victim list.	Malware	Human health and social work	Cyber Crime	AR		Rhysida, Programa de Atencion Medica Integral, PAMI, ransomware
145	14/08/2023	14/08/2023	14/08/2023	EUTNAIOA	Multiple organizations in Japan including the Ministry of the Environment, The Japan Atomic Power Company, Atomic Energy Society of Japan (AESJ), Nuclear Regulation Authority, Japan Atomic Energy Commission (AEC), Japan Energy Association Wec, and many others.	Hacktivists part of Anonymous (EUTNAIOA) claim to have attacked a large number of websites after the Japanese announcement of the planned release of treated Fukushima wastewater into the ocean.	DDoS	Public admin and defence, social security	Hacktivism	JP		Anonymous, EUTNAIOA, Fukushima
146	14/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	New York Life Insurance Company (NYLIC),	New York Life Insurance Company (NYLIC), one of the world’s largest corporations, admits to have been exposed to the MOVEit Transfer attacks via third-party vendor Pension Benefit Information (PBI).	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, New York Life Insurance, NYLIC, PBI, CVE-2023-34362, ransomware
147	14/08/2023	Since at least early August 2023	Early August 2023	?	Multiple organizations	Researchers from Uptycs discover a new malicious tool dubbed QwixxRAT (AKA Telegram RAT).	Malware	Multiple Industries	Cyber Crime	>1		Uptycs, QwixxRAT, Telegram RAT
148	14/08/2023	30/05/2023	-	Clop AKA Lace Tempest, TA505 and FIN11	Alogent Holdings	Alogent Holdings files a notice of data breach related to an incident occurred exploiting the vulnerability in MOVEit, resulting in an unauthorized party being able to access consumers’ sensitive information, which includes their names, account and routing numbers, addresses, phone numbers, check payees and remittance amounts.	CVE-2023-34362 Vulnerability	Professional, scientific and technical	Cyber Crime	US		Alogent Holdings, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
149	14/08/2023	30/05/2023	21/06/2023	Clop AKA Lace Tempest, TA505 and FIN11	TMG Health	VNS Health files a notice of data breach after discovering that TMG Health, a third-party vendor of VNS, experienced a data breach affecting information that VNS provided to the vendor.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		TMG Health, VNS Health, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
150	14/08/2023	21/06/2023	23/06/2023	Clop AKA Lace Tempest, TA505 and FIN11	HCSC Insurance Services Company	Blue Cross and Blue Shield of Illinois file a notice describing a third-party data breach that occurred at HCSC Insurance Services Company. The incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, email addresses, phone numbers, dates of birth, Social Security Numbers, claim numbers, bank account numbers and medical service information.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Blue Cross and Blue Shield of Illinois, Clop, Cl0p, HCSC Insurance Services Company, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
151	14/08/2023	-	-	?	M&T Bank	M&T Bank files a notice of data breach explaining that an incident resulted in an unauthorized party being able to access consumers’ sensitive information, including their names and financial account information.	Unknown	Finance and insurance	Cyber Crime	US		M&T Bank
152	14/08/2023	12/06/2023	09/06/2023	?	El Centro Del Barrio (CentroMed)	El Centro Del Barrio d/b/a CentroMed files a notice of data breach after discovering that unauthorized actors were able to access the company’s IT network.	Unknown	Human health and social work	Cyber Crime	US		El Centro Del Barrio, CentroMed
153	14/08/2023	14/08/2023	14/08/2023	?	Electronic Sign	in Surgut, a Siberian oil town, someone hacks an electronic sign, posting insults against President Putin.	Unknown	Unknown	Hacktivism	RU		Surgut, Putin
154	14/08/2023	-	-	Medusa	Levare International,	The Medusa ransomware gang blackmails Levare International with a DDoS attack after hitting them with a ransomware.	Malware	Manufacturing	Cyber Crime	UAE		Medusa, ransomware, Levare International
155	14/08/2023	14/08/2023	14/08/2023	?	Prince George’s County Public Schools (PGCPS)	Prince George’s County Public Schools (PGCPS) discloses to have suffered a cyber attack.	Unknown	Education	Cyber Crime	US		Prince George’s County Public Schools, PGCPS
156	14/08/2023	Since 21/07/2022	Since 21/07/2022	?	Multiple blockchains	Researchers from Distrust say that a total of at least $900,000 was stolen across multiple blockchains exploiting the CVE-2023-39910 vulnerability dubbed Milk Sad.	CVE-2023-39910 Vulnerability	Fintech	Cyber Crime	>1		Distrust, CVE-2023-39910, Milk Sad
157	14/08/2023	14/08/2023	14/08/2023	?	Zunami Protocol	Attackers exploit a price manipulation vulnerability on decentralized finance platform Zunami Protocol to steal more than $2.1 million and launder it via the U.S. government-sanctioned crypto mixer Tornado Cash.	Price Manipulation Vulnerability	Fintech	Cyber Crime	N/A		Zunami Protocol
158	14/08/2023	From February to July 2023	From February to July 2023	Multiple threat actors	Multiple organizations	Researchers from Netskope discover multiple phishing campaings making use of Cloudflare R2 to host phishing pages.	Account Takeover	Multiple Industries	Cyber Crime	>1		Netskope, Cloudflare
159	15/08/2023	14/08/2023	14/08/2023	Raccoon Stealer	Multiple organizations	Researchers from Cyberint reveal that the developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cyber criminals.	Malware	Multiple Industries	Cyber Crime	>1		Cyberint, Raccoon Stealer
160	15/08/2023	20/07/2023	08/08/2023	?	Multiple organizations	Researchers from Fox-IT reveal that a threat actor has compromised close to 2,000 Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519.	CVE-2023-3519 Vulnerability	Multiple Industries	Cyber Crime	>1		Fox-IT, Citrix NetScaler, CVE-2023-3519
161	15/08/2023	'In recent weeks'	'In recent weeks'	?	LinkedIn Users	Researchers from Cyberint reveal that LinkedIn is being targeted in a wave of account hacks resulting in many accounts being locked out for security reasons or ultimately hijacked by attackers.	Account Takeover	Individual	Cyber Crime	>1		Cyberint, LinkedIn
162	15/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	Banco Popular de Puerto Rico	Banco Popular de Puerto Rico, Puerto Rico’s largest bank, joins the victim list of the MOVEit attacks after the personal data of its 82,217 clients were exposed via third-party vendor PricewaterhouseCoopers (PwC).	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware, Banco Popular de Puerto Rico, PricewaterhouseCoopers, PwC
163	15/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	Medicine Camden Clark Medical Center	Medicine Camden Clark Medical Center joins the list of the MOVEit vulnerabilities victims.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware, Medicine Camden Clark Medical Center
164	15/08/2023	-	12/07/2023	Clop AKA Lace Tempest, TA505 and FIN11	First Farmers Bank & Trust	First Farmers Bank & Trust files a notice of data breach after discovering that an unauthorized party was able to access confidential FFBT customer information through the MOVEit vulnerability.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		First Farmers Bank & Trust, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
165	15/08/2023	-	-	Clop AKA Lace Tempest, TA505 and FIN11	University of Massachusetts Chan Medical School (UMass Chan)	University of Massachusetts Chan Medical School (UMass Chan) posts a website notice describing a data breach impacting 134,000 users and resulting from the organization's use of MOVEit.	CVE-2023-34362 Vulnerability	Education	Cyber Crime	US		University of Massachusetts Chan Medical School, UMass Chan, Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CVE-2023-34362, ransomware
166	15/08/2023	07/02/2023	07/02/2023	?	Advance America Cash Advance Centers of Montana and Advance America Cash Advance Centers of Vermont (Advance America)	Advance America Cash Advance Centers of Montana and Advance America Cash Advance Centers of Vermont (Advance America) file notices of data breach explaining that a cyber incident resulted in an unauthorized party being able to access consumers’ sensitive information.	Unknown	Finance and insurance	Cyber Crime	US		Advance America Cash Advance Centers of Montana, Advance America Cash Advance Centers of Vermont, Advance America
167	15/08/2023	-	-	?	Cleveland City Schools	Cleveland City Schools say they are dealing with the aftermath of a ransomware attack.	Unknown	Education	Cyber Crime	US		Cleveland City Schools, ransomware
168	15/08/2023	15/08/2023	15/08/2023	?	RocketSwap	Decentralized exchange RocketSwap loses $870,000 in a hack due to multiple vulnerabilities, including storing user private keys on its cloud servers via a brute-force attack.	Brute-force	Finance and insurance	Cyber Crime	N/A		RocketSwap
169	15/08/2023	-	26/07/2023	?	Johnstown Regional Sewage	Federal and local law enforcement agencies investigate into an alleged phishing scam perpetrated against Johnstown Regional Sewage.	Account Takeover	Water supply, waste mgmt, remediation	Cyber Crime	US		Johnstown Regional Sewage
170	15/08/2023	15/08/2023	15/08/2023	Medusa	Postel	The Medusa ransomware gang claims responsibility for a cyber attack against Postel, a company controlled by the Italian National Mail.	Malware	Administration and support service	Cyber Crime	IT		Medusa, ransomware, Postel
171	15/08/2023	Since 16/07/2023	Since November 2022	KmsdBot	Multiple organizations	Researchers from Akamai discover an updated version of a botnet malware called KmsdBot, targeting Internet of Things (IoT) devices.	Malware	Multiple Industries	Cyber Crime	>1		Akamai, KmsdBot, Internet of Things, IoT
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Creating the timelines is a very time-consuming task.

Any little helps!

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

Q3 2023 Cyber Attacks Statistics
The third quarter of 2023 saw a 6.5% increase in cyber attacks with 1,108 events. Cybercrime led the charts with 79.7% of motives, mostly using malware techniques. Exploitation of vulnerabilities ranked second, majorly affecting multiple industries and healthcare and financial sectors.
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
Q4 2022 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published during Q4 2022) In total I collected...
September 2023 Cyber Attacks Statistics
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
2020 Cyber Attacks Statistics
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.