Motivations October H2 2023

No Data Found

Attack Techniques October H2 2023

No Data Found

In the second half of October 2023, I have collected 183 events (11.44 events per day,) a number slightly lower than the first fortnight of the same month, but a number which confirms the high level of activity that is characterizing this end of the year.

Ransomware continued to characterize the threat landscape (37 events were directly or indirectly related to this kind of attack,) and consequently malware attacks led the chart of the attack techniques with 34.4% (63 out of 183 events), a number in line with the previous two weeks. On the other hand, the exploitation of vulnerabilities characterized 15.3% of events, again a number in line with the previous period.

The fintech sector saw the execution of a massive operation targeting more than 25 victims worldwide, where the threat actors stole $4.4 million in cryptocurrency using private keys and passphrases stored in stolen LastPass databases.

No particular mega breaches were recorded in this period, despite I must point out that I added a massive one to the previous timeline, which was unearthed later, and it is the one targeting the Indian Council of Medical Research, with 815 million records leaked of Indian citizens who had Covid-19 tests.

Threat actors driven by cyber espionage were quite busy in exploiting the numerous vulnerabilities disclosed in this period (and not only.) For example several groups including Sandworm, APT28, and APT40 carried on operations exploiting the CVE-2023-38831 WinRAR vulnerability, whilst the North Korean Lazarus leveraged the CVE-2023-42793 vulnerability in TeamCity to breach multiple organizations, and also Winter Vivern targeted European governments and think tanks via the Roundcube CVE-2023-5631 flaw. Besides this widespread exploitation, other interesting events related to cyber espionage concern a report from the French Cyber Security Agency (ANSSI) revealing a long standing campaign by the Russian APT28 targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021.

But obviously the war in Middle East was also the trigger for multiple operations carried out by Hacktivists on both sides (including some well-known actors such as Killnet and Anonymous Sudan,) with Israel and other allied countries targeted by multiple attacks.

Of course, my suggestion is always the same: browse the timeline, and obviously share it to support my work in spreading the risk awareness across the community. And don’t forget to follow @paulsparrows on X (formerly Twitter,) or even connect on Linkedin, or Mastodon for the latest updates.

Geo Map October H2 2023

No Data Found



Creating the timelines is a very time-consuming task.

Any little helps!


No Data Found

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.


No Data Found

  • Leaky Buckets: a List of Cloud Misconfigurations

    Cloud services are playing a crucial role to guarantee business continuity during this complicated period...

  • 2021 Cyber Attacks Statistics

    And finally I have aggregated all the data collected in 2021 from the cyber attacks timelines. In the past year I have collected 2539 events, meaning...

  • Leaky Buckets in 2023

    Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...

  • November 2023 MotivationsNovember 2023 Cyber Attacks Statistics

    November 2023 saw a rise to 39 events, with Cyber Crime remaining dominant at 78.7%. Cyber Espionage increased to 9.7%, while Hacktivism fell to 5.4%. Malware was the leading attack technique at 42.1%, and Multiple Organizations were the most targeted at 17.7%.

  • 2022 Cyber Attacks Statistics

    And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.