Motivations December H1 2023

No Data Found

Attack Techniques December H1 2023

No Data Found

After several months of sustained activity, the first half of December 2023 saw an important decrease in the in the number of recorded events. In particular I collected 135 events that represent a sharp drop if compared to 207 of the previous timeline.

But even in a scenario with a lower number of events, ransomware continued to characterize the threat landscape (48 out of 135 events were directly or indirectly related to this kind of attack), corresponding to 35.5% of cases (it was 34.78% in the previous timeline, definitely a very value that continues to be quite high) a number that also reflect the high percentage of malware attacks (46.7%), slightly up from 45.9% of the second half of November. 

The exploitation of vulnerabilities played a part in 18 events, corresponding to 13.3% of events, up from 9.2% of the previous timeline, and in counter-tendency with the trend of the latest months.

There were several mega breaches, but some of them (such as Norton Healthcare) were already reported in previous timelines. The only one that was never disclosed before hit ESO Solutions, a provider of software products for healthcare organizations and fire departments, which had the data belonging to 2.7 million patients compromised as a result of a ransomware attack.

In the fintech sector, the only mega theft of crypto asset hit the decentralized exchange OKX, which fell victim after a private key belonging to the proxy admin owner was leaked, leading to total losses equivalent to approximately $2.7 million.

And unsurprisingly, another leitmotif, of the last few months, the complex geopolitical situation continued to affect the cyber espionage landscape, with threat actors from Russia (APT28, APT29, Callisto), North Korea (Lazarus and Andariel), and China, particularly active. The APT28 threat group especially, was busy in carrying out multiple global operations exploiting the CVE-2023-23397 Microsoft Outlook vulnerability and CVE-2023-38831 WinRAR vulnerability. There was also an unconfirmed news of an alleged cyber attack against the Sellafield nuclear waste and decommissioning site in the UK, from threat actors linked to Russia and China.

Last but not least, security researchers discovered also a new campaign by the pro-Hamas threat actor known as Gaza Cybergang, targeting Palestinian entities (and this was not the only event related to the war between Israel and Hamas).

This timeline is particularly long, so my suggestion is always the same: browse the timeline, and obviously share it to support my work in spreading the risk awareness across the community. And don’t forget to follow @paulsparrows on X (formerly Twitter,) or even connect on Linkedin, or Mastodon for the latest updates.

Geo Map December H1 2023

No Data Found



Creating the timelines is a very time-consuming task.

Any little helps!


No Data Found

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.


No Data Found

  • 2023 Stats Featrured Image2024 Cyber Attacks Statistics

    In 2023, there was a 35% increase in cyber attacks to 4,128 events, with the MOVEit CVE-2023-34362 vulnerability being heavily exploited. Cybercrime dominated as the main motivation at 79%, while malware led attack techniques with 35.9%. Healthcare remained a top target for ransomware. The data ...

  • computer program language text1-15 February 2024 Cyber Attacks Timeline

    In the cyber attacks timeline of February H1 2024, I collected 139 events dominated by malware attacks. Ransomware and vulnerabilities also played an important role in the threat landscape.

  • January 2024 Cyber Attacks Statistics

    In January 2024 I collected 288 events, with Cyber Crime continuing to lead the motivations, and ransomware leading the known attack techniques, ahead of Malware.

  • Q4 2023 Featured ImageQ4 2023 Cyber Attacks Statistics

    In Q4 2023, cyber attack events decreased by 7.1% to 1029 compared to the previous quarter. Cybercrime remains the primary motive, although slightly reduced, while malware tops attack techniques, increasing from the last quarter. Multiple industries and healthcare are the most targeted sectors. These statistics ...

  • 2018: A Year of Cyber Attacks

    Finally I can summarize all the events and statistics collected in 2018, quite a complicated year from an infosec perspective. For those of you that keep asking...


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.