1-15 September 2023 Cyber Attacks Timeline

Last modified: November 2, 2023

Follow me on Twitter

Connect on Linkedin

Connect on Mastodon

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Motivations September H1 2023

Attack Techniques September H1 2023

The first cyber attack timeline of September 2023 brings with it a new record in terms of events per day (13.93) abruptly inverting the apparent break and the decreasing trend of the past two fortnights (11.40 and 10.69 respectively in the first and second week of August).

Ransomware continues to be a big issue, and as a consequence, malware attacks continue to dominate the threat landscape with 39.7% (83 out of 209 events) up from 34.5% of the previous timeline. The impact of vulnerabilities is equally quite important (17.2% the echoes of the massive MOVEit attack are not over yet), despite the percentage seems to be headed to a decreasing trend (it was 22.6% in the second half of August). Ransomware was directly or indirectly involved in 38.65% of events (80 out of 209), an important increase compared to 31.6% of the previous timeline.

16-31 August 2023 Cyber Attacks Timeline

This post ends my infosec Summer… In the second timeline of August, I collected 165 events, corresponding to…

The fintech continues to be under pressure, most of all because of the continued operations of the North Korean Lazarus Group, who allegedly hit CoinEX ($53 million worth of crypto assets stolen) and Stake.com (over $40 million in crypto reportedly stolen.) Additionally a cyber attack to the cloud provider Retool cost a lot to Fortress Trust, which lost close to $15 million as a consequence of the hack.

Instead the list of the organizations victims of mega breaches include Freecycle (7 million records), Pizza Hut Australia (more than one million) and Traderie (2.6 million.)

Threat actors driven by cyber espionage were equally quite active in this fortnight with multiple operations carried out by attackers originating from China, Russia, Iran, an North Korea; known threat groups such as APT28, Charming Kitten, Winnti Group, or APT33, but also previously undisclosed state-sponsored groups.

In terms of hacktivism: the pro-Russia hacktivists from Anonymous Sudan and NoName057(16) were particularly active against targets, with the first claiming to have taken down Telegram for in retaliation for the decision of suspending their account.

Of course, my final suggestion is always the same: browse the timeline, and obviously share it to support my work in spreading the risk awareness across the community.

And don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, or Mastodon for the latest updates.

Geo Map September H1 2023

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/09/2023	05/08/2023	05/08/2023	LockBit 3.0	Zaun	British mesh fencing systems maker Zaun discloses a LockBit ransomware attack that potentially led to the compromise of data related to UK military and intelligence sites.	Malware	Manufacturing	Cyber Crime	GB		Zaun, LockBit, LockBit 3.0, Zaun, ransomware
2	01/09/2023	Between 16/07/2023 and 22/07/2023	20/07/2023	?	Associated Press	The Associated Press warns of a data breach impacting AP Stylebook customers where the attackers used the stolen data to conduct targeted phishing attacks.	Unknown	Information and communication	Cyber Crime	US		Associated Press, AP Stylebook
3	01/09/2023	-	-	?	Multiple organizations	Researchers from Securonix discover DB#JAMMER, an attack campaign where threat actors are compromising exposed MSSQL databases using brute force attacks and appear to be well tooled and ready to deliver the FreeWorld ransomware and Cobalt Strike payloads.	Brute force	Multiple Industries	Cyber Crime	>1		Securonix, DB#JAMMER, MSSQL, ransomware, Cobalt Strike, FreeWorld
4	01/09/2023	End of July 2023	End of July 2023	?	Multiple organizations	Researchers from INKY discover a phishing campaign impersonating PepsiCo and infecting victims with malware.	Malware	Multiple Industries	Cyber Crime	>1		INKY, PepsiCo
5	01/09/2023	02/08/2023	08/08/2023	?	Acadia Health AKA Just Kids Dental	Acadia Health, which does business under the name Just Kids Dental, files a notice of data breach after discovering that its computer system and network were attacked by ransomware. 129,623 user records are compromised.	Malware	Human health and social work	Cyber Crime	US		Acadia Health, Just Kids Dental, ransomware
6	01/09/2023	-	31/08/2023	8BASE	Fenn Termite & Pest Control	Fenn Termite & Pest Control is hit by a 8BASE ransomware attack.	Malware	Administration and support service	Cyber Crime	US		Fenn Termite & Pest Control, 8BASE, ransomware
7	01/09/2023	01/09/2023	01/09/2023	?	Debenham High School	Debenham High School says that all its computer facilities are offline as a result of a cyber attack.	Unknown	Education	Cyber Crime	GB		Debenham High School
8	01/09/2023	-	-	?	Highgate Wood School	The Highgate Wood School delays the beginning of the lessons by 6 days after suffering a cyber attack.	Unknown	Education	Cyber Crime	GB		Highgate Wood School
9	01/09/2023	Since August 2022	Since August 2022	?	Several African nations	Researchers from Microsoft reveal that, following coups in some African nations, Russia is exploiting the instability with the manipulation of media channels to stoke anti-French sentiment, among other things.	Coordinated Inauthentic Behavior	Multiple Industries	Cyber Warfare	>1		Microsoft, Russia, France
10	01/09/2023	During late August 2023	During late August 2023	?	Civil society groups in South Korea	Researchers from Interlab discover a new phishing attack likely targeting civil society groups in South Korea, leading to the discovery of a novel remote access trojan called SuperBear.	Targeted Attack	Other service activities	Cyber Espionage	KR		Interlab, SuperBear
11	01/09/2023	Between 30/05/2023 and 03/06/2023	Between 22/06/2023 and 18/07/2023	?	Cognizant / TMG	Cognizant / TMG files a notice of data breach after discovering that an unauthorized party accessed confidential consumer data stored on the company’s computer network.	Unknown	Professional, scientific and technical	Cyber Crime	US		Cognizant / TMG
12	01/09/2023	31/05/2023	31/05/2023	Clop AKA Lace Tempest, TA505, and FIN11	Indiana Family and Social Services Administration	The Indiana Family and Social Services Administration (FSSA) posts a notice announcing that the protected health information of an estimated 212,193 Indiana Medicaid members was impacted by the MOVEit data breach affecting CareSource.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, CareSource, Indiana Family and Social Services Administration ,FSSA, CVE-2023-34362, ransomware
13	01/09/2023	01/12/2022	29/12/2022	?	UnitedHealthcare	UnitedHealthcare notifies individuals across the country of a recent data breach after an unauthorized party was able to access a UHC broker portal.	Account Takeover	Finance and insurance	Cyber Crime	US		UnitedHealthcare
14	01/09/2023	03/02/2023	05/03/2023	?	Bienville Orthopaedic Specialists	Bienville Orthopaedic Specialists files a notice of data breach after discovering that an unauthorized party was able to access and acquire certain information from its network.	Unknown	Human health and social work	Cyber Crime	US		Bienville Orthopaedic Specialists
15	01/09/2023	03/07/2023	03/07/2023	?	North Mississippi Health Services	North Mississippi Health Services reveals that they discovered unauthorized access through an employee’s email account after a phishing email was unintentionally opened.	Account Takeover	Human health and social work	Cyber Crime	US		North Mississippi Health Services
16	01/09/2023	During 2023	During 2023	Circle Typhoon AKA DEV-0322	US defense industrial base	Researchers from Microsoft reveal that the China-based threat group Circle Typhoon continues to target the US defense industrial base.	Multiple vulnerabilities	Public admin and defence, social security	Cyber Espionage	US		Circle Typhoon, DEV-0322, Microsoft, China
17	01/09/2023	During 2023	During 2023	Volt Typhoon AKA DEV-0391	US defense contractors	Researchers from Microsoft reveal that the China-based threat group Volt Typhoon conducted multiple operations against US defense contractors.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	US		Volt Typhoon, DEV-0391, Microsoft, China
18	01/09/2023	During 2023	During 2023	Mulberry Typhoon AKA MANGANESE	US defense industrial base	Researchers from Microsoft reveal that the China-based threat group Mulberry Typhoon conducted multiple operations against US defense contractors.	Zero-day vulnerability	Public admin and defence, social security	Cyber Espionage	US		Mulberry Typhoon, MANGANESE, Microsoft, China
19	01/09/2023	Since approximately March 2023	Since approximately March 2023	China	U.S. voters	Researchers from Microsoft reveal that China used AI-generated images to try to influence U.S. voters.	Coordinated Inauthentic Behavior	Individual	Cyber Warfare	US		China, US, Artificial Intelligence, AI
20	01/09/2023	01/09/2023	01/09/2023	?	Carlisle Area School District	The Carlisle Area School District is hit with ransomware.	Malware	Education	Cyber Crime	US		Carlisle Area School District, ransomware
21	01/09/2023	'Recently'	'Recently'	?	Lawrence Public Schools	The Lawrence Public Schools are working to recover $2.7 million in funds that were recently “frozen” when a staffer responded to a phishing email sent by scammers posing as a vendor for the school district.	Account Takeover	Education	Cyber Crime	US		Lawrence Public Schools
22	01/09/2023	-	-	?	Multiple organizations	The U.K. National Cyber Security Center (NCSC) warns of prompt injection attacks in AI with threat actors manipulating the technology behind large language model chatbots to access confidential information, generate offensive content and "trigger unintended consequences."	Prompt Injection	Multiple Industries	Cyber Crime	>1		U.K. National Cyber Security Center, NCSC, AI, prompt injection
23	02/09/2023	-	01/09/2023	?	Comitato Elettrotecnico Italiano	Comitato Elettrotecnico Italiano, an educational institution, is hit by a suspected ransomware attack.	Unknown	Other service activities	Cyber Crime	IT		Comitato Elettrotecnico Italiano, CEI
24	02/09/2023	-	-	Knight	Multiple organizations in Italy	The Italian Computer Emergency Response Team (CERT-AGID) discovers a Knight ransomware campaign targeting organizations in Italy.	Malware	Mining and quarrying	Cyber Crime	IT		Italian Computer Emergency Response Team, CERT-AGID, Knight, ransomware
25	03/09/2023	-	30/08/2023	?	Freecycle.org	Freecycle.org, a platform that allows users to recycle their belongings, prompts 7 millions of users to reset their passwords after their credentials were compromised in a data breach.	Unknown	Human health and social work	Cyber Crime	GB US		Freecycle.org, Freecycle
26	03/09/2023	'Recently'	'Recently'	APT28 AKA Fancy Bear	Energy facility in Ukraine	Ukraine’s computer emergency response team (CERT-UA) reveals that the infamous Russian cyberespionage group APT 28 was caught attacking a critical energy facility in Ukraine.	Targeted Attack	Electricity, gas steam, air conditioning	Cyber Espionage	UA		Ukraine, Computer Emergency Response Team, CERT-UA, APT28
27	03/09/2023	11/07/2023	-	?	NPX	Dutch semiconductor designer and manufacturer NPX discloses a data breach affecting the email addresses of users who had registered an account on npx.com, but had not used it for at least 18 months.	Unknown	Manufacturing	Cyber Crime	NL		NPX
28	03/09/2023	Between July and August 2023	03/09/2023	ShinyHunters	Pizza Hut Australia	More than one million customers of Pizza Hut Australia appear to have had their data acquired by the threat actor named ShinyHunters.	Misconfiguration	Accommodation and food service	Cyber Crime	AU		Pizza Hut Australia
29	04/09/2023	SInce May 2023	During May 2023	Multiple threat actors	Multiple organizations	Researchers from Security Joes reveal that attackers are exploiting two recent MinIO vulnerabilities (CVE-2023-28432 and CVE-2023-28434) to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers.	CVE-2023-28432 and CVE-2023-28434 Vulnerabilities	Multiple Industries	Cyber Crime	>1		Security Joes, MinIO, CVE-2023-28432, CVE-2023-28434
30	04/09/2023	01/09/2023	01/09/2023	?	German Federal Financial Supervisory Authority (BaFin)	The German Federal Financial Supervisory Authority (BaFin) announces that an ongoing distributed denial-of-service (DDoS) attack has been impacting its website.	DDoS	Administration and support service	N/A	DE		German Federal Financial Supervisory Authority, BaFin
31	04/09/2023	04/09/2023	04/09/2023	Lazarus Group	Stake.com	Online cryptocurrency casino Stake.com announces that its ETH/BSC hot wallets had been compromised to perform unauthorized transactions, with over $40 million in crypto reportedly stolen.	Unknown	Fintech	Cyber Crime	US		Stake.com, ETH/BSC Lazarus
32	04/09/2023	03/09/2023	03/09/2023	?	Multiple organizations	Researchers from Phylum discover a campaign where threat actors uploaded malicious packages to PyPI, NPM, and RubyGems repositories, aimed at stealing user information from MacOS machines.	Malware	Multiple Industries	Cyber Crime	>1		Phylum, PyPI, NPM, RubyGems, MacOS
33	04/09/2023	-	-	ALPHV AKA BlackCat	Newton Media	Newton Media is hit with a BlackCat ransomware attack.	Malware	Information and communication	Cyber Crime	CZ		Newton Media, ALPHV, BlackCat, ransomware
34	04/09/2023	'During September 2023'	03/09/2023	Nationalist	Simplicia	A threat actor with the moniker of Nationalist claims to have hacked Simplicia and to have stolen the data of 152,000 employees.	Unknown	Professional, scientific and technical	Cyber Crime	FR		Nationalist, Simplicia
35	04/09/2023	'Recently'	'Recently'	?	Maiden Erlegh Trust	The Maiden Erlegh Trust suffers a ransomware attack.	Malware	Education	Cyber Crime	GB		Maiden Erlegh Trust, ransomware
36	04/09/2023	-	04/09/2023	ADHD	Municipality of Padova	The group of hacktivists ADHD claims to have breached Padova Net, the web portal of the municipality of Padova (Padua).	Unknown	Professional, scientific and technical	Hacktivism	IT		ADHD, Padova Net, Padova
37	05/09/2023	Since January 2023	Since January 2023	Chaes	Multiple organizations	Researchers from Morphisec reveal that the Chaes malware has returned as a new, more advanced variant that includes a custom implementation of the Google DevTools protocol for direct access to the victim's browser functions, allowing it to steal data using WebSockets.	Malware	Multiple Industries	Cyber Crime	>1		Morphisec, Chaes, Google DevTools, WebSockets
38	05/09/2023	30/08/2023	30/08/2023	?	Coffee Meets Bagel	The Coffee Meets Bagel dating platform confirms that last week's outage was caused by hackers breaching the company's systems and deleting company data.	Unknown	Arts entertainment, recreation	Cyber Crime	US		Coffee Meets Bagel
39	05/09/2023	-	-	?	Unknown organization(s)	The September 2023 Android security updates patches 33 vulnerabilities, including CVE-2023-35674, a zero-day bug currently targeted in the wild.	CVE-2023-35674 Vulnerability	Unknown	N/A	N/A		September, 2023, Android, CVE-2023-35674
40	05/09/2023	-	04/09/2023	Play	Firmdale Hotels	The Play ransomware gang claims to have hit the luxury chain Firmdale Hotels.	Malware	Accommodation and food service	Cyber Crime	GB		Play, ransomware, Firmdale Hotels
41	05/09/2023	During August 2023	-	Desorden	AIS Thailand	The hacker group Desorden claims responsibility for a data breach on AIS Thailand, a prominent mobile operator in Thailand.	Unknown	Information and communication	Cyber Crime	TH		Desorden, AIS Thailand
42	05/09/2023	-	-	?	Windows, Mac, and Linux users across Korea and Thailand	Researcher from AhnLab discover an increase in the usage of the BlueShell malware by various threat actors, to target Windows, Mac, and Linux OS across Korea and Thailand.	Malware	Multiple Industries	Cyber Crime	KR TH		AhnLab, BlueShell, Windows, Mac, Linux
43	05/09/2023	During January 2023	Since at least January 2023	?	Financial and logistics organizations in Latin America.	Researchers from Morphisec discover Chae$ 4, an advanced and previously unknown variant of the Chaes malware specifically designed to target clients of financial and logistics companies located in Latin America.	Malware	Multiple Industries	Cyber Crime	>1		Morphisec, Chae$ 4, Chaes
44	05/09/2023	-	-	?	Multiple organizations	Researchers from Fortinet discover a phishing campaign distributing a new Agent Tesla variant via the exploitation of the CVE-2017-11882 and CVE-2018-0802 vulnerabilities.	Malware	Multiple Industries	Cyber Crime	>1		Fortinet, Agent Tesla, CVE-2017-11882, CVE-2018-0802
45	05/09/2023	Since September 2022	During September 2023	?	Individuals	Researchers from Sucuri discover a bogus URL shortener redirect campaign to low quality Q&A sites and monetize traffic via Google AdSense.	Ad Fraud	Individual	Cyber Crime	>1		Sucuri, Google AdSense
46	05/09/2023	-	01/06/2023	Clop AKA Lace Tempest, TA505, and FIN11	Delta Dental of California	Delta Dental of California files a notice of data breach after discovering that attackers exploited the vulnerability in MOVEit, the file-transfer application used by the company.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Delta Dental of California, CVE-2023-34362, ransomware
47	05/09/2023	-	-	Cactus	Foroni	The Cactus ransomware gang claims responsibility for a cyber attack to Foroni, an Italian manufacturer of nickel and specialty alloys and leaks a sample of 18 mb of data.	Malware	Manufacturing	Cyber Crime	IT		Cactus, Foroni
48	06/09/2023	Since at least 2017	Between October 2022 and July 2023	W3LL	Over 56,000 corporate Microsoft 365 accounts in the USA, Australia and Europe	Researchers from Group-IB reveal that a threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that compromised more than 56,000 Microsoft 365 corporate accounts.	Account Takeover	Multiple Industries	Cyber Crime	AU US EU		Group-IB, W3LL, Microsoft 365
49	06/09/2023	-	-	Pandora	Multiple organizations	Researchers from Dr.Web discover a new Mirai malware botnet infecting inexpensive Android TV set-top boxes, such as Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3 used by millions for media streaming.	Malware	Multiple Industries	Cyber Crime	>1		Dr.Web, Mirai, Pandora, Tanix TX6 TV Box, MX10 Pro 6K, H96 MAX X3
50	06/09/2023	Since at least end of August 2023	End of August 2023	Multiple ransomware operators including Akira and LockBit	Multiple organizations	Cisco warns of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) actively exploited by ransomware operations to gain initial access to corporate networks.	CVE-2023-20269 Vulnerability	Multiple Industries	Cyber Crime	>1		Ransomware, Akira, LockBit, Cisco, CVE-2023-20269, Cisco Adaptive Security Appliance, ASA, Cisco Firepower Threat Defense, FTD
51	06/09/2023	Since late August 2023	Since late August 2023	?	Multiple organizations	Researchers at TrueSec discover a new phishing campaign abusing Microsoft Teams to send malicious attachments that install the DarkGate Loader malware.	Malware	Multiple Industries	Cyber Crime	>1		TrueSec, Microsoft Teams, DarkGate Loader
52	06/09/2023	28/02/2023	21/07/2023	?	See Tickets	Ticketing services agency See Tickets notifies more than 300,000 individuals that their payment card data was stolen in a new web skimmer attack.	Malicious Script Injection	Arts entertainment, recreation	Cyber Crime	GB		See Tickets
53	06/09/2023	04/09/2023	04/09/2023	LockBit 3.0	City council of Seville	The city council of Seville is hit by a ransomware LockBit ransomware attack.	Malware	Public admin and defence, social security	Cyber Crime	ES		City council of Seville LockBit, LockBit 3.0, ransomware
54	06/09/2023	'Recently'	'Recently'	?	Multiple organizations	Researchers from Malwarebytes discover a new malvertising campaign distributing the Atomic macOS Stealer, or AMOS.	Malware	Multiple Industries	Cyber Crime	>1		Malwarebytes, Mac, Atomic MacOS Stealer, AMOS
55	06/09/2023	During July 2022?	-	Dunghill Leak	Sabre	Travel booking giant Sabre says to be investigating claims of a cyberattack after a tranche of files purportedly stolen from the company appears on the The Dunghill Leak ransomware group leak site, who alleged it took about 1.3 terabytes of data.	Malware	Professional, scientific and technical	Cyber Crime	US		Sabre, Dunghill Leak, ransomware
56	06/09/2023	Since End of August 2023	Since End of August 2023	?	Wise users	Researchers from Bitdefender discover a phishing campaign impersonating the popular money services platform known as Wise.	Account Takeover	Finance and insurance	Cyber Crime	>1		Bitdefender, Wise
57	06/09/2023	Since End of August 2023	Since End of August 2023	?	Instagram users	Researchers from Bitdefender discover a phishing campaign impersonating Instagram	Account Takeover	Individual	Cyber Crime	>1		Bitdefender, Instagram
58	06/09/2023	Since End of August 2023	Since End of August 2023	?	BRD - Groupe Société Générale users	Researchers from Bitdefender discover a phishing campaign impersonating the financial institution BRD - Groupe Société Générale informing bank customers they need to use additional authentication methods to access their accounts.	Account Takeover	Finance and insurance	Cyber Crime	FR		Bitdefender, BRD, Groupe Société Générale
59	06/09/2023	Since End of August 2023	Since End of August 2023	?	Individuals	Researchers from Bitdefender discover multiple Ukraine-themed spam campaigns.	Scam	Individual	Cyber Crime	>1		Bitdefender, Ukraine
60	06/09/2023	Since End of August 2023	Since End of August 2023	?	Individuals in Italy	Researchers from Bitdefender discover an Illuminati-themed spam campaign targeting users in Italy	Scam	Individual	Cyber Crime	IT		Bitdefender, Illuminati
61	06/09/2023	Since End of August 2023	Since End of August 2023	?	Individuals in New Zealand	Researchers from Bitdefender discover a tax refund scam targeting New Zealanders.	Scam	Individual	Cyber Crime	NZ		Bitdefender
62	06/09/2023	Since End of August 2023	Since End of August 2023	?	Individuals in New Zealand	Researchers from Bitdefender discover a tax refund scam targeting New Zealanders.	Scam	Individual	Cyber Crime	NZ		Bitdefender
63	06/09/2023	-	-	?	MinnesotaWorks.net	The Department of Employment and Economic Development (DEED) in Minnesota notifies jobseekers of a data breach involving unauthorized access to their personal information at the MinnesotaWorks.net platform, after a person claiming to be an employee allegedly, viewed and copied user resume information without authorization.	Account Takeover	Public admin and defence, social security	Cyber Crime	US		Department of Employment and Economic Development, DEED, Minnesota, MinnesotaWorks.net
64	06/09/2023	-	-	?	St Augustine Academy	The St Augustine Academy suffers a ransomware attack.	Malware	Education	Cyber Crime	GB		St Augustine Academy, ransomware
65	06/09/2023	-	-	Cactus	Seymours	The real estate agency Seymours is listed among the victims of the Cactus ransomware gang.	Malware	Real estate	Cyber Crime	GB		Seymours, Cactus, ransomware
66	06/09/2023	-	-	Cactus	Groupe Promotrans	The Groupe Promotrans is listed among the victims of the Cactus ransomware gang.	Malware	Transportation and storage	Cyber Crime	FR		Groupe Promotrans, Cactus, ransomware
67	06/09/2023	-	-	Cactus	Mineman	Mineman, a marketing company for mining, is listed among the victims of the Cactus ransomware gang.	Malware	Professional, scientific and technical	Cyber Crime	US		Mineman, Cactus, ransomware
68	06/09/2023	-	-	Cactus	Maxxd Trailers	Maxxd Trailers is listed among the victims of the Cactus ransomware gang.	Malware	Manufacturing	Cyber Crime	US		Maxxd Trailers, Cactus, ransomware
69	06/09/2023	-	-	Cactus	Marfrig Global Foods	Marfrig Global Foods is listed among the victims of the Cactus ransomware gang.	Malware	Accommodation and food service	Cyber Crime	BR		Marfrig Global Foods, Cactus, ransomware
70	06/09/2023	Since July 2023	Since July 2023	Chinese threat actor	Android users in South Korea	Researchers from Cyble discover an Android Spyware campaign targeting Android users in South Korea.	Malware	Individual	Cyber Espionage	KR		Cyble, Android, South Korea.
71	06/09/2023	'Recently'	'Recently'	?	Organizations in Australia, Poland, and Belgium	Researchers from Zscaler discover 'Steal-It', a campaign is leveraging the PowerShell script associated with Nishang, a legitimate red teaming tool to steal NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium.	Malware	Multiple Industries	Cyber Crime	AU BE PL		Zscaler, Steal-It, PowerShell, Nishang, NTLMv2
72	06/09/2023	-	-	Play	Majestic Spice	The Play ransomware gang lists Majestic Spice among its victims.	Malware	Accommodation and food service	Cyber Crime	US		Play, ransomware, Majestic Spice
73	06/09/2023	-	-	Play	Bordelon Marine	The Play ransomware gang lists Bordelon Marine among its victims.	Malware	Professional, scientific and technical	Cyber Crime	US		Play, ransomware, Bordelon Marine
74	06/09/2023	-	-	Play	Master Interiors	The Play ransomware gang lists Master Interiors among its victims.	Malware	Professional, scientific and technical	Cyber Crime	US		Play, ransomware, Master Interiors
75	06/09/2023	-	-	Play	Kikkerland Design	The Play ransomware gang lists Kikkerland Design among its victims.	Malware	Manufacturing	Cyber Crime	US		Play, ransomware, Kikkerland Design
76	06/09/2023	-	-	Play	Precisely	The Play ransomware gang lists Precisely among its victims.	Malware	Professional, scientific and technical	Cyber Crime	US		Play, ransomware, Precisely
77	06/09/2023	-	-	Play	Micro Automation	The Play ransomware gang lists Micro Automation among its victims.	Malware	Professional, scientific and technical	Cyber Crime	DE		Play, ransomware, Micro Automation
78	06/09/2023	12/03/2023	14/03/2023	?	Amerita	Amerita, a subsidiary of PharMerica, files a notice of data breach after discovering that an unauthorized party was able to access and potentially acquire sensitive data from the company’s IT network.	Unknown	Human health and social work	Cyber Crime	US		Amerita, PharMerica
79	06/09/2023	18/04/2023	04/05/2023	?	Lyon Real Estate	Lyon Real Estate files a notice of data breach after discovering that an unauthorized party was able to access the company’s computer network through a vulnerability in a vendor application program used by Lyon	Vulnerability	Real estate	Cyber Crime	US		Lyon Real Estate
80	06/09/2023	17/03/2023	17/03/2023	?	NOW Health Group	NOW Health Group reveals that the protected health information of 4,661 individuals was compromised in a phishing attack.	Account Takeover	Human health and social work	Cyber Crime	US		NOW Health Group
81	07/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Johnson & Johnson Health Care Systems (Janssen)	Johnson & Johnson Health Care Systems (Janssen) informs its CarePath customers that their sensitive information was compromised in a MOVEit data breach involving IBM.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit Transfer, Johnson & Johnson Health Care Systems, Janssen, IBM, CVE-2023-34362, ransomware
82	07/09/2023	Since at least November 2021	-	?	Users in France, Switzerland, U.S., Canada, Algeria, Sweden, Germany, Tunisia, Madagascar, Singapore and Vietnam	Researchers from Cisco Talos discover a new campaign where cybercriminals are leveraging a legitimate Windows tool called 'Advanced Installer' to infect the computers of graphic designers with cryptocurrency miners.	Malware	Professional, scientific and technical	Cyber Crime	CA CH DE DZ FR MG SE SG TN US VN		Cisco, Talos, Advanced Installer
83	07/09/2023	'Recently'	'Recently'	Threat actors from North Korea	Security researchers worldwide	Researchers from Google's Threat Analysis Group (TAG) reveal that North Korean state hackers are again targeting security researchers in attacks using at least one zero-day vulnerability in an undisclosed popular software.	Targeted Attack	Individual	Cyber Espionage	>1		Google, Threat Analysis Group, TAG
84	07/09/2023	-	-	?	Unknown organization(s)	Apple releases emergency security updates to fix two new zero-day vulnerabilities (CVE-2023-41064 and CVE-2023-41061) exploited as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group's Pegasus commercial spyware in attacks targeting iPhone and Mac users.	CVE-2023-41064 and CVE-2023-41061 vulnerabilities	Multiple Industries	Cyber Espionage	N/A		Apple, CVE-2023-41064, CVE-2023-41061, iPhone, Mac, Citizen Lab
85	07/09/2023	Since the start of 2023	During 2023	Multiple threat actors from North Korea	Russian government and defense organizations	Researchers from Microsoft disclose that North Korean hacking groups have breached multiple Russian government and defense targets since the start of the year.	Targeted Attack	Public admin and defence, social security	Cyber Espionage	RU		Microsoft, Russia, North Korea
86	07/09/2023	During the recent weeks'	During the recent weeks'	?	Crypto investors	Researchers from Check Point discover a new campaign abusing Google Looker Studio to create counterfeit cryptocurrency phishing websites that phish digital asset holders, leading to account takeovers and financial losses.	Account Takeover	Fintech	Cyber Crime	>1		Check Point, Google Looker Studio
87	07/09/2023	Between February and April 2023	Between February and April 2023	Threat actors from Iran	U.S. aeronautical organization	A joint advisory published by CISA, the FBI, and the United States Cyber Command (USCYBERCOM) reveals that Iranian state-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho ManageEngine (CVE-2022-47966) and Fortinet (CVE-2022-42475) vulnerabilities.	Targeted Attack	Professional, scientific and technical	Cyber Espionage	US		CISA, FBI, United States Cyber Command, USCYBERCOM, Iran, Zoho ManageEngine, CVE-2022-47966, Fortinet, CVE-2022-42475
88	07/09/2023	-	-	?	Multiple organization(s) in the U.S.	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds to its catalog of known exploited vulnerabilities a critical–severity issue tracked as CVE-2023-33246 that affects Apache’s RocketMQ distributed messaging and streaming platform.	CVE-2023-33246 Vulnerability	Unknown	N/A	US		U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2023-33246, Apache, RocketMQ
89	07/09/2023	End of August - Early September 2023	-	?	Fortress Trust	Fortress Trust discloses a theft of customers’ cryptocurrency last week, later revealed to total close to $15 million, stemming from a cyber attack suffered by Retool, a cloud provider.	Account Takeover	Fintech	Cyber Crime	US		Fortress Trust, Retool
90	07/09/2023	-	-	victim	Traderie	In-game trading marketplaces Traderie and another marketplace, Nookazon, owned by the same parent company Akrew, alert users to a data breach impacting their personal information. A threat actor called “victim” claims to be selling the data of as many as 2.6 million users for $5,000 in bitcoin.	Unknown	Arts entertainment, recreation	Cyber Crime	US		Traderie, Nookazon, Akrew, victim
91	07/09/2023	Since December 2022	During March 2023	?	Users in the Middle East	Researchers from Group-IB Digital uncover a malicious campaign targeting users in the Middle East, and leveraging almost 900 scam pages with potential financial damage estimated at $280,000 between March-June 2023.	Scam	Individual	Cyber Crime	>1		Group-IB
92	07/09/2023	-	-	Trigona	Hong Kong’s Cyberport	The Trigona ransomware gang claims to have hit the Hong Kong’s Cyberport, and to have stolen 436 GB of data.	Malware	Professional, scientific and technical	Cyber Crime	HK		Hong Kong’s Cyberport, Trigona, Ransomware
93	07/09/2023	07/09/2023	07/09/2023	Anonymous Sudan	Wells Fargo	Anonymous Sudan claims responsibility for a DDoS attack on Wells Fargo’s website	DDoS	Finance and insurance	Hacktivism	US		Anonymous Sudan, Wells Fargo, Russia
94	07/09/2023	-	-	Cyb3r Drag0nz Team	Ministry of National Education in Morocco	The collective Cyb3r Drag0nz Team claims to have successfully breached the Ministry of National Education in Morocco.	Unknown	Public admin and defence, social security	Hacktivism	MA		Cyb3r Drag0nz Team, Ministry of National Education, Morocco.
95	07/09/2023	Since at least May 2023	Since at least May 2023	?	Undisclosed resort in the U.S.	Researchers from Bitdefender discover financially motivated attackers developing custom malware to exploit multiple zero-day flaws in IRM-NG, a popular property management software used by resorts and hotels.	CVE-2023-39420, CVE-2023-39421, CVE-2023-39422, CVE-2023-39423, CVE-2023-39424 vulnerabilities	Accommodation and food service	Cyber Crime	US		Bitdefender, IRM-NG, CVE-2023-39420, CVE-2023-39421, CVE-2023-39422, CVE-2023-39423, CVE-2023-39424
96	07/09/2023	-	-	?	Individuals	Researchers from Zscaler observe a surge in tech-support scams exploiting pirated movie streaming websites and X (formerly Twitter), with a noteworthy focus on the utilization of Windows Action Center notifications to display misleading warning messages to users.	Scam	Individual	Cyber Crime	>1		Zscaler, X, Twitter, Windows Action Center
97	07/09/2023	27/07/2023	06/08/2023	?	Lifeline Systems Company	Lifeline Systems Company files a notice of data breach after discovering that an unauthorized person accessed documents containing confidential data on the company’s computer network.	Unknown	Administration and support service	Cyber Crime	US		Lifeline Systems Company
98	07/09/2023	-	-	?	United Healthcare Services	United Healthcare Services files a notice of data breach involving “Unauthorized Access/Disclosure'' of sensitive information that was being stored on an affected network server.	Unknown	Finance and insurance	Cyber Crime	US		United Healthcare Services
99	07/09/2023	-	09/07/2023	?	Ryders Health Management	Ryders Health Management confirms that unauthorized individuals gained access to its network and used ransomware to encrypt files.	Malware	Administration and support service	Cyber Crime	US		Ryders Health Management
100	07/09/2023	-	02/09/2023	Ragnar Locker	Do IT Consultants	The Ragnar Locker ransomware gang adds Do IT Consultants to their list of victims and claims to have stolen 613 GB of data.	Malware	Professional, scientific and technical	Cyber Crime	CA		Ragnar Locker, ransomware, Do IT Consultants
101	07/09/2023	-	-	LockBit 3.0	Proto Sign	The LockBit ransomware gang claims responsibility for a cyber attack to Proto Sign.	Malware	Professional, scientific and technical	Cyber Crime	IT		LockBit, LockBit 3.0, ransomware, Proto Sign
102	07/09/2023			NoEscape	Omniatel	The NoEscape ransomware group claims responsibility for a cyber attack to Omniatel, with the alleged possession of 360 gb of data.	Malware	Finance and insurance	Cyber Crime	IT		NoEscape, Omniatel, ransomware
103	08/09/2023	Since at least June 2023	06/09/2023	?	Dymocks	Dymocks Booksellers warns customers their personal information was exposed in a data breach after the company's database was shared on hacking forums.	Unknown	Wholesale and retail	Cyber Crime	AU		Dymocks
104	08/09/2023	-	-	Threat actor from China	Chinese-speaking users and the Uighur ethnic minority	Researchers from Kaspersky discover 'Evil Telegram' a campaign carried out via several malicious Telegram clones for Android on Google Play, installed over 60,000 times, infecting people with spyware that steals user messages, contacts lists, and other data, and appearing to be tailored for Chinese-speaking users and the Uighur ethnic minority.	Malware	Individual	Cyber Espionage	CN		Kaspersky, Telegram, Evil Telegram, Android, Google Play, China, Uighur
105	08/09/2023	07/09/2023	07/09/2023	?	Prominent American financial institution	Researchers from Akamai claim they identified and thwarted a massive distributed denial-of-service (DDoS) attack targeting a prominent American financial institution.	DDoS	Finance and insurance	Cyber Crime	US		Akamai
106	08/09/2023	Since July 2023	Since July 2023	?	Multiple organizations	Researchers from Zscaler detail a new malware loader, named HijackLoader, which has grown in popularity over the past few months.	Malware	Multiple Industries	Cyber Crime	>1		Zscaler, HijackLoader
107	08/09/2023	-	-	Ransomed	Linktera	The Ransomed group adds Linktera to their dark web portal, claiming to have successfully gained unauthorized access to their database.	Malware	Professional, scientific and technical	Cyber Crime	TR		Ransomed, Linktera, ransomware
108	08/09/2023	-	-	Five Families	Biostar	The hacktivist group known as “Five Families” claims responsibility for a cyber attack targeting Biostar, a computer hardware accessories manufacturer.	Unknown	Manufacturing	Hacktivism	TW		Five Families, Biostar
109	08/09/2023	Since at least 08/09/2023	Since at least 08/09/2023	?	Individuals in India	Just one day prior to the G20 summit 2023, a surge in G20 scams is observed, targeting individuals in India.	Scam	Individual	Cyber Crime	IN		G20
110	08/09/2023	-	-	?	Washington DC-based organization with international offices	An individual employed by a Washington DC-based organization with international offices is targeted with NSO Group's Pegasus.	CVE-2023-41064 and CVE-2023-41061 vulnerabilities	Extraterritorial orgs and bodies	Cyber Espionage	US		NSO Group, Pegasus, CVE-2023-41064, CVE-2023-4106
111	08/09/2023	29/05/2023	-	Clop AKA Lace Tempest, TA505, and FIN11	Community Trust Bank	Community Trust Bank provides notice of a data security incident after discovering that one of the company’s vendors experienced a data breach related to the vendor’s use of the file-transfer application MOVEit.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit, Community Trust Bank, CVE-2023-34362, ransomware
112	08/09/2023	-	04/08/2023	Clop AKA Lace Tempest, TA505, and FIN11	Northfield Bank	Northfield Bank discloses a third-party data breach involving the commonly used file transfer application MOVEit.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, MOVEit, Northfield Bank, CVE-2023-34362, ransomware
113	08/09/2023	-	09/02/2022	?	Sightpath Medical	Sightpath Medical files a notice of data breach on behalf of Sutter North Surgery Center after discovering that an unauthorized actor accessed certain files stored within its systems.	Unknown	Manufacturing	Cyber Crime	US		Sightpath Medical, Sutter North Surgery Center
114	08/09/2023	-	19/11/2022	?	Brady Martz & Associates	Brady Martz & Associates files a notice of data breach after discovering that an unauthorized party was able to access portions of the company’s computer network.	Unknown	Professional, scientific and technical	Cyber Crime	US		Brady Martz & Associates
115	08/09/2023	-	-	LockBit 3.0	Skokie-Morton Grove School District 69	The LockBit ransomware gang adds Skokie-Morton Grove School District 69 to their leak site.	Malware	Education	Cyber Crime	US		LockBit 3.0, LockBit, ransomware, Skokie-Morton Grove School District 69
116	08/09/2023	05/09/2023	05/09/2023	?	Decatur ISD	Decatur ISD suspects a cybersecurity attack is behind the disruptions to the school district’s internet and phone service.	Unknown	Education	Cyber Crime	US		Decatur ISD
117	08/09/2023	'Last winter'	Last winter'	?	St. Paul Public Schools	St. Paul Public Schools notifies families and staff of a “data security incident” that may have exposed students’ names and email addresses.	Unknown	Education	Cyber Crime	US		St. Paul Public Schools
118	08/09/2023	During April 2022 and then again in June 2023	04/09/2023	TheSnake	Coca-Cola FEMSA	A threat actor known as “TheSnake” leaks some data from Coca-Cola FEMSA with a claim that they had acquired a full database wit 8.16 GB of data.	Unknown	Accommodation and food service	Cyber Crime	MX		TheSnake, Coca-Cola FEMSA
119	09/09/2023	Between 09/08/2023 and 11/08/2023	06/09/2023	?	Rollbar	Software bug-tracking company Rollbar discloses a data breach after unknown attackers hacked its systems in early August and gained access to customer access tokens.	Unknown	Professional, scientific and technical	Cyber Crime	US		Rollbar
120	09/09/2023	09/09/2023	09/09/2023	?	15 members of the Yesh Atid political party in Israel	Shin Bet, the Israel's security agency investigates a potential phone breach of opposition party lawmakers, after 15 members of the Yesh Atid political party, including the Israeli opposition leader Yair Lapid, have their WhatsApp accounts temporarily blocked, sparking concerns about potential phone hacking.	Unknown	Public admin and defence, social security	Cyber Espionage	IL		Shin Bet, Israel, Yesh Atid, Yair Lapid, WhatsApp
121	10/09/2023	During August 2023	During August 2023	Threat actors from Vietnam	Multiple organizations	Researchers from Guardio Labs discover a campaign where attackers are using a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware.	Malware	Multiple Industries	Cyber Crime	>1		Guardio Labs, Facebook, Vietnam
122	10/09/2023	10/09/2023	10/09/2023	?	Vitalik Buterin’s Twitter account	An attacker compromises Vitalik Buterin’s Twitter account and shares a post promoting a malicious NFT giveaway, being able to steal over $690,000, including valuable NFTs.	Account Takeover	Fintech	Cyber Crime	>1		Vitalik Buterin, X, Twitter, Ethereum, NFT
123	11/09/2023	Since March 2021	During May 2022	Charming Kitten (AKA Phosphorus, TA453, APT35/42, Ballistic Bobcat)	34 organizations in Brazil, Israel, and the United Arab Emirates	Researchers from ESET discover a new campaign by the Iranian nation-state threat actor known as 'Charming Kitten' (Phosphorus, TA453, APT35/42) has been observed deploying a previously unknown backdoor malware named 'Sponsor' against 34 companies around the globe.	Targeted Attack	Multiple Industries	Cyber Espionage	BR IL UAE		Charming Kitten, Phosphorus, TA453, APT35, APT42, Ballistic Bobcat, ESET, Sponsor
124	11/09/2023	10/09/2023	10/09/2023	Scattered Spider with ALPHV AKA BlackCat	MGM Resorts International	MGM Resorts International discloses to be dealing with a cybersecurity issue that impacted some of its systems, including its main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines. The BlackCat ransomware gang claims responsibility for the attack.	Malware	Arts entertainment, recreation	Cyber Crime	US		MGM Resorts International, ALPHV, BlackCat, Scattered Spider, ransomware
125	11/09/2023	Over the last few months'	Over the last few months'	MetaStealer	Mutiple organizations	Researchers from SentinelOne discover a new information stealer malware named 'MetaStealer', stealing a wide variety of sensitive information from Intel-based macOS computers.	Malware	Multiple Industries	Cyber Crime	>1		SentinelOne, MetaStealer, macOS
126	11/09/2023	End of August 2023	End of August 2023	?	Lanka Government Cloud (LGC)	Sri Lanka’s government email network is hit by a ransomware attack that wipes months of data from thousands of email accounts.	Malware	Public admin and defence, social security	Cyber Crime	LK		Sri Lanka, ransomware, Lanka Government Cloud, LGC
127	11/09/2023	03/04/2023	-	Snatch and Nokoyawa	Canadian Nurses Association (CNA)	The Canadian Nurses Association (CNA) confirms that it is working with its members to respond to a leak of sensitive data allegedly stolen by the Snatch and Nokoyawa ransomware group.	Malware	Other service activities	Cyber Crime	CA		Canadian Nurses Association, CNA, Snatch, Nokoyawa, ransomware
128	11/09/2023	During August 2023	During August 2023	?	Multiple organizations	Researchers from Fortinet identify a new phishing campaign using Microsoft Word to distribute three malware strains: RedLine Clipper, Agent Tesla, and OriginBotnet.	Malware	Multiple Industries	Cyber Crime	>1		Fortinet, Microsoft Word, RedLine Clipper, Agent Tesla, OriginBotnet
129	11/09/2023	11/09/2023	11/09/2023	Anonymous Sudan	Telegram	The hacktivist group Anonymous Sudan launches a DDoS attack against Telegram in retaliation to the messaging platform’s decision to suspend their primary account.	DDoS	Information and communication	Hacktivism	UAE		Anonymous Sudan, Telegram
130	11/09/2023	-	-	?	Unknown organization(s)	Google releases an emergency Chrome 116 security update to patch CVE-2023-4863, the fourth zero-day vulnerability discovered in the browser in 2023.	CVE-2023-4863 Vulnerability	Unknown	N/A	N/A		Google, Chrome 116, CVE-2023-4863
131	11/09/2023	-	-	8BASE	COVESA	The 8BASE ransomware group claims responsibility for targeting COVESA, a network of Ford dealerships in the provinces of Barcelona and Girona in Spain.	Malware	Wholesale and retail	Cyber Crime	ES		COVESA, 8BASE, ransomware
132	11/09/2023	-	24/08/2023	ALPHV AKA BlackCat	TissuPath	The BlackCat ransomware gang claims responsibility for an attack to TissuPath.	Malware	Human health and social work	Cyber Crime	AU		ALPHV, BlackCat, TissuPath, ransomware
133	11/09/2023	-	-	ALPHV AKA BlackCat	Strata Plan	The BlackCat ransomware gang claims responsibility for an attack to Strata Plan.	Malware	Administration and support service	Cyber Crime	AU		ALPHV, BlackCat, Strata Plan, ransomware
134	11/09/2023	-	-	ALPHV AKA BlackCat	Barry Plant Blackburn	The BlackCat ransomware gang claims responsibility for an attack to Barry Plant Blackburn.	Malware	Real estate	Cyber Crime	AU		ALPHV, BlackCat, Barry Plant Blackburn, ransomware
135	11/09/2023	-	-	ALPHV AKA BlackCat	Tisher Liner FC Law	The BlackCat ransomware gang claims responsibility for an attack to Tisher Liner FC Law.	Malware	Professional, scientific and technical	Cyber Crime	AU		ALPHV, BlackCat, Tisher Liner FC Law,, ransomware
136	11/09/2023	-	-	Hacktivist Indonesia	PathLegal	In name of OpIndia, PathLegal, an online legal service provider in India, falls victim to a data breach by the cybercriminal group Hacktivist Indonesia, resulting in the exposure of sensitive information belonging to 127,000 legal professionals and students.	Unknown	Professional, scientific and technical	Hacktivism	IN		OpIndia, PathLegal, Hacktivist Indonesia
137	11/09/2023	Since at least December 2022	During December 2022	Cuba	Multiple organizations	Researchers from Kaspersky uncover a fresh malware samples attributed to the ransomware group Cuba, representing new versions of the BurntCigar malware, which offers a new level of stealth to the group.	Malware	Multiple Industries	Cyber Crime	>1		Kaspersky, ransomware, Cuba, BurntCigar
138	11/09/2023	02/10/2022	12/10/2022	?	Texas Medical Liability Trust	Texas Medical Liability Trust files a notice of data breach on behalf of itself and its affiliates, Texas Medical Insurance Company, Physicians Insurance Company, and Lone Star Alliance (TMLT), explaining that an incident resulted in an unauthorized party being able to access consumers’ sensitive information.	Unknown	Finance and insurance	Cyber Crime	US		Texas Medical Liability Trust, Texas Medical Insurance Company, Physicians Insurance Company, Lone Star Alliance, TMLT
139	11/09/2023	05/07/2023	23/06/2023	?	Bloom Health Centers	Bloom Health Centers identifies suspicious activity in its Microsoft 365 email environment	Account Takeover	Human health and social work	Cyber Crime	US		Bloom Health Centers
140	11/09/2023	11/09/2023	11/09/2023	?	Roma Capitale (City of Rome)	A DDoS attack takes down Roma Capitale websites managed by Zetema of the cultural project, including that of the superintendency, the municipal museums, and the tourism one	DDoS	Public admin and defence, social security	N/A	IT		Roma Capitale, Zetema
141	11/09/2023	-	-	LockBit 3.0	City of Grant	The City of Grant is hit with a LockBit ransomware attack.	Malware	Public admin and defence, social security	Cyber Crime	US		City of Grant, LockBit, LockBit 3.0, ransomware
142	12/09/2023	Between 28/02/2023 and 03/08/2023	Between 28/02/2023 and 03/08/2023	Redfly (subgroup of Winnti Group, also known as APT41, Bronze Atlas)	National electricity grid organization in Asia	Researchers from Broadcom/Symantec reveal the details of an espionage threat group tracked as 'Redfly', targeting a national electricity grid organization in Asia and quietly maintaining access to the breached network for six months.	Targeted Attack	Electricity, gas steam, air conditioning	Cyber Espionage	N/A		Broadcom, Symantec, Redfly, ShowPad, Winnti Group, APT41, Bronze Atlas
143	12/09/2023	Since 2020	-	Threat Actors from Ukraine	Multiple organizations	Researchers from Kaspersky reveal the details of a reported long-lasting Free Download Manager supply chain attack redirecting Linux users to a malicious Debian package repository that installed information-stealing malware.	Malware	Multiple Industries	Cyber Espionage	>1		Kaspersky, Free Download Manager, Linux, Debian, Ukraine
144	12/09/2023	-	-	?	Unknown organization(s)	Adobe releases security updates to patch CVE-2023-26369, a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks.	CVE-2023-26369 Vulnerability	Unknown	N/A	N/A		Adobe, CVE-2023-26369, Acrobat, Reader
145	12/09/2023	-	-	?	Unknown organization(s) in the U.S.	The Cybersecurity and Infrastructure Security Agency (CISA) confirms that the zero-day vulnerabilities related to Microsoft Word (CVE-2023-36761) and Microsoft Streaming Service Proxy (CVE-2023-36802). are being used in attacks, adding them to the list of known exploited vulnerabilities.	CVE-2023-36761 and CVE-2023-36802 vulnerabilities	Unknown	N/A	U.S		Cybersecurity and Infrastructure Security Agency, CISA, Microsoft Word, CVE-2023-36761, Microsoft Streaming Service Proxy, CVE-2023-36802
146	12/09/2023	Since July 2023	During July 2023	Storm-0324	Multiple organizations	Microsoft says that Storm-0324, an initial access broker known for working with ransomware groups such as FIN7 (AKA Sangria Tempest and ELBRUS) has recently switched to Microsoft Teams phishing attacks to breach corporate networks.	Malware	Multiple Industries	Cyber Crime	>1		Microsoft, Storm-0324, Microsoft Teams, ransomware, FIN7, Sangria Tempest, ELBRUS
147	12/09/2023	-	-	?	Unknown organization(s)	Mozilla releases emergency security updates to fix CVE-2023-4863, a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client.	CVE-2023-4863 Vulnerability	Unknown	N/A	N/A		Mozilla, CVE-2023-4863, Firefox, Thunderbird
148	12/09/2023	12/09/2023	12/09/2023	Lazarus Group?	CoinEX	Global cryptocurrency exchange CoinEX announces that someone hacked its hot wallets and stole large amounts of digital assets that were used to support the platform's operations. The loss is estimated in $53 million worth and the fingers are pointed to the North Korean Lazarus.	Unknown	Fintech	Cyber Crime	HK		CoinEX, North Korea, Lazarus
149	12/09/2023	-	-	?	One automaker in Europe and two in the U.S	Researchers from Kasada reveal that cybercriminals appear to have deployed bots to break into customer accounts at several large automakers, then harvested important information about around 15,000 individuals using automated account takeover (ATO), and offered it for sale in private Telegram channels.	Account Takeover	Manufacturing	Cyber Crime	>1		Kasada, ATO, Automated Account Takeover
150	12/09/2023	'Recently'	11/09/2023	BianLian	Save the Children International	The global charity organization Save the Children International confirms that it was recently hit with a cyberattack after the BianLian ransomware group claimed to have breached the organization’s systems.	Malware	Extraterritorial orgs and bodies	Cyber Crime	INT		Save the Children International, BianLian, ransomware
151	12/09/2023	-	11/09/2023	USDoD	Airbus	The European aerospace giant Airbus says to be investigating a cybersecurity incident following reports that a threat actor named USDoD posted information on 3,200 of the company’s vendors to the dark web.	Malware	Mining and quarrying	Cyber Crime	NL		Airbus,USDoD
152	12/09/2023	07/09/2023	07/09/2023	?	Hinds County	Hinds County is hit with a ransomware attack.	Malware	Public admin and defence, social security	Cyber Crime	US		Hinds County, ransomware
153	12/09/2023	'Recently'	'Recently'	?	Mutiple organizations	Researchers from Fortinet discover a previously unseen dropper variant named MidgeDropper, with a complex infection chain that includes code obfuscation and sideloading.	Malware	Multiple Industries	Cyber Crime	>1		Fortinet, MidgeDropper
154	12/09/2023	Since August 2023	Since August 2023	?	More than 40 companies across multiple industries in Colombia	Researchers at Check Point discover a new large-scale phishing campaign targeting more than 40 companies across multiple industries, in Colombia, and distributing the “Remcos” malware.	Malware	Multiple Industries	Cyber Crime	CO		Check Point, Remcos
155	12/09/2023	11/09/2023	11/09/2023	?	St. Louis County	A cyberattack causes St. Louis County to shut down some computer systems used to look up court cases, issue charges and process people in custody at the jail.	Unknown	Public admin and defence, social security	Cyber Crime	US		St. Louis County
156	12/09/2023	Since late June 2023	During late June 2023	?	Mutiple organizations	Researchers from IBM discover a new version of the DBatLoader used to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla.	Malware	Multiple Industries	Cyber Crime	>1		IBM, DBatLoader, Remcos, Warzone, Formbook, AgentTesla
157	12/09/2023	20/12/2022	-	?	City of Tomball	The City of Tomball, Texas files a notice of data breach after learning that the City was the recent target of a ransomware attack.	Malware	Public admin and defence, social security	Cyber Crime	US		City of Tomball, ransomware
158	12/09/2023	12/09/2023	12/09/2023	?	East Jackson Community Schools	A potential cyber attack is causing classes to be cut to a half day in East Jackson Community Schools.	Unknown	Education	Cyber Crime	US		East Jackson Community Schools
159	13/09/2023	-	-	3AM	Multiple organizations	Researchers from Symantec/Broadcom discover 3AM, a new ransomware family used as fallback in failed LockBit attacks.	Malware	Multiple Industries	Cyber Crime	>1		Symantec, Broadcom, 3AM, ransomware, LockBit
160	13/09/2023	Early September 2023	Early September 2023	Threat actors apparently coming from Mexico	Multiple organizations	Researchers from Malwarebytes discover a campaign where threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware.	Malware	Multiple Industries	Cyber Crime	>1		Malwarebytes, Google Ads, BatLoader
161	13/09/2023	27/08/2023	29/08/2023	?	Retool	Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack.	Account Takeover	Professional, scientific and technical	Cyber Crime	US		Retool
162	13/09/2023	-	-	ALPHV AKA BlackCat	Undisclosed organization	Researchers from Sophos reveal that the BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage.	Malware	Unknown	Cyber Crime	N/A		Sophos, BlackCat, ALPHV, Microsoft, Sphynx, Azure
163	13/09/2023	22/06/2023	10/02/2023	?	Galina Timchenko	An investigation by Access Now and Citizen Lab reveals that the phone of Galina Timchenko, owner of the Russian independent media outlet Meduza and prominent Russian journalist and critic of the Kremlin was infected with Pegasus spyware.	CVE-2023-41064 and CVE-2023-41061 vulnerabilities	Information and communication	Cyber Espionage	RU		Access Now, Citizen Lab, Galina Timchenko, Meduza, Russia, Kremlin, Pegasus, CVE-2023-41064, CVE-2023-41061
164	13/09/2023	-	11/09/2023	NoEscape	International Joint Commission (IJC)	The International Joint Commission (IJC), the organization tasked with managing the lake and river systems along the border between the U.S. and Canada, announces that it experienced a cyberattack following reports that the NoEscape ransomware gang claimed to have stolen reams of data.	Malware	Water supply, waste mgmt, remediation	Cyber Crime	CA		International Joint Commission, IJC, NoEscape, ransomware
165	13/09/2023	12/09/2023	12/09/2023	RansomHouse ?	IFX Networks Colombia	Multiple prominent government ministries in Colombia, including the Ministry of Health and Social Protection, the country’s Judiciary Branch and the Superintendency of Industry and Commerce, announce that an alleged ransomware attack on technology provider IFX Networks Colombia, caused a range of problems limiting the ability of departments to function.	Malware	Public admin and defence, social security	Cyber Crime	CO		Colombia, Ministry of Health and Social Protection, Judiciary Branch, Superintendency of Industry and Commerce, IFX Networks Colombia, RansomHouse, ransomware
166	13/09/2023	-	-	Threat actors distributing the RedLine and Vidar infostealers	Multiple organizations	Researchers from Trend Micro reveal that the threat actors behind the RedLine and Vidar infostealers are now distributing ransomware payloads using Extended Validation (EV) code signing certificates.	Malware	Multiple Industries	Cyber Crime	>1		Trend Micro, RedLine, Vidar, ransomware, Extended Validation, EV
167	13/09/2023	-	-	?	Butler County	An email account related to the Butler County is compromised, sending unauthorized spam emails.	Account Takeover	Public admin and defence, social security	Cyber Crime	US		Butler County
168	13/09/2023	During the Summer 2023	During the Summer 2023	?	Multiple organizations	Researchers from Cofense discover a new LokiBot campaign using malicious Microsoft Office documents, exploiting CVE-2021-40444 and CVE-2022-30190.	Malware	Multiple Industries	Cyber Crime	>1		Cofense, LokiBot, Microsoft Office, CVE-2021-40444, CVE-2022-30190
169	13/09/2023	-	12/09/2023	ADHD	SDA	The ADHD hacktivist group claims responsibility for a cyber attack to SDA, the shipping company of Poste Italiane (the Italian Post Office) and leaks a sample with 100,000 records.	Unknown	Transportation and storage	Hacktivism	IT		ADHD, SDA, Poste Italiane
170	14/09/2023	-	-	?	Undisclosed supplier of the United Kingdom's Greater Manchester Police (GMP)	United Kingdom's Greater Manchester Police (GMP) discloses that some of its employees' personal information was impacted by a ransomware attack that hit a third-party supplier.	Malware	Unknown	Cyber Crime	GB		Greater Manchester Police, GMP, ransomware
171	14/09/2023	Since February 2023	-	APT33 (aka Peach Sandstorm, HOLMIUM, or Refined Kitten)	Thousands of defense organizations in the U.S. and worldwide	Microsoft says an Iranian-backed threat group has targeted thousands of defense organizations in the U.S. and worldwide in password spray attacks since February 2023.	Password Spray	Public admin and defence, social security	Cyber Espionage	>1		Microsoft, Iran, APT33, Peach Sandstorm, HOLMIUM, Refined Kitten
172	14/09/2023	-	07/09/2023	Scattered Spider AKA UNC3944 and 0ktapus	Caesars Entertainment	Caesars Entertainment, self-described as the largest U.S. casino chain with the most extensive loyalty program in the industry, says it paid a ransom to avoid the online leak of customer data stolen in a recent cyberattack.	Account Takeover	Arts entertainment, recreation	Cyber Crime	US		Scattered Spider, UNC3944, 0ktapus, Caesars Entertainment
173	14/09/2023	13/09/2023	13/09/2023	Medusa	Auckland Transport (AT)	The Auckland Transport (AT) transportation authority in New Zealand is dealing with a widespread outage caused by a cyber incident, a suspected ransomware attack, impacting a wide range of customer services.	Malware	Transportation and storage	Cyber Crime	NZ		Auckland Transport, AT, ransomware, Medusa
174	14/09/2023	01/09/2023	01/09/2023	LockBit 3.0	Carthage Area Hospital	The LockBit ransomware gang adds the Carthage Area Hospital to their list of victims.	Malware	Human health and social work	Cyber Crime	US		LockBit, LockBit 3.0, ransomware, Carthage Area Hospital
175	14/09/2023	01/09/2023	01/09/2023	LockBit 3.0	Claxton-Hepburn Medical Center	The LockBit ransomware gang adds the Claxton-Hepburn Medical Center to their list of victims.	Malware	Human health and social work	Cyber Crime	US		LockBit, LockBit 3.0, ransomware, Claxton-Hepburn Medical Center
176	14/09/2023	-	During August 2023	?	Three more Russian journalists	More Russian journalists come forward expressing concern that they too may have been targeted with Pegasus spyware: Maria Epifanova, CEO of Novaya Gazeta Europe, Evgeniy Pavlov, a correspondent for Novaya Gazeta Baltia, Evgeny Erlich, a journalist-in-exile at the Russian-language outlet Current Time.	CVE-2023-41064 and CVE-2023-41061 vulnerabilities	Information and communication	Cyber Espionage	RU		Russia, Pegasus, Maria Epifanova, Novaya Gazeta Europe, Evgeniy Pavlov, Novaya Gazeta Baltia, Evgeny Erlich, Current Time, CVE-2023-41064, CVE-2023-41061
177	14/09/2023	-	14/08/2023	?	Ministry of Ayush in Jharkhand	A threat actor dubbed Tanaka leaks a database with 320,000 patient records, belonging to the Ministry of Ayush in Jharkhand, India.	SQLi	Public admin and defence, social security	Cyber Crime	IN		Ministry of Ayush
178	14/09/2023	14/09/2023	14/09/2023	Sylhet Gang	City Union Bank	In name of OpIndia the threat actors from the collective Sylhet Gang claim to have taken down the City Union Bank.	DDoS	Finance and insurance	Hacktivism	IN		OpIndia, Sylhet Gang, City Union Bank
179	14/09/2023	14/09/2023	14/09/2023	Sylhet Gang	Dakshin Bihar Gramin Bank	In name of OpIndia the threat actors from the collective Sylhet Gang claim to have taken down the Dakshin Bihar Gramin Bank.	DDoS	Finance and insurance	Hacktivism	IN		OpIndia, Sylhet Gang, Dakshin Bihar Gramin Bank
180	14/09/2023	-	-	Akira	American Steel & Aluminum Co	The Akira ransomware group claims to have hit American Steel & Aluminum Co, gaining access to 70GB of data.	Malware	Manufacturing	Cyber Crime	US		Akira, ransomware, American Steel & Aluminum Co
181	14/09/2023	-	-	?	Facebook business account in Southern Europe and North America	Researchers from Netskope discover a campaign using a new variant of NodeStealer to steal Facebook users’ credentials and browser data, and targeting Facebook business accounts in Southern Europe and North America with bogus Facebook messages with a malicious file attached.	Malware	Multiple Industries	Cyber Crime	>1		Netskope, NodeStealer, Facebook
182	14/09/2023	'In recent months'	'In recent months'	Scattered Spider AKA UNC3944 and 0ktapus	Multiple organizations	Researchers from Mandiant reveal that the financially motivated group UNC3944 has expanded its criminal arsenal to deploy ransomware and other intrusion capabilities on various cloud applications.	Malware	Multiple Industries	Cyber Crime	>1		Scattered Spider, UNC3944, 0ktapus, Mandiant
183	14/09/2023	-	-	?	Multiple organizations in Azerbaijan	Researcher from Deep Instinct discover Operation Rusty Flag, a campaign targeting organizations in Azerbaijan.	Targeted Attack	Multiple Industries	Cyber Espionage	AZ		Deep Instinct, Operation Rusty Flag
184	14/09/2023	-	24/03/2023	?	Pharm-Pacc	Pharm-Pacc files a notice of data breach after discovering that an unauthorized party gained access to its computer network.	Unknown	Human health and social work	Cyber Crime	US		Pharm-Pacc
185	14/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	CommonSpirit Health	Patients of CommonSpirit Health had their data compromised in the massive MOVEit hack.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, CommonSpirit Health, MOVEit, CVE-2023-34362, ransomware
186	14/09/2023	Since September 2023	Since September 2023	?	Multiple hotels, booking sites and travel agencies	Researchers from Perception Point discover a multi-step information stealing campaign with attackers breaching the systems of hotels, booking sites, and travel agencies and then using their access to go after financial data belonging to customers.	Malware	Accommodation and food service	Cyber Crime	>1		Perception Point
187	14/09/2023	-	-	TA866	Tatar language-speaking users in a particular region of Russia.	Reseaarchers from Cyble discover a campaign targeting Tatar language-speaking users using a Python malware capturing screenshots.	Malware	Individual	Cyber Espionage	RU		Cyble, Tatar, TA866, Python
188	15/09/2023	06/09/2023	06/09/2023	?	ORBCOMM	Trucking and fleet management solutions provider ORBCOMM confirms that a ransomware attack is behind recent service outages preventing trucking companies from managing their fleets.	Malware	Mining and quarrying	Cyber Crime	US		ORBCOMM, ransomware
189	15/09/2023	Since the end of August 2023	End of August 2023	Bumblebee	Multiple organizations	Researchers from Intel471 reveal discover a new 'Bumblebee' campaign breaking its two-month vacation with a new distribution techniques that abuse 4shared WebDAV services.	Malware	Multiple Industries	Cyber Crime	>1		Intel471, Bumblebee, 4shared, WebDAV
190	15/09/2023	Since 13/09/2023	15/09/2023	NoName057(16)	Several Canadian organizations	The pro-Russian cybercrime group named NoName057(16) is observed launching distributed denial-of-service (DDoS) attacks against Canadian organizations within the Government, as well as the financial and transportation sectors.	DDoS	Multiple Industries	Hacktivism	CA		Russia, NoName057(16)
191	15/09/2023	-	-	?	CardX	One of Thailand’s major digital financial platforms, CardX, discloses a data leak that affected their customers.	Unknown	Finance and insurance	Cyber Crime	TH		CardX
192	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Atrium Health	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on Atrium Health as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, Atrium Health, MOVEit, CVE-2023-34362, ransomware
193	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Catawba Valley Medical Center	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on Catawba Valley Medical Center as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, Catawba Valley Medical Center, MOVEit, CVE-2023-34362, ransomware
194	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Charlotte Radiology	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on Charlotte Radiology as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, Charlotte Radiology, MOVEit, CVE-2023-34362, ransomware
195	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Duke University Health System	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on Duke University Health System as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, Duke University Health System, MOVEit, CVE-2023-34362, ransomware
196	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Central Carolina Medical Center	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on Central Carolina Medical Center as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, Central Carolina Medical Center, MOVEit, CVE-2023-34362, ransomware
197	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	ECU Health	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on ECU Health as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, ECU Health, MOVEit, CVE-2023-34362, ransomware
198	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	FirstHealth of the Carolinas	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on FirstHealth of the Carolinas as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, FirstHealth of the Carolinas, MOVEit, CVE-2023-34362, ransomware
199	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Mission Health System	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on Mission Health System as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, Mission Health System, MOVEit, CVE-2023-34362, ransomware
200	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Novant Health	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on Novant Health as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, Novant Health, MOVEit, CVE-2023-34362, ransomware
201	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Novant Health New Hanover Regional Medical Center	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on Novant Health New Hanover Regional Medical Center as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, Novant Health New Hanover Regional Medical Center, MOVEit, CVE-2023-34362, ransomware
202	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	UNC Health	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on UNC Health as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, UNC Health, MOVEit, CVE-2023-34362, ransomware
203	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	Wake Radiology Diagnostic Imaging	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on Wake Radiology Diagnostic Imaging as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, Wake Radiology Diagnostic Imaging, MOVEit, CVE-2023-34362, ransomware
204	15/09/2023	-	-	Clop AKA Lace Tempest, TA505, and FIN11	WakeMed Health & Hospitals	The healthcare technology firm Nuance reveals that the Clop extortion gang has stolen personal data on WakeMed Health & Hospitals as part of the Progress MOVEit Transfer campaign.	CVE-2023-34362 Vulnerability	Human health and social work	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Nuance, WakeMed Health & Hospitals, MOVEit, CVE-2023-34362, ransomware
205	15/09/2023	Between 21/11/2022 and 23/03/2023	-	?	Limestone bank (now Peoples Bank)	Limestone bank (now Peoples Bank) discloses a data breach exposing some 50,000 customers’ personal details, including financial account and credit card numbers, after it had “identified unusual activity involving an employee’s email account."	Account Takeover	Finance and insurance	Cyber Crime	US		Limestone Bank, Peoples Bank
206	15/09/2023	17/02/2023	17/02/2023	?	Skidmore College	Skidmore College files a notice of data breach after discovering that an unauthorized party was able to access the school’s IT network through a ransomware attack.	Malware	Education	Cyber Crime	US		Skidmore College, ransomware
207	15/09/2023	-	01/06/2023	Clop AKA Lace Tempest, TA505, and FIN11	Cadence Bank	Cadence Bank files a notice of data breach after discovering that the MOVEit file transfer application used by Cadence, contained a critical vulnerability, with the incident resulting in an unauthorized party being able to access consumers’ sensitive information.	CVE-2023-34362 Vulnerability	Finance and insurance	Cyber Crime	US		Clop, Cl0p, Lace Tempest, TA505, FIN11, Cadence Bank, MOVEit, CVE-2023-34362, ransomware
208	15/09/2023	21/07/2023	18/07/2023	?	Oak Valley Hospital District	Oak Valley Hospital District files a notice of data breach with the Attorney General of California after experiencing a “cybersecurity incident.”	Unknown	Human health and social work	Cyber Crime	US		Oak Valley Hospital District
209	15/09/2023	27/03/2023	23/04/2023	?	DMS Health Technologies	Sanford Health alerts certain patients that some of their protected health information was exposed in a security incident at its imaging vendor, DMS Health Technologies.	Unknown	Professional, scientific and technical	Cyber Crime	US		Sanford Health, DMS Health Technologies
210	15/09/2023	09/03/2023	09/08/2023	?	Jordan Valley Community Health Center	Jordan Valley Community Health Center discloses it identified suspicious activity in its computer systems. A forensic investigation revealed unauthorized individuals had access to its systems.	Unknown	Human health and social work	Cyber Crime	US		Jordan Valley Community Health Center
211	15/09/2023	15/09/2023	15/09/2023	?	Mark Cuban's Crypto Wallet	Mark Cuban, a renowned TV personality, investor, billionaire, and owner of the Dallas Mavericks has his hot wallet hacked, with the attacker able to drain around $900,000 worth of crypto.	Account Takeover	Fintech	Cyber Crime	US		Mark Cuban, Crypto, Wallet
212	15/09/2023	-	-	LockBit 3.0	Hillsborough County Public Schools	LockBit adds Hillsborough County Public Schools to their leak site, claiming to have acquired 2 TB of data, and providing a file list and some sample files.	Malware	Education	Cyber Crime	US		Hillsborough County Public Schools
213	15/09/2023	-	-	?	Students seeking for part-time employment	The Better Business Bureau (BBB) warns students seeking for part-time employment or flexible work hours of scams involving attackers posing as professors or other faculty members.	Scam	Education	Cyber Crime	US		Better Business Bureau, BBB
214	15/09/2023	-	24/07/2023	?	Encore Pharmacy	Encore Pharmacy files a notice of data breach after confirming unauthorized access to a business email account.	Account Takeover	Wholesale and retail	Cyber Crime	US		Encore Pharmacy
215	15/09/2023	-	-	?	Temple University Health System	Temple University Health System files a notice of data breach after discovering that information that had been entrusted to the organization was subject to unauthorized access.	Unknown	Human health and social work	Cyber Crime	US		Temple University Health System
216	15/09/2023	-	-	Cloak	Euro2000	The Cloak ransomware gang claims responsibility for a ransomware attack to Euro2000	Malware	Manufacturing	Cyber Crime	IT		Euro2000, Cloak, ransomware
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Creating the timelines is a very time-consuming task.

Any little helps!

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

Q3 2023 Cyber Attacks Statistics
The third quarter of 2023 saw a 6.5% increase in cyber attacks with 1,108 events. Cybercrime led the charts with 79.7% of motives, mostly using malware techniques. Exploitation of vulnerabilities ranked second, majorly affecting multiple industries and healthcare and financial sectors.
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
Q4 2022 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published during Q4 2022) In total I collected...
September 2023 Cyber Attacks Statistics
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
2020 Cyber Attacks Statistics
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.