Motivations September H2 2023

No Data Found

Attack Techniques September H2 2023

No Data Found

Despite the overall level of activity remains quite high, the second cyber attack timeline of September 2023 shows a considerable decrease in terms of events compared to the first half of the same month. In the second half of September I collected 165 events, corresponding to 11 events/day, down from 215 of the first fortnight (14.33 events/day) and close to the values of August.

Ransomware continues to characterize the threat landscape, and consequently malware attacks lead the chart of the attack techniques with 35.2% (58 out of 165 events,) an important number that is however lower than 39.7% (83 out of 209 events) of the previous timeline. Instead the impact of vulnerabilities is in line with the previous period (17.57%, corresponding to 29 out of 165 events, vs 17.2% of the previous fortnight). And yes, there are still impacts of the massive MOVEit attack with new organizations disclosing breaches stemmed by the CVE-2023-34362 Vulnerability.

And even in this timeline we found several massive hacks against organizations operating in the fintech space, for example Mixin Network lost the equivalent of $200 million, making it the largest hack suffered in 2023 (so far). Other “minor” incidents include the loss of $7.9 million worth from crypto exchange HTX, and the loss of “only” $238,000 worth from Balancer.

And the list of mega breaches continued to grow also in the second half of September: McLaren HealthCare suffered an ALPHV/BlackCat ransomware attack compromising the information of 2.5 million individuals, and more than 2 million Pakistani citizens had their data compromised when attackers got access to a private company-made database used by hundreds of restaurants.

Threat actors driven by cyber espionage were quite active in this fortnight with multiple operations carried out by known attackers such as APT29, APT34, APT36, the Lazarus group, but also new mysterious threat actors such as Sandman, targeting telecommunication service providers in the Middle East, Western Europe, and South Asia. But this month the list is really too long to be summarized in a few words.

In terms of hacktivism: the pro-Russia hacktivists from NoName057(16) were particularly active against organizations in two countries in particular: Canada and Italy.

Of course, my suggestion is always the same: browse the timeline, and obviously share it to support my work in spreading the risk awareness across the community. And don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, or Mastodon for the latest updates.

Geo Map September H2 2023

No Data Found



Creating the timelines is a very time-consuming task.

Any little helps!


No Data Found

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.


No Data Found

  • Leaky Buckets in 2023

    Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...

  • Leaky Buckets: a List of Cloud Misconfigurations

    Cloud services are playing a crucial role to guarantee business continuity during this complicated period...

  • 2021 Cyber Attacks Statistics

    And finally I have aggregated all the data collected in 2021 from the cyber attacks timelines. In the past year I have collected 2539 events, meaning...

  • November 2023 MotivationsNovember 2023 Cyber Attacks Statistics

    November 2023 saw a rise to 39 events, with Cyber Crime remaining dominant at 78.7%. Cyber Espionage increased to 9.7%, while Hacktivism fell to 5.4%. Malware was the leading attack technique at 42.1%, and Multiple Organizations were the most targeted at 17.7%.

  • 2022 Cyber Attacks Statistics

    And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.