16-31 August 2023 Cyber Attacks Timeline

Last modified: October 18, 2023

Follow me on Twitter

Connect on Linkedin

Connect on Mastodon

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Motivations August H2 2023

Attack Techniques August H2 2023

This post ends my infosec Summer (apologies for the delay in updating the timelines, I promise I’ll try to catch up!) Anyway, in the second timeline of August, I collected 165 events (corresponding to 11.27 events per day), a result almost in line with the first half of the same month (171 events, that is 11.40 events per day) and again above the average level of the pre-MOVEit age. The trail of disclosures related to the Cl0p breaches confirmed its decreasing trend, despite there were new organizations that continued to join the list of the victims.

Attacks carried out via malware confirmed the leadership in the motivations chart with 35.2% (58 out of 165 events) one point lower than 36.3% (58 out of 171 events), whereas vulnerabilities, despite confirmed a value very close to the previous timeline (22.6% vs. 22.4%). Ransomware was directly or indirectly involved in 31.5% of events in contrast with 36.1% of the previous timeline.

16-31 July 2023 Cyber Attacks Timeline

New victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability emerged even during…

The fintech sector continued to be under pressure even in this fortnight with several entities suffering the theft of crypto assets for millions of dollars worth. The list of the victims includes the Exactly Protocol ($7.3 million worth,) Harbor Protocol, Tetra Protocol, Balancer, Cypher, and even a campaign targeting individuals operating in the crypto space exploiting CVE-2023-38831, a zero-day vulnerability in the popular file archiving utility WinRAR.

The multiple attacks carried out exploiting the MOVEit breach continued to affect also the mega breaches landscape. For example the French government agency Pôle Emploi was hit in the hacking spree with the possible compromise of 11 million records. On a different side, the University of Minnesota confirmed to be investigating a data breach after hackers claimed to have obtained over seven million Social Security numbers from the school’s computer network. Last but not least, a database with 14GB of files with facial photos and 5.1 million records with El Salvadorans personal information was listed for sale on a popular hacking forum.

In terms of Cyber Espionage, a particular mention is deserved by the North Korean groups such as Kimsuky, the Lazarus Group and their affiliates, particularly active in this fortnight. Ukraine was also targeted (but this is not a novelty) by the Gamaredon group and threat actors linked to the main directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). The timeline also includes other consolidated groups such as Bronze Starlight, some unnamed or unidentified groups, but also other newcomers such as: GroundPeony, Carderbee, Flax Typhoon, GREF, and Earth Estries.

In terms of hacktivism: the pro-Russia hacktivists from Killnet and NoName057(16) were particularly active against targets in Lithuania, Ukraine and Poland.

Of course, my final suggestion is always the same: browse the timeline, and obviously share it to support my work in spreading the risk awareness across the community.

And don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, or Mastodon for the latest updates.

Geo Map August H2 2023

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	16/08/2023	SInce May 2023	During May 2023	?	Undisclosed energy company in the U.S.	Researchers from Cofense discover a phishing campaign was observed targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security.	Account Takeover	Electricity, gas steam, air conditioning	Cyber Crime	US		Cofense, QR code
2	16/08/2023	'Recently'	'Recently'	AdLoad	Individuals	Researchers from AT&T Alien Labs discover a massive campaign delivering proxy server apps to at least 400,000 Windows systems, with the devices acting as residential exit nodes without users' consent and with a company is charging for the proxy traffic running through the machines..	Malware	Individual	Cyber Crime	>1		AT&T Alien, AdLoad
3	16/08/2023	-	-	?	Multiple organizations in the U.S.	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and and exploited in the wild.	CVE-2023-24489 vulnerability	Multiple Industries	N/A	US		U.S. Cybersecurity and Infrastructure Security Agency, CISA, Citrix ShareFile, CVE-2023-24489
4	16/08/2023	-	-	?	Undisclosed auction house	Researchers from Flare reveal that unknown attackers claim to have breached the network of a major auction house and offered access to whoever was willing to pay $120,000.	Unknown	Arts entertainment, recreation	Cyber Crime	N/A		Flare
5	16/08/2023	-	-	8Base	ToyotaLift Northeast	The 8Base ransomware group lists ToyotaLift Northeast, an authorized Toyota forklift dealer, on its list of victims.	Malware	Wholesale and retail	Cyber Crime	US		8Base, ransomware, ToyotaLift Northeast
6	16/08/2023	SInce at least 30/07/2023	-	?	Multiple organizations	Researchers from Malwarebytes discover a malvertising campaign using an advanced cloaking technique to remain under the radar.	Malicious Script Injection	Multiple Industries	Cyber Crime	>1		Malwarebytes
7	17/08/2023	Since at least April 2023	Since at least April 2023	?	Multiple organizations worldwide	Researchers from ESET discover an ongoing phishing campaign underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration email servers worldwide.	Account Takeover	Multiple Industries	N/A	>1		ESET, Zimbra
8	17/08/2023	Since at least April 2023	-	ALPHV AKA BlackCat	Multiple organizations	Researchers from Microsoft discover a new version of the BlackCat ransomware that embeds the Impacket networking framework and the Remcom hacking tool, both enabling spreading laterally across a breached network.	Malware	Multiple Industries	Cyber Crime	>1		Microsoft, ALPHV, BlackCat, Sphynx, Remcom, ransomware
9	17/08/2023	Since at least May 2023	-	Bronze Starlight	Southeast Asian gambling industry	Researchers from SentinelOne discover a second phase of the Operation ChattyGoblin carried out by a China-aligned APT group known as 'Bronze Starlight', targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the Ivacy VPN provider.	Targeted Attack	Arts entertainment, recreation	Cyber Espionage	>1		SentinelOne, Operation ChattyGoblin, China, Bronze Starlight, Ivacy
10	17/08/2023	Since at least early June 2023	Early June 2023	Cuba	Critical infrastructure organizations in the United States and IT firms in Latin America	Researchers from Blackberry reveal that the Cuba ransomware gang was observed in attacks targeting critical infrastructure organizations in the United States and IT firms in Latin America, using a combination of old and new tools and exploiting the CVE-2023-27532 Veeam vulnerability.	Malware	Multiple Industries	Cyber Crime	>1		Blackberry, Cuba, ransomware, CVE-2023-27532, Veeam
11	17/08/2023	04/05/2023	04/05/2023	Black Basta	Raleigh Housing Authority	The Black Basta ransomware gang starts posting sensitive personal information connected to a devastating attack on the Raleigh Housing Authority (RHA) that disrupted the organization for weeks in May.	Malware	Real estate	Cyber Crime	US		Black Basta, ransomware, Raleigh Housing Authority, RHA
12	17/08/2023	17/08/2023	17/08/2023	Medusa	Town of Sartrouville	The French town of Sartrouville is hit with a Medusa ransomware cyberattack.	Malware	Public admin and defence, social security	Cyber Crime	FR		Sartrouville, Medusa, ransomware
13	17/08/2023	'Recently'	'Recently'	LABRAT	Multiple organizations	Researchers from Sysdig discover a new, financially motivated operation, dubbed LABRAT, exploiting the CVE-2021-22205 vulnerability, performing cryptomining, relying on signature-based tools and stealthy cross-platform malware to remain undetected, and abusing TryCloudflare to hide its command-and-control (C&C) infrastructure.	Malware	Multiple Industries	Cyber Crime	>1		Sysdig, LABRAT, CVE-2021-22205, TryCloudflare
14	17/08/2023	Since at least June 2023	During June 2023	Threat actors from China	U.S. military procurement system and Taiwan-based organization	Researchers from Lumen discover a new HiatusRAT campaign performing reconnaissance against a U.S. military procurement system, and targeting of Taiwan-based organizations.	Malware	Multiple Industries	Cyber Espionage	US TW		Lumen, HiatusRAT, China
15	17/08/2023	Since at least July 2023	During July 2023	Play	Managed Service Providers (MSPs) worldwide	Researchers from Adlumin reveal that the Play ransomware group is now hitting managed service providers (MSPs) around the globe in a cyberattack campaign to distribute ransomware to their downstream customers: midsized businesses in the finance, legal, software, shipping, law enforcement, and logistics sectors	Malware	Professional, scientific and technical	Cyber Crime	>1		Adlumin, Play, ransomware, MSPs
16	17/08/2023	Since at least 2020	During January 2020	?	Individuals	Researchers from Malwarebytes reveal that the scam campaign dubbed WoofLocker is still active.	Scam	Individual	Cyber Crime	>1		Malwarebytes, WoofLocker
17	17/08/2023	15/06/2023	18/06/2023	?	SouthCoast Medical Group	The SouthCoast Medical Group files a notice of data breach after discovering that an unauthorized party downloaded certain files from the company’s computer network.	Unknown	Human health and social work	Cyber Crime	US		SouthCoast Medical Group
18	17/08/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Blue Cross Blue Shield of Arizona	Blue Cross Blue Shield of Arizona files a notice after discovering that TMG Health, one of the vendors used by AZ Blue, experienced a data breach affecting AZ Blue customer data	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Blue Cross Blue Shield of Arizona, TMG Health, CVE-2023-34362, ransomware
19	17/08/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Harris Center for Mental Health and IDD	The Harris Center for Mental Health and IDD files a notice of data breach after discovering that one of the organization’s vendors experienced a data breach related to a vulnerability in the MOVEit file transfer application.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Harris Center for Mental Health and IDD
20	17/08/2023	22/11/2022	13/12/2022	?	Bailey Cavalieri	The Bailey Cavalieri law firm files a notice of data breach after discovering that an unauthorized party was able to access the company’s computer system	Unknown	Professional, scientific and technical	Cyber Crime	US		Bailey Cavalieri
21	18/08/2023	-	11/08/2023	NoEscape	auDA	auDA, the organization that manages Australia’s internet domain .au denies that it was affected by a data breach, after the NoEscape ransomware gang adds it to their list of victims.	Malware	Administration and support service	Cyber Crime	AU		auDA, NoEscape, ransomware
22	18/08/2023	-	-	Multiple threat actors	Individuals in multiple countries	An international law enforcement operation led by Interpol leads to the arrest of 14 suspected cybercriminals in an operation codenamed 'Africa Cyber Surge II,' launched in April 2023. The four-month operation spanned 25 African countries and disrupted over 20,000 cybercrime networks engaged in extortion, phishing, BEC, and online scams, responsible for financial losses of over $40,000,000.	Account Takeover	Individual	Cyber Crime	>1		Interpol, Africa Cyber Surge II
23	18/08/2023	-	-	Unnamed foreign intelligence services	U.S.-based space companies	The FBI, the National Counterintelligence and Security Center (NCSC) and the Air Force Office of Special Investigations (AFOSI) warn of increasing cyberattacks targeting U.S.-based space companies by unnamed foreign intelligence services.	Targeted Attack	Professional, scientific and technical	Cyber Espionage	US		FBI, National Counterintelligence and Security Center, NCSC, Air Force Office of Special Investigations, AFOSI
24	18/08/2023	18/08/2023	18/08/2023	?	Ecuador's National Election	Ecuador’s national election is hit by difficulties in the voting online for citizens living abroad, attributed to cyberattacks originating from seven different countries.	DDoS	Public admin and defence, social security	Cyber Crime	EC		Ecuador’s national election
25	18/08/2023	-	-	?	Exactly Protocol	Decentralized finance platform Exactly Protocol confirms to be “actively investigating a security issue” temporarily pausing the protocol, after $7.3 million worth of ETH had been stolen during the attack.	Unknown	Fintech	Cyber Crime	N/A		Exactly Protocol
26	18/08/2023	-	-	Black Basta	Adams Bank & Trust	Adams Bank & Trust is listed in the Black Basta ransomware site.	Malware	Finance and insurance	Cyber Crime	US		Adams Bank & Trust, Black Basta, ransomware
27	18/08/2023	-	-	Black Basta	Twin Towers Trading	Twin Towers Trading is listed in the Black Basta ransomware site.	Malware	Finance and insurance	Cyber Crime	US		Twin Towers Trading, Black Basta, ransomware
28	18/08/2023	-	-	Black Basta	Deutsche Leasing AG	Deutsche Leasing AG is listed in the Black Basta ransomware site.	Malware	Finance and insurance	Cyber Crime	DE		Deutsche Leasing AG, Black Basta, ransomware
29	18/08/2023	-	-	Black Basta	Undisclosed German organization in the Appliances Electrical and Electronics Manufacturing sector	An undisclosed German organization in the Appliances Electrical and Electronics Manufacturing sector is listed in the Black Basta ransomware site.	Malware	Manufacturing	Cyber Crime	DE		Black Basta, ransomware
30	18/08/2023	-	-	Black Basta	Van der Ven Auto’s	Van der Ven Auto’s is listed in the Black Basta ransomware site.	Malware	Wholesale and retail	Cyber Crime	NL		Van der Ven Auto’s, Black Basta, ransomware
31	18/08/2023	-	-	?	Illinois Department of Public Health	The Illinois Department of Public Health files a notice of data breach after discovering that information belonging to certain residents was compromised.	Unknown	Public admin and defence, social security	Cyber Crime	US		Illinois Department of Public Health
32	18/08/2023	-	21/06/2023	Clop AKA Lace Tempest, TA505, and FIN11	UofL Health	UofL Health confirms to have been affected by the data breach on popular file transfer tool MOVEit	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, UofL Health, CVE-2023-34362, ransomware
33	18/08/2023	18/08/2023	18/08/2023	?	Patriot Legal Defense Fund	The Patriot Legal Defense Fund website, established to support aides and employees of former President Donald Trump, is defaced.	Defacement	Other service activities	Hacktivism	US		Patriot Legal Defense Fund, Donald Trump
34	18/08/2023	23/05/2023	23/05/2023	?	Bunker Hill Community College	Bunker Hill Community College discloses a. May ransomware attack.	Malware	Education	Cyber Crime	US		Bunker Hill Community College, ransomware
35	18/08/2023	-	-	?	OutletAccessori.it	The customer data of OutletAccessori.it, an Italian e-commerce site, is put up for sale on three different forums.	Unknown	Wholesale and retail	Cyber Crime	IT		OutletAccessori.it
36	19/08/2023	19/08/2023	19/08/2023	?	Harbor Protocol	The Harbor Protocol announces to be dealing with a cyber attack.	Unknown	Fintech	Cyber Crime	N/A		Harbor Protocol
37	19/08/2023	-	-	TheSnake	RobertoPolizzo.com	A threat actor calling themselves 'TheSnake' claims to have stolen 1.3 TB of files from RobertoPolizzo.com, a Brazilian plastic surgery.	Unknown	Human health and social work	Cyber Crime	BR		TheSnake, RobertoPolizzo.com
38	19/08/2023	-	30/07/2023	NoEscape	Respublikinė Vilniaus Psichiatrijos Ligoninė (the Republican Vilnius Psychiatric Hospital)	The Respublikinė Vilniaus Psichiatrijos Ligoninė (the Republican Vilnius Psychiatric Hospital) in Lithuania is hit with a NoEscape ransomware attack.	Malware	Human health and social work	Cyber Crime	LT		NoEscape, Respublikinė Vilniaus Psichiatrijos Ligoninė, Republican Vilnius Psychiatric Hospital), NoEscape, ransomware
39	19/08/2023	18/08/2023	18/08/2023	Play	Bolton Group	Bolton Group is listed in the website of the Play ransomware group.	Malware	Manufacturing	Cyber Crime	IT		Bolton Group, Play, ransomware
40	20/08/2023	Mid-August 2023	Mid-August 2023	Rhysida	Singing River Health System	Singing River Health System is forced to take several internal services offline after experiencing a cyberattack.	Malware	Human health and social work	Cyber Crime	US		Singing River Health System
41	20/08/2023	-	-	Kimsuky	Ulchi Freedom Shield	Suspected North Korean hackers from Kimsuky have attempted an attack targeting the annual Ulchi Freedom Shield drills, a major joint military exercise between Seoul and Washington.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	KR US		Kimsuky, Ulchi Freedom Shield, North Korea, South Korea, United States
42	25/08/2023	25/08/2023	25/08/2023	Killnet	429 gas stations in Lithuania	The Pro-Russia Killnet group claims responsibility for a DDoS attack against 429 gas stations in Lithuania.	DDoS	Electricity, gas steam, air conditioning	Hacktivism	UA		Killnet, Russia, SOCAR Energy Ukraine, WOG, West Oil Group, Amic Energy
43	21/08/2023	28/07/2023	02/08/2023	ALPHV AKA BlackCat	Seiko	The BlackCat/ALPHV ransomware gang adds Seiko to its extortion site, claiming responsibility for a cyberattack disclosed by the Japanese firm earlier this month.	Malware	Manufacturing	Cyber Crime	JP		BlackCat, ALPHV, Seiko, ransomware
44	21/08/2023	-	-	?	Multiple organizations	US-based IT software company Ivanti warns customers that CVE-2023-38035, a critical Sentry API authentication bypass vulnerability is being exploited in the wild.	CVE-2023-38035 Vulnerability	Multiple Industries	N/A	>1		Ivanti, CVE-2023-38035, Sentry API
45	21/08/2023	18/08/2023	-	?	Energy One	The Australian software provider Energy One confirms to have been hit by a cyberattack.	Unknown	Professional, scientific and technical	Cyber Crime	AU		Energy One
46	21/08/2023	-	-	Cyber Resistance	Cyber Resistance	Ukrainian hackers from the Cyber Resistance collective claim to have broken into the email account of Alexander Babakov, a senior Russian politician and expose 11 GB of emails documents that allegedly prove his involvement in money laundering and sanction evasion schemes.	Unknown	Public admin and defence, social security	Hacktivism	RU		Cyber Resistance, Alexander Babakov
47	21/08/2023	Since at least July 2023	Since at least July 2023	XLoader	Multiple organizations	Researchers from Sentinel One discover a new variant of the XLoader able to evade Apple’s security measures as it tries to steal sensitive information from macOS devices.	Malware	Multiple Industries	Cyber Crime	US		Sentinel One, XLoader, Apple, macOS
48	21/08/2023	-	21/08/2023	Snatch	Department of Defence South Africa	The Snatch ransomware group adds the Department of Defence South Africa to its data leak site.	Malware	Public admin and defence, social security	Cyber Crime	ZA		Department of Defence South Africa, ransomware
49	21/08/2023	Since at least 21/08/2023	21/08/2023	?	Facebook users	Researchers from ESET reveal that threat actors have been exploiting fraudulent artificial intelligence (AI) bots to attempt and install malicious software under the guise of genuine AI applications.	Malware	Individual	Cyber Crime	>1		ESET, Facebook, AI, Google Bard
50	21/08/2023	19/08/2023	-	Medusa	International Civil Defense Organization (ICDO)	The Medusa ransomware group adds the International Civil Defense Organization (ICDO) to its list of targeted victims.	Malware	Other service activities	Cyber Crime	CH		Medusa, ransomware, International Civil Defense Organization, ICDO
51	21/08/2023	-	-	Medusa	Novi Pazar-Put	The Medusa ransomware group adds Novi Pazar-Put to its list of targeted victims.	Malware	Professional, scientific and technical	Cyber Crime	RS		Medusa, ransomware, Novi Pazar-Put
52	21/08/2023	-	-	?	Health Care Service Corporation	Health Care Service Corporation (HCSC) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that confidential information that had been entrusted to HCSC was subject to unauthorized access.	Unknown	Human health and social work	Cyber Crime	US		Health Care Service Corporation, HCSC
53	21/08/2023	-	16/08/2023	FocaLeaks	Unknown organization in the healthcare sector	A database with 14GB of files with facial photos and 5.1 million records with El Salvadorans personal information is listed for sale on a popular hacking forum.	Unknown	Human health and social work	Cyber Crime	SV		FocaLeaks
54	21/08/2023	-	-	?	Individuals	A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser.	Scam	Individual	Cyber Crime	>1		Amazon, Google Ad, Microsoft Defender
55	22/08/2023	Since March 2023	During March 2023	GroundPeony AKA UNC33471	Government organizations in Taiwan	Researchers at Nao_sec discover a new campaign by a Chinese threat actor dubbed GroundPeony, targeting government organizations in Taiwan.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	TW		Nao_sec, GroundPeony, China
56	22/08/2023	Since at least April 2023 (this specific campaign)	September 2022	Carderbee	Organizations in Hong Kong and other regions in Asia	Researchers from Symantec uncover a previously unidentified APT hacking group named 'Carderbee' observed attacking organizations in Hong Kong and other regions in Asia, using legitimate software to infect targets' computers with the PlugX malware using the legitimate Cobra DocGuard.	Targeted Attack	Multiple Industries	Cyber Espionage	HK >1		Symantec, Broadcom, Carderbee, PlugX, Cobra DocGuard
57	22/08/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Pôle Emploi	Pôle Emploi, France's government unemployment registration and financial aid agency, informs of a data breach that exposed data belonging to 10 million individuals.	CVE-2023-34362 Vulnerability	Public admin and defence, social security	Cyber Crime	FR		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Pôle Emploi, CVE-2023-34362, ransomware
58	22/08/2023	SInce at least early August 2023	SInce at least early August 2023	Akira	Multiple organizations	Several researchers observe the Akira ransomware group targeting Cisco VPN products as an attack vector to breach corporate networks, steal, and eventually encrypt data.	Misconfiguration	Multiple Industries	Cyber Crime	>1		Akira, ransomware, Cisco VPN
59	22/08/2023	22/08/2023	22/08/2023	?	Public Center for Social Action (CPAS)	The Public Center for Social Action (CPAS) in Charleroi, Belgium, announced its social branches would be closed “except for absolute emergencies” as a result of a suspected ransomware attack.	Malware	Public admin and defence, social security	Cyber Crime	BE		Public Center for Social Action, CPAS, ransomware
60	22/08/2023	-	-	Multiple threat actors	Multiple organizations in the U.S.	The US Cybersecurity and Infrastructure Security Agency (CISA) warns organizations that CVE-2023-26359, an Adobe ColdFusion vulnerability patched earlier this year is being exploited in attacks.	CVE-2023-26359 Vulnerability	Multiple Industries	N/A	US		US Cybersecurity and Infrastructure Security Agency, CISA, CVE-2023-26359, Adobe ColdFusion
61	22/08/2023	Since at least May 2023	During May 2023	CosmicBeetle	Multiple organizations	Researchers from ESET uncover a malicious toolset named Spacecolon deployed to spread variants of the Scarab ransomware across global victim organizations.	Malware	Multiple Industries	Cyber Crime	>1		CosmicBeetle, ESET, Spacecolon, Scarab, ransomware
62	22/08/2023	Since the beginning of August	Early August 2023	?	Roblox API users	Security researchers from ReversingLabs identify several malicious npm packages that seek to trick Roblox API users into downloading a type of malware named Luna Grabber.	Malware	Individual	Cyber Crime	>1		ReversingLabs, Roblox API, Luna Grabber
63	22/08/2023	-	-	?	Gadsden County	Gadsden County suffers a security breach but provides no details.	Unknown	Public admin and defence, social security	Cyber Crime	US		Gadsden County
64	22/08/2023	-	-	?	University of Minnesota	The University of Minnesota confirms that it is investigating a data breach after hackers claimed to have obtained over seven million Social Security numbers from the school’s computer network.	Unknown	Education	Cyber Crime	US		University of Minnesota
65	22/08/2023	Since at least early 2023	Early 2023	?	Individuals	Researchers from Zscaler discover Agniane Stealer, a malware-as-a-service, able to fraudulently take credentials, system information, and session details from browsers, tokens, and file transferring tools. and also targeting cryptocurrency extensions and wallets.	Malware	Individual	Cyber Crime	>1		Zscaler, Agniane Stealer
66	22/08/2023	-	-	?	MidFirst Bank	MidFirst Bank files a notice of data breach after discovering that consumer information that had been entrusted to the company was subject to unauthorized access.	Unknown	Finance and insurance	Cyber Crime	US		MidFirst Bank
67	22/08/2023	13/08/2023	13/08/2023	?	Swan Retail	Swan Retail, a UK-based Retail Management and EPOS Solutions provider is hit with a cyber attack.	Unknown	Professional, scientific and technical	Cyber Crime	GB		Swan Retail
68	22/08/2023	-	-	?	Terra Protocol	Terra announces a temporary shuttering of its website to protect its users from interacting with an ongoing phishing scam on the platform.	Account Takeover	Fintech	Cyber Crime	>1		Terra
69	22/08/2023	-	21/02/2023	?	Absolute Dental Services	Absolute Dental Services reveals to have experienced a data security incident that may have impacted personal or protected health information belonging to certain individuals,	Account Takeover	Human health and social work	Cyber Crime	US		Absolute Dental Services
70	23/08/2023	Since at least 08/08/2023	08/08/2023	?	Multiple organizations	Researchers from Secureworks reveal that the cybercriminals behind the Smoke Loader botnet are using a new piece of malware called Whiffy Recon to triangulate the location of infected devices through WiFi scanning and Google's geolocation API.	Malware	Multiple Industries	Cyber Crime	>1		Secureworks, Smoke Loader, Whiffy Recon
71	23/08/2023	-	-	Multiple threat actors	Multiple organizations in the U.S.	The Federal Bureau of Investigation warns that patches for CVE-2023-2868, a critical Barracuda Email Security Gateway (ESG) remote command injection flaw are "ineffective," and patched appliances are still being compromised in ongoing attacks.	CVE-2023-2868 Vulnerability	Multiple Industries	N/A	US		FBI, Federal Bureau of Investigation, CVE-2023-2868, Barracuda, Email Security Gateway, ESG
72	23/08/2023	18/08/2023	18/08/2023	?	CloudNordic	Danish hosting firms CloudNordic and AzeroCloud suffer ransomware attacks, causing the loss of the majority of customer data and forcing the hosting providers to shut down all systems, including websites, email, and customer sites.	Malware	Professional, scientific and technical	Cyber Crime	DK		CloudNordic, AzeroCloud, ransomware
73	23/08/2023	Since at least June 2023	During June 202	Multiple threat actors	Multiple organizations	Researchers from VulnCheck reveal that more than 3,000 Openfire servers have not been patched against CVE-2023-32315, a recent vulnerability currently exploited by threat actors.	CVE-2023-32315 Vulnerability	Multiple Industries	Cyber Crime	>1		VulnCheck, Openfire, CVE-2023-32315
74	23/08/2023	Since at least April 2023	10/07/2023	Evilnum	Individuals involved in cryptocurrency trading activities	Researchers from Group-IB reveal that a financially motivated cybercrime group has exploited CVE-2023-38831, a zero-day vulnerability in the popular file archiving utility WinRAR to deliver malware to traders and steal their money.	CVE-2023-38831 Vulnerability	Fintech	Cyber Crime	>1		Group-IB, CVE-2023-38831, WinRAR, Evilnum
75	23/08/2023	Since at least July 2023	Since at least July 2023	?	Individuals	Researchers from Trend Micro discover a threat actor abusing paid Facebook promotions to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials.	Malware	Individual	Cyber Crime	>1		Trend Micro, Facebook
76	23/08/2023	22/08/2023	23/08/2023	ALPHV AKA BlackCat	North East BIC	The ALPHV AKA BlackCat ransomware group adds North East BIC, a UK-based office space rental agency, to its list of victims.	Malware	Real estate	Cyber Crime	GB		ALPHV, BlackCat, ransomware, North East BIC
77	23/08/2023	-	-	LockBit 3.0	Stockwell Harris Law	The Lockbit ransomware group claims responsibility for a ransomware attack against Stockwell Harris Law.	Malware	Professional, scientific and technical	Cyber Crime	US		LockBit 3.0, Lockbi, ransomware, Stockwell Harris Law
78	23/08/2023	Since June 2023	During July 2023	RastaFarEye	Multiple organizations	Researchers at Malwarebytes discover a new malspam campaign deploying an off-the-shelf malware called DarkGate.	Malware	Multiple Industries	Cyber Crime	>1		Malwarebytes, DarkGate, RastaFarEye
79	23/08/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Data Media Associates	Data Media Associates files a notice of data breach after discovering that an unauthorized party was able to access confidential consumer information stored on the MOVEit platform.	CVE-2023-34362 Vulnerability	Professional, scientific and technical	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Data Media Associates, MOVEit, CVE-2023-34362, ransomware
80	23/08/2023	-	-	?	AmeriBen	IEC Group, which does business under the name AmeriBen, files a notice of data breach after discovering that confidential consumer information that had been entrusted to the company was subject to unauthorized access.	Unknown	Finance and insurance	Cyber Crime	US		IEC Group, AmeriBen
81	23/08/2023	-	-	?	CLEAResult	CLEAResult files a notice of data breach after discovering that confidential consumer data that had been entrusted to the company was subject to unauthorized access.	Unknown	Administration and support service	Cyber Crime	US		CLEAResult
82	23/08/2023	18/05/2020	09/12/2022	?	iMedicWare	Milan Eye Center notifies that a vendor used by the company, iMedicWare, experienced a data breach, resulting in Milan Eye Center patient information being compromised.	Unknown	Professional, scientific and technical	Cyber Crime	US		Milan Eye Center, iMedicWare
83	23/08/2023	Between April and August 2023	Between April and August 2023	?	Multiple organizations	Researchers at EclecticIQ discover a new RedLine stealer spam campaign.	Malware	Multiple Industries	Cyber Crime	>1		EclecticIQ, RedLine Stealer
84	23/08/2023	-	31/05/2023	Clop AKA Lace Tempest, TA505, and FIN11	Sovos Compliance	Sovos Compliance files a notice of data breach on behalf of several companies after learning to have been affected by the MOVEit vulnnerability.	CVE-2023-34362 Vulnerability	Professional, scientific and technical	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Chevron Federal Credit Union, MOVEit, CVE-2023-34362, ransomware
85	24/08/2023	Early 2023	Early 2023	Lazarus Group	Multiple organizations in the U.S. and U.K	Researchers from CIsco Talos reveal that the North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations with the QuiteRAT malware and a newly discovered remote access trojan (RAT) dubbed CollectionRAT.	Targeted Attack	Multiple Industries	Cyber Espionage	US GB		CIsco Talos, CVE-2022-47966, Zoho's ManageEngine ServiceDesk, QuiteRAT, CollectionRAT, Lazarus, North Korea
86	24/08/2023	22/08/2023	22/08/2023	?	Leaseweb	Leaseweb, one of the world's largest cloud and hosting providers, notifies people that it's working on restoring "critical" systems disabled following a recent security breach.	Unknown	Professional, scientific and technical	Cyber Crime	NL		Leaseweb
87	24/08/2023	Since at least mid-2021	-	Flax Typhoon	Organizations in Taiwan, Southeast Asia, North America, and Africa.	Microsoft identifies d a new China-based hacking group tracked as Flax Typhoon targeting government agencies and education, critical manufacturing, and information technology organizations using mostly components already available on the operating system, the so-called living-off-the-land binaries or LOLBins, and legitimate software.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		Microsoft, China, Flax Typhoon, LOLBins
88	24/08/2023	21/08/2023	21/08/2023	?	St Helens Borough Council	St Helens Borough Council is targeted by a suspected ransomware attack.	Malware	Public admin and defence, social security	Cyber Crime	GB		St Helens Borough Council, ransomware
89	24/08/2023	14/08/2023	14/08/2023	?	Rust developers	Researchers from Phylum reveal that the Crates.io Rust package registry was targeted in what appeared to be the initial phase of a malware attack aimed at developers.	Malware	Multiple Industries	Cyber Crime	>1		Phylum, Crates.io, Rust
90	24/08/2023	'Recently'	'Recently'	Russian threat actors	PayPal users	Researchers from ESET discover Telekopye, a phishing toolkit designed as a Telegram bot, and aimed to target PayPal users.	Account Takeover	Individual	Cyber Crime	>1		ESET, Telekopye, Telegram, PayPal
91	24/08/2023	-	Since 2019	TZW	Multiple organizations	Security researchers have identify TZW, a new strain of ransomware that dates back to 2019 and targets individuals and small businesses, demanding small ransoms from each client.	Malware	Multiple Industries	Cyber Crime	>1		TZW, ransomware
92	24/08/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Chevron Federal Credit Union	Chevron Federal Credit Union files a notice of data breach after discovering that the organizations suffered a cyber attack carried out exploiting the MOVEit vulnerability.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Chevron Federal Credit Union, MOVEit, CVE-2023-34362, ransomware
93	24/08/2023	During May 2023	-	?	U.S. Drug Enforcement Administration	The U.S. Drug Enforcement Administration (DEA) is duped by a common cryptocurrency scam, resulting in the agency losing over $50,000 in digital money it had seized during a three-year investigation into the use of digital currency for laundering suspected drug proceeds.	Account Takeover	Public admin and defence, social security	Cyber Crime	US		U.S. Drug Enforcement Administration, DEA, crypto
94	24/08/2023	-	-	ADHD	Four Italian Lawers' sites	The hacktivist group ADHD leaks the admin credentials of four Italian lawers' sites.	Unknown	Professional, scientific and technical	Hacktivism	IT		ADHD
95	25/08/2023	19/08/2023	-	?	Kroll	A data breach at financial and risk advisory company Kroll, carried out via a SIM-swapping attack to an employee, results in exposing to an unauthorized third-party the personal data of some credit claimants.	Account Takeover	Professional, scientific and technical	Cyber Crime	US		Kroll
96	25/08/2023	16/01/2023	10/07/2023	?	PurFoods	PurFoods the parent company of Mom’s Meals, a meal delivery service for people with chronic health conditions, confirms a data breach affecting more than 1.2 million individuals.	Unknown	Accommodation and food service	Cyber Crime	US		PurFoods, Mom’s Meals
97	25/08/2023	-	-	LockBit Locker	Architecture companies in Spain	The National Police of Spain warns of an ongoing 'LockBit Locker' ransomware campaign targeting architecture companies in the country through phishing emails.	Malware	Professional, scientific and technical	Cyber Crime	ES		National Police of Spain, LockBit Locker, ransomware
98	25/08/2023	Since mid-August 2023	Since mid-August 2023	STAC4663	Multiple organizations	Researchers from Sophos reveal that STAC4663, a threat actor believed to be tied to the FIN8 hacking group is exploiting the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks to install ransomware.	CVE-2023-3519 Vulnerability	Multiple Industries	Cyber Crime	>1		Sophos, STAC4663, FIN8, CVE-2023-3519, Citrix NetScaler, ransomware
99	25/08/2023	Early July 2023	Early July 2023	?	Ohio History Connection (OHC)	The Ohio History Connection (OHC) is hit with a ransomware attack.	Malware	Human health and social work	Cyber Crime	US		Ohio History Connection, OHC, ransomware
100	25/08/2023	24/08/2023	-	8Base	Bahamas Medical & Surgical Supplies	The 8Base ransomware group adds Bahamas Medical & Surgical Supplies to the list of victims.	Malware	Wholesale and retail	Cyber Crime	US		8Base, ransomware, Bahamas Medical & Surgical Supplies
101	25/08/2023	25/08/2023	25/08/2023	Killnet	SOCAR Energy Ukraine, WOG (West Oil Group), and Amic Energy	The Pro-Russia Killnet group claims responsibility for a DDoS attack against three major gas station networks in Ukraine.	DDoS	Electricity, gas steam, air conditioning	Hacktivism	UA		Killnet, Russia, SOCAR Energy Ukraine, WOG, West Oil Group, Amic Energy
102	25/08/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Standard Insurance Company	The personal details of Standard Insurance Company customers, held by NTT DATA Americas on PBI Research Services servers, were exposed by the MOVEit Transfer attacks and have impacted over 300,000 people.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Standard Insurance Company, PBI Research, NTT Data Americas, MOVEit, CVE-2023-34362, ransomware
103	25/08/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Continental Casualty Company (CNA)	Pension Benefit Information (PBI) files a notice of data breach on behalf of Continental Casualty Company (CNA) after learning about the MOVEit-related data breach affecting CNA customers.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Standard Insurance Company, Pension Benefit Information, Continental Casualty Company, CNA, PBI, MOVEit, CVE-2023-34362, ransomware
104	25/08/2023	27/01/2023	-	?	Associates in Pediatric Dentistry	Associates in Pediatric Dentistry announces that unauthorized individuals gained access to certain employee email accounts that contained patient information.	Account Takeover	Human health and social work	Cyber Crime	US		Associates in Pediatric Dentistry
105	26/08/2023	-	-	?	Undisclosed supplier of the London Metropolitan Police	The Metropolitan Police in London, investigates a hack into one of its suppliers that may have exposed officers’ details.	Unknown	Administration and support service	N/A	GB		London Metropolitan Police
106	26/08/2023	26/08/2023	26/08/2023	Two Polish citizens	Poland’s railway infrastructure operator	A DDoS attack pro-Russia carried out sending “stop” commands via radio frequency halts 20 trains across Poland and paralyzes traffic for hours over the weekend. Two suspects are arrested.	DDoS	Transportation and storage	Hacktivism	PL		Poland
107	26/08/2023	-	-	?	WebDetetive	WebDetetive, a spyware vendor in South America, is breached by hackers who manage to scrape user data before deleting devices from the company’s network.	Unknown	Professional, scientific and technical	Hacktivism	BR		WebDetetive
108	26/08/2023	-	-	NoEscape	Oswaldo Cruz Foundation (Fiocruz)	The NoEscape ransomware gang claims responsibility for a cyber attack to Oswaldo Cruz Foundation (Fiocruz).	Malware	Other service activities	Cyber Crime	BR		NoEscape, ransomware, Oswaldo Cruz Foundation, Fiocruz
109	26/08/2023	-	-	Akira	Edmonds School District	The Akira ransomware group adds the Edmonds School District to its list of victims.	Malware	Education	Cyber Crime	US		Akira, ransomware, Edmonds School District
110	26/08/2023	-	-	Akira	Jasper High School	The Akira ransomware group adds the Jasper High School to its list of victims.	Malware	Education	Cyber Crime	US		Akira, ransomware, Jasper High School
111	27/08/2023	27/08/2023	27/08/2023	?	University of Michigan	The University of Michigan takes all of its systems and services offline to deal with a cybersecurity incident, causing a widespread impact on online services the night before classes started.	Unknown	Education	Cyber Crime	US		University of Michigan
112	27/08/2023	-	-	GhostSec	FANAP Behnama	The GhostSec hacktivist group claims to have breached the FANAP Behnama software, Iran regime’s very own privacy-invading software, xposing 20GB of data including face recognition and motion detection systems that it says are used by the Iranian government to monitor and track its people.	Unknown	Professional, scientific and technical	Hacktivism	IR		GhostSec, FANAP Behnama
113	27/08/2023	-	-	?	Undisclosed contractor of the UK Met Police	An IT contractor of the UK Met Police is hit with a cyber attack exposing the personal information of 47,000 officers and staff.	Unknown	Professional, scientific and technical	Cyber Crime	GB		Met Police
114	27/08/2023	27/08/2023	27/08/2023	?	Balancer	A hacker steals $900,000 from decentralized finance protocol Balancer, days after the company had warned that a vulnerability - the one the hacker exploited - could put user funds at risk.	Vulnerability	Fintech	Cyber Crime	N/A		Balancer
115	28/08/2023	During July 2023	During July 2023	?	Undisclosed organization	Japan's computer emergency response team (JPCERT) discovers a new technique used in an attack that occurred in July, which bypasses detection by embedding a malicious Word file into a PDF file.	Malware	Unknown	Cyber Crime	JP		Japan's computer emergency response team, JPCERT, Word, PDF
116	28/08/2023	Since at least early June 2023	Early June 2023	?	Multiple organizations	Researchers from Juniper Threat Labs discover a new version of the DreamBus botnet malware exploiting CVE-2023-33246, a critical-severity remote code execution vulnerability in RocketMQ servers to infect devices.	CVE-2023-33246 Vulnerability	Multiple Industries	Cyber Crime	>1		Juniper Threat Labs, DreamBus, CVE-2023-33246, RocketMQ
117	28/08/2023	28/08/2023	28/08/2023	?	Chambersburg Area School District	The Chambersburg Area School District published announces to have become yet another K-12 school district attacked by a ransomware gang.	Malware	Education	Cyber Crime	US		Chambersburg Area School District, ransomware
118	28/08/2023	During 2023	During 2023	Multiple threat actors	Multiple organizations	Researchers from Microsoft observe a proliferation of adversary-in-the-middle (AiTM) techniques deployed through phishing-as-a-service (PhaaS) platforms such as EvilGinx, Modlishka, Muraena, and EvilProxy.	Account Takeover	Multiple Industries	Cyber Crime	>1		Microsoft, adversary-in-the-middle, AiTM, phishing-as-a-service, PhaaS, EvilGinx, Modlishka, Muraena, EvilProxy
119	28/08/2023	08/06/2023	26/07/2023	?	Louis Garneau Sports	Louis Garneau Sports discloses that it had found an “unauthorized code” on their systems.	Malicious Script Injection	Wholesale and retail	Cyber Crime	CA		Louis Garneau Sports
120	28/08/2023	28/08/2023	28/08/2023	NoName057(16)	Multiple organizations in Poland	The Warsaw Stock Exchange, several banks, and the Polish government’s website for public services are taken down by the pro-Russian hacktivist group NoName057(16).	DDoS	Multiple Industries	Hacktivism	PL		Warsaw Stock Exchange, NoName057(16)
121	28/08/2023	-	-	?	Undisclosed eCommerce site	Researchers from Sucuri discover a new campaign compromising the OpenCart payment module to steal credit card information.	Malicious Script Injection	Wholesale and retail	Cyber Crime	N/A		Sucuri, OpenCart
122	28/08/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	PennyMac Loan Services	Sovos Compliance files notice of a data breach on behalf of PennyMac Loan Services, after the MOVEit breach resulted in an unauthorized access PennyMac customers’ sensitive information.	CVE-2023-33246 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11,Sovos Compliance, PennyMac Loan Services, MOVEit, CVE-2023-34362, ransomware
123	28/08/2023	28/08/2023	28/08/2023	?	Italian region of Lazio	A subdomain of the Italian region of Lazio (salute.lazio.it) is compromised to serve adult content.	Unknown	Public admin and defence, social security	Cyber Crime	IT		Lazio, salute.lazio.it
124	29/08/2023	Since at least 25/08/2023	25/08/2023	Multiple threat actors	Multiple organizations	Security researchers from Shadowserver reveal that attackers are using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface.	CVE-2023-36844 Vulnerability	Multiple Industries	Cyber Crime	>1		Shadowserver, Juniper EX,Juniper SRX, J-Web, CVE-2023-36844
125	29/08/2023	Since at least late June 2023	Late June 2023	?	Mobile users in Southeast Asia	Researchers at Trend Micro discover a novel Android banking malware named MMRat utilizing a rarely used communication method, protobuf data serialization, to more efficiently steal data from compromised devices.	Malware	Finance and insurance	Cyber Crime	>1		Trend Micro, Android, MMRat, protobuf data serialization
126	29/08/2023	Since July 2020 and since July 2022	-	GREF	Multiple organizations	Researchers from ESET discover two campaigns carried out by the Chinese group GREF. distributing the BadBazaar malware via two malicious apps named 'Signal Plus Messenger' and 'FlyGram,' both being patched versions of the popular open-source IM apps Signal and Telegram.	Malware	Multiple Industries	Cyber Espionage	AU BR CD DE DK ES HK HU LT NL PL PT SG UA US YE		ESET, GREF, BadBazaar, Signal Plus Messenger, FlyGram, Signal, Telegram
127	29/08/2023	SInce at least March 2023	Since at least March 2023	Multiple threat actors including the Akira and LockBit ransomware gangs	Multiple organizations	Researchers at Rapid7 observe increased threat activity targeting Cisco ASA SSL VPN appliances via credential stuffing and brute-force attacks.	Misconfiguration	Multiple Industries	Cyber Crime	>1		Rapid7, Cisco ASA SSL VPN, credential stuffing, brute-force, Akira, LockBit, ransomware
128	29/08/2023	01/08/2023	01/08/2023	?	Topgolf Callaway	Topgolf Callaway (Callaway) reveals to have suffered a data breach at the start of August, which exposed the sensitive personal and account data of more than a million customers.	Unknown	Manufacturing	Cyber Crime	US		Topgolf Callaway
129	29/08/2023	05/01/2023	13/03/2023	?	Forever 21	Forever 21 clothing and accessories retailer sends data breach notifications to more than half a million individuals who had their personal information exposed to network intruders.	Unknown	Wholesale and retail	Cyber Crime	US		Forever 21
130	29/08/2023	Autumn 2022	During June 2023	Suspected Chinese threat actors	Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC)	Suspected Chinese hackers breach Japan’s cybersecurity agency and potentially access sensitive data stored on its networks for nine months.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	JP		Japan’s National Center of Incident Readiness and Strategy for Cybersecurity, NISC, China
131	29/08/2023	Since February 2022	-	Russia	Individuals in Germany, France and Ukraine	Researchers from Meta reveal the details of Doppelganger, a campaign orchestrated by two agencies Structura National Technology and Social Design Agency, spreading fake articles masquerading as legitimate stories from The Washington Post and Fox News, attempting to undermine Western support for Ukraine.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	DE FR UA		Meta, Doppelganger, Structura National Technology, Social Design Agency, Russia, Ukraine
132	29/08/2023	Since late 2022	Since late 2022	China?	Targeted audiences in Taiwan, the United States, Australia, the United Kingdom and Japan	Meta announces the removal of 7,704 Facebook accounts, 954 Pages, 15 Groups and 15 Instagram accounts of fake accounts from Facebook that were operated as part of “the largest known cross-platform covert influence operation in the world,” and which researchers believe is linked to individuals associated with Chinese law enforcement.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	AU GB JP US TW		Facebook, China, Meta, Instagram
133	29/08/2023	-	-	Turkey and Iran	Audiences in Turkey	Meta announces the removal of 22 Facebook accounts, 21 Pages and seven Instagram accounts for coordinated inauthentic behavior. This network originated in Turkey and Iran and targeted audiences in Turkey.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	TR		Facebook, Iran, Turkey, Meta, Instagram
134	29/08/2023	-	-	Turkey	Audiences in Turkey	Meta announces the removal of 34 Facebook accounts, 49 Pages, 107 Groups and 12 Instagram accounts for coordinated inauthentic behavior. This activity originated in Turkey and targeted domestic audiences in that country.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	TR		Facebook, Turkey, Meta, Instagram
135	29/08/2023	-	-	Turkey	Audiences in Turkey	Meta announces the removal of 60 Facebook accounts, 37 Pages, 2 Groups and 20 Instagram accounts for coordinated inauthentic behavior. This activity originated in Turkey and targeted domestic audiences in that country.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	TR		Facebook, Turkey, Meta, Instagram
136	29/08/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	RoundPoint Mortgage Servicing	Sovos Compliance files a notice of data breach on behalf of RoundPoint Mortgage Servicing after discovering that the MOVEit breach affected their data.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Sovos Compliance, RoundPoint Mortgage Servicing, MOVEit, CVE-2023-34362, ransomware
137	29/08/2023	-	-	?	Hospital Sisters Health	Hospital Sisters Health is hit with a cyber attack.	Unknown	Human health and social work	Cyber Crime	US		Hospital Sisters Health
138	29/08/2023	-	-	?	Prevea Health	Prevea Health is hit with a cyber attack.	Unknown	Human health and social work	Cyber Crime	US		Prevea Health
139	29/08/2023	-	-	Kinsing	Multiple organizations	Researchers from Aqua discover a new campaign exploiting the Openfire vulnerability (CVE-2023-32315) to deploy Kinsing malware and a cryptominer.	Malware	Multiple Industries	Cyber Crime	>1		Aqua, Openfire, CVE-2023-32315, Kinsing
140	30/08/2023	Between May and June 2023	-	?	Paramount Global	American entertainment giant Paramount Global discloses a data breach after its systems got hacked and attackers gained access to personally identifiable information (PII).	Unknown	Arts entertainment, recreation	Cyber Crime	US		Paramount Global
141	30/08/2023	-	-	?	Appy Kids Co	Supermarket chain Lidl has recalls four types of PAW Patrol-themed snacks across the UK after a website listed on the snack's packaging, Appy Kids Co, was caught serving porn.	Unknown	Wholesale and retail	Cyber Crime	UK		Lidl, PAW Patrol, Appy Kids Co
142	30/08/2023	Since at least 30/08/2023	30/08/2023	?	Twitter users	A new sextortion scam pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting the victim to pay to have it taken down.	Scam	Individual	Cyber Crime	>1		Twitter, YouPorn
143	30/08/2023	During June 2023	During June 2023	ALPHV AKA BlackCat	Forsyth County	The BlackCat ransomware gang takes credit for Forsyth County, earlier this year.	Malware	Public admin and defence, social security	Cyber Crime	US		ALPHV, BlackCat, ransomware Forsyth County
144	30/08/2023	-	-	LockBit 3.0	Commission des services electriques de Montréal (CSEM)	The LockBit ransomware gang takes credit for an attack on the Commission des services electriques de Montréal (CSEM) — a 100-year-old municipal organization that manages electrical infrastructure in the city of Montreal.	Malware	Electricity, gas steam, air conditioning	Cyber Crime	CA		LockBit 3.0, LockBit, ransomware, Commission des services electriques de Montréal, CSEM, Montreal
145	30/08/2023	Since at least 2020	'Earlier in 2023'	Earth Estries	Organizations in the government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the US	Researchers from Trend Micro reveal the details of Earth Estries, a cyberespionage group possibly linked to China, targeting government-related organizations and technology companies in various parts of the world.	Targeted Attack	Multiple Industries	Cyber Espionage	DE MY PH TW US ZA		Trend Micro, Earth Estries, China
146	30/08/2023	Since at least August 2023	During August 2023	Smishing Triad (Chinese threat actor)	US Citizens	Researchers from Resecurity identify a large-scale smishing campaign targeting US Citizens impersonating the United States Postal Service (USPS)	Account Takeover	Individual	Cyber Crime	US		Smishing Triad, China, Resecurity, United States Postal Service, USPS
147	30/08/2023	-	11/07/2023	?	Prime Therapeutics	Prime Therapeutics reveals to have discovered unauthorized access to an employee’s mobile email account.	Account Takeover	Human health and social work	Cyber Crime	US		Prime Therapeutics
148	30/08/2023	-	-	?	Airbnb accounts	Researchers from SlashNext discover a wave of phishing attacks targeting Airbnb accounts.	Account Takeover	Accommodation and food service	Cyber Crime	>1		SlashNext, Airbnb
149	30/08/2023	Since at least 31/07/2023	Since at least 31/07/2023	Multiple threat actors	Multiple organizations	Researchers from Fortinet reveal multiple threat actors exploiting the Adobe ColdFusion vulnerabilities CVE-2023-38203, CVE-2023-38204, CVE-2023-38300.	CVE-2023-38203, CVE-2023-38204, CVE-2023-38300 Vulnerabilities	Multiple Industries	Cyber Crime	>1		Fortinet, Adobe ColdFusion, CVE-2023-38203, CVE-2023-38204, CVE-2023-38300
150	30/08/2023	-	-	LockBit 3.0	Italian Ministry of Culture	The LockBit ransomware gang claims responsibility for a cyber attack to the Italian Ministry of Culture.	Malware	Public admin and defence, social security	Cyber Crime	IT		LockBit 3.0, LockBit, ransomware, Italian Ministry of Culture
151	30/08/2023	-	26/08/2023	NoEscape	Pasquale Bruni	The NoEscape ransomware gang claims responsibility for a cyber attack to Pasquale Bruni, a jewels manufacturer.	Malware	Manufacturing	Cyber Crime	IT		NoEscape, ransomware, Pasquale Bruni
152	30/08/2023	'Recently'	'Recently'	APT34 (AKA Cobalt Gypsy, Hazel Sandstorm, formerly Europium, Helix Kitten, OilRig)	Multiple organizations	Researchers from NSFOCUS discover a new APT34 phishing attack disguised as a marketing services company called GGMS, against enterprise targets with a variant of SideTwist Trojan to achieve long-term control of the victim host.	Targeted Attack	Multiple Industries	Cyber Espionage	>1		NSFOCUS, APT34, Cobalt Gypsy, Hazel Sandstorm, formerly Europium, Helix Kitten, OilRig, GGMS, SideTwist
153	31/08/2023	'Recently'	'Recently'	Gamaredon	Ukrainian military organizations and government entities	The Ukraine’s National Coordination Center for Cybersecurity (NCCC) reveals a peak of malicious activities from the Russian Gamaredon group against Ukrainian military organizations and government entities.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	UA		Ukraine’s National Coordination Center for Cybersecurity, NCCC, Russia, Gamaredon, Russia
154	31/08/2023	During 2019	During 2019	Classiscam	Multiple organizations	Researchers from Group-IB reveal that the "Classiscam" scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more significant financial damage than before	Account Takeover	Multiple Industries	Cyber Crime	>1		Group-IB, Classiscam
155	31/08/2023	Since early August 2023	Early August 2023	Threat actors linked to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU)	Android devices in Ukraine	The UK National Cyber Security Center (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) warn about a campaign carried out by threat actors working for the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) targeting Android devices in Ukraine with a new malicious framework named ‘Infamous Chisel.	Targeted Attack	Multiple Industries	Cyber Espionage	UA		UK National Cyber Security Center, NCSC, US Cybersecurity and Infrastructure Security Agency, CISA, Main Directorate of the General Staff of the Armed Forces of the Russian Federation, GRU, Android, Ukraine, Infamous Chisel
156	31/08/2023	During the previous week	29/08/2023	?	LogicMonitor	Network monitoring company LogicMonitor confirms today that some users of its SaaS platform have fallen victim to a suspected ransomware attack.	Malware	Professional, scientific and technical	Cyber Crime	US		LogicMonitor, ransomware
157	31/08/2023	-	-	?	University of Sydney	The University of Sydney (USYD) announces that a breach at a third-party service provider exposed personal information of recently applied and enrolled international applicants.	Unknown	Education	Cyber Crime	AU		University of Sydney, USYD
158	31/08/2023	Between 29/07/2023 and 19/08/2023	Between 29/07/2023 and 19/08/2023	?	Undisclosed organization in the U.S.	Identity and access management company Okta releases a warning about social engineering attacks targeting IT service desk agents at U.S.-based customers in an attempt to trick them into resetting multi-factor authentication (MFA) for high-privileged users.	Account Takeover	Unknown	Cyber Crime	US		Okta
159	31/08/2023	28/08/2023	28/08/2023	?	Sourcegraph	AI-powered coding platform Sourcegraph reveals that its website was breached this week using a site-admin access token accidentally leaked online on July 14th.	Account Takeover	Professional, scientific and technical	Cyber Crime	US		Sourcegraph
160	31/08/2023	Since at least 25/12/2022	'Recently'	SapphireStealer	Multiple organizations	Researchers from Cisco Talos reveal that threat actors are modifying the open source code of SapphireStealer, a popular malware strain, adding tools and functions that make it easier to steal data.	Malware	Multiple Industries	Cyber Crime	>1		Cisco Talos, SapphireStealer
161	31/08/2023	31/08/2023	31/08/2023	Ransomed	The department of health for Hawaiʻi (healthybydefault.hawaii.gov)	The department of health for Hawaiʻi (healthybydefault.hawaii.gov) is defaced.	Defacement	Public admin and defence, social security	Cyber Crime	US		Department of health for Hawaiʻi, healthybydefault.hawaii.gov, Ransomed
162	31/08/2023	Since at least early August 2023	During early August 2023	Labyrinth Chollima (subgroup of Lazarus Group)	Multiple organizations	Researchers from ReversingLabs discover three more malicious Python packages that are believed to be a continuation of the VMConnect campaign carried out by the North Korean Lazarus Group: tablediter, request-plus, and requestspro.	Malware	Multiple Industries	Cyber Espionage	>1		ReversingLabs, Python, VMConnect, North Korea, Lazarus Group, tablediter, request-plus, requestspro, Labyrinth Chollima
163	31/08/2023	Since at least May 2023	During May 2023	Duckport	Facebook business accounts of multiple organizations	Researchers from WithSecure discover a Vietnamese threat actor, dubbed Duckport, targeting Facebook business accounts.	Account Takeover	Multiple Industries	Cyber Crime	>1		WithSecure, Vietnam, Duckport, Facebook
164	31/08/2023	-	-	?	Individuals in the U.S.	The US Cybersecurity and Infrastructure Security Agency warns consumers about cyberscams leveraging extreme weather phenomena and natural disasters such as hurricanes and wildfires.	Scam	Individual	Cyber Crime	US		US Cybersecurity and Infrastructure Security Agency
165	31/08/2023	31/08/2023	31/08/2023	Black Reward	Individuals in Iran	The Iranian hacktivist group Black Reward hack the financial app 780 app that millions of Iranians use for digital transaction to push anti-Iranian government messages to millions of individuals in Iran.	Unknown	Individual	Hacktivism	IR		Iran, Black Reward, 780, Mahsa Amini
166	31/08/2023	During 2023	During 2023	Andariel, AKA Nicket Hyatt or Silent Chollima (sub-cluster of the Lazarus Group)	Organizations in South Korea	Researchers from Ahnlab observe the North Korean threat actor known as Andariel employing an arsenal of malicious tools in a recent wave of attacks against South Korean organizations.	Targeted Attack	Multiple Industries	Cyber Espionage	KR		Andariel, Nicket Hyatt, Silent Chollima, Lazarus Group, Ahnlab
167	31/08/2023	07/08/2023	-	?	Cypher	Crypto trading platform Cypher rolls out a plan to compensate victims of its $1 million hack.	Vulnerability	Fintech	Cyber Crime	N/A		Cypher
168	31/08/2023	28/08/2023	31/08/2023	?	Northwave	Northwave, the cycling shoes manufacturer, is hit with a ransomware attack.	Malware	Manufacturing	Cyber Crime	IT		Northwave, ransomware
169	31/08/2023	-	-	LockBit 3.0	Zep	The LockBit ransomware gang claims responsibility for a cyber attack to Zep, an Italian chemical company.	Malware	Professional, scientific and technical	Cyber Crime	IT		Zep, LockBit, LockBit 3.0, ransomware
170	31/08/2023	29/05/2023	01/06/2023	Clop AKA Lace Tempest, TA505, and FIN11	Planet Home Lending	Planet Home Lending files a notice of data breach after discovering that files containing personally identifiable information of some customers were compromised as a result of the MOVEit vulnerability.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Sovos Compliance, Planet Home Lending, MOVEit, CVE-2023-34362, ransomware
171	31/08/2023	10/06/2023	10/06/2023	?	Mountain View Family Practice	Mountain View Family Practice alerts 5,139 about a cyberattack on its systems.	Unknown	Human health and social work	Cyber Crime	US		Mountain View Family Practice
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Creating the timelines is a very time-consuming task.

Any little helps!

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

Q3 2023 Cyber Attacks Statistics
The third quarter of 2023 saw a 6.5% increase in cyber attacks with 1,108 events. Cybercrime led the charts with 79.7% of motives, mostly using malware techniques. Exploitation of vulnerabilities ranked second, majorly affecting multiple industries and healthcare and financial sectors.
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
Q4 2022 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published during Q4 2022) In total I collected...
September 2023 Cyber Attacks Statistics
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
2020 Cyber Attacks Statistics
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.