Motivations November H1 2023

No Data Found

Attack Techniques November H1 2023

No Data Found

In the first half of November 2023, I collected 173 events (11.53 events per day), while confirming the high level of activity that characterized the end of 2023. this number revealed a slight decrease compared to the 188 events (11.75 events per day) of the previous timeline.

Ransomware continued to characterize the threat landscape (45 events were directly or indirectly related to this kind of attack, corresponding to 26%) and consequently malware attacks led the chart of the attack techniques with 38.2% (66 events,) considerably up from 34.4% of the second half of October. On the other hand, the exploitation of vulnerabilities characterized 15.6%, substantially in line with 15.3% of the previous two weeks.

In the fintech sector, Poloniex suffered a massive hack leading to the theft of $100 million worth of crypto assets. Onyx was also the victim of a hack, but in this case the bounty stolen by the attackers was “only” $2.1 million worth. Other interesting events included a new campaign by the North Korean Lazarus Group targeting blockchain engineers of a cryptocurrency exchange platform through a new malware strain named KandyKorn, and a new operation leading to the theft of $60 milion worth of cryptocurrency from 99,000 people in six months.

In terms of mega breaches, the aftermaths of the widespread exploitation of the MOVEit CVE-2023-34362 vulnerability continued, continued, and the State of Maine announced that its systems were breached exploiting the above flaw, allowing the threat actors to access personal information of about 1.3 million individuals, close to the state’s entire population.

And once again, confirming a trend that characerized 2023, threat actors driven by cyber espionage were quite busy in exploiting the numerous vulnerabilities disclosed in this period (and not only.) For example several groups including Winter Vivern exploited the CVE-2023-37580 Zimbra vulnerability, whilst APT29 continued to rely on the WinRAR CVE-2023-38831 vulnerability for their campaigns. Other threat actors busy in the same period involved the Iranian groups APT34 (a.k.a. OilRig) and Imperial Kitten, the North Korean APT38 (a.k.a. BlueNoroff,) and the pro-Palestine TA402 (a.ka. Molerats and Gaza Cybergang.)

And the war in Middle East continued to motivate multiple operations against organizations in Israel carried out by the Abnaa AlSaada and Soldiers of Solomon threat actors, but also a destructive attack by the threat actor Agonizing Serpens carried out via a wiper dubbed BiBi Wiper.

Of course, my suggestion is always the same: browse the timeline, and obviously share it to support my work in spreading the risk awareness across the community. And don’t forget to follow @paulsparrows on X (formerly Twitter,) or even connect on Linkedin, or Mastodon for the latest updates.

Geo Map November H1 2023

No Data Found



Creating the timelines is a very time-consuming task.

Any little helps!


No Data Found

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.


No Data Found

  • Leaky Buckets: a List of Cloud Misconfigurations

    Cloud services are playing a crucial role to guarantee business continuity during this complicated period...

  • 2021 Cyber Attacks Statistics

    And finally I have aggregated all the data collected in 2021 from the cyber attacks timelines. In the past year I have collected 2539 events, meaning...

  • Leaky Buckets in 2023

    Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...

  • November 2023 MotivationsNovember 2023 Cyber Attacks Statistics

    November 2023 saw a rise to 39 events, with Cyber Crime remaining dominant at 78.7%. Cyber Espionage increased to 9.7%, while Hacktivism fell to 5.4%. Malware was the leading attack technique at 42.1%, and Multiple Organizations were the most targeted at 17.7%.

  • 2020 Cyber Attacks Statistics

    As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.